False sense of security is one of the biggest threats – says Aleksander P. Czarnowski, leader of the Security and Certification Subgroup at the Ministry of Digitization. In an interview with the DGP Studio, the expert presented the risks associated with the Internet of Things and explained what actions should be taken to reduce them.
Czarnowski reminds that data is a currency as well as a political tool. Billions of devices collect information about us, and at the same time increasingly control the material world, the objects that surround us. In this context, securing the network is securing data, but also a chance to avoid unauthorized taking control of objects that surround us.
There is no such thing as 100% security – believes Aleksander Czarnowski and explains that you can imagine such an IT system, but it would have to be completely separated, which would undermine its usefulness. The response to threats is to be a certification scheme for devices approved for the network. It must be adequate to the threats and the size of the entities on which the obligations are to be imposed. The expert pointed out that often small entities or those that are starting their business cannot allocate large funds to cybersecurity. He also emphasizes that security should be comfortable.
Aleksander Czarnowski estimates that we are no longer able to stop the development of the Internet of Things and drew attention to individual responsibility and education in the field of cybersecurity. We will always be able to do something stupid as humans, which the system, even with artificial intelligence, did not foresee or has not yet learned.
At the same time, a representative of the ministry notes that it is difficult to blame people when threats are new and there is no proper education.
The EU Cybersecurity Act is a direct response to the risks posed by the transition to industry 4.0. It forces member countries to implement standardized certification provisions for services and equipment that are to be the basic element of company cybersecurity systems. On the one hand, unified EU certificates are supposed to guarantee that a given product meets strict safety standards, on the other hand, they reduce the costs of running a company, as entities operating in several member states will not have to invest in certification on several markets.
The new guidelines will be given to the European Network and Information Security Agency, which will be transformed into an independent scientific center dealing with the promotion of cybersecurity solutions. Her tasks will include supervision related to the implementation of a coherent certification policy of the member countries.
Preparing to fight the threats related to cybercrime include The Ministry of National Defense, which plans to establish a cyberspace defense command by 2022. The new unit will be responsible for creating a military formation specialized in monitoring cyberspace security.
According to analysts from Grand View Research, the value of the global cybersecurity market in 2018 was USD 116.5 billion. It is expected that by 2025 it will rise to over USD 241 billion, with an average annual growth rate of 11%.