Starting over with the internet is hardly feasible, but Cerf addresses an issue that many of us are now uncomfortably aware of: we haven’t taken the internet’s security aspect seriously enough.
Let's say, for example, that one registers a domain name or an IP (internet protocol) address as Mickey Mouse, Main Street, Disneyland. This light-hearted example quickly loses its frivolity when we discover that almost 50% of the applicant data for the top five generic domains – .com, .org, .net, .info and .biz – shows false or incomplete identity information. This makes it extremely difficult, if not impossible, for law enforcement authorities to trace abuse of internet resources.
Equally worrying is the fact that anyone can now illegally purchase obtained information like credit card details from websites for as little as one euro per card. As it becomes increasingly difficult for anyone to prevent sensitive or personal information from being stored on the internet, we are all becoming vulnerable to these attacks.
Yet there are some who still insist that threats from cyber-space are exaggerated, and that with faith in technological advances and a little patience our security concerns will fade. I disagree; this is a battle we may not win. If we are to keep an open and secure internet we have to act now.
The main bulk of responsibility for this lies with member states and with industry. But the European Commission also has a role to play, and it’s one we take very seriously. Enhancing cyber security and tackling cyber-crime has been one of our top priorities since February 2010, as has been highlighted in the Internal Security Strategy. And much has been done both through harmonising legislation and also through practical actions.
But instead of focusing on what’s already been done, we need to look ahead to see what’s still to do. First, and to my mind foremost, is making all necessary preparations for the establishment in early 2013 of a European Cyber-crime Centre as the focal point for Europe's fight against cyber-crime. We are currently working on a proposal that covers the key objectives and logistics for the centre, and once finished this will be discussed with member states and industry. But as the old saying goes: "you only get out what you put in," so the centre will only be able to fulfil its potential through effective information sharing with partners.
Also lined up for this year is an overarching EU cyber-space strategy, to be developed by me and my colleagues Neelie Kroes and Cathy Ashton. It will aim to increase the impact of our actions, and above all to co-ordinate our activities more effectively. Links should be created between the cyber-crime centre and member states’ law enforcement authorities, and between different computer emergency response teams (CERTs). Through this, we will also improve co-operation between our two key agencies, Europol and ENISA.
But even if we step up our efforts in Europe, this will not be enough in terms of the global scale of the problem. And this is where co-operation with our strategic partners is crucial. The EU-U.S. working group on cyber security and cyber-crime, set up following the November 2010 summit, and re-mandated in the 2011 summit, is a prime example of the type of co-operation we need.
The working group can be proud of its successes to date. It has successfully delivered results in everything from combating child pornography – where we have identified new technical solutions – to the first-ever test of transatlantic responses to cyber-attacks, an exercise that was held at the end of last year.
It is clear that much has been done in this field. But more remains to be done, such as making it more difficult for "Donald Duck" to register a domain name and improving operational co-operation in the fight against cyber-crime. This year the Commission will be busy working on all the plans I’ve mentioned, but wider support will be needed to ensure that these come to fruition. That’s why governments, organisations and industry need to put cyber security and cyber-crime higher on their agendas. And let's agree on one thing: more action is needed on all fronts.