15 Jun FIC 2022: A turn for the ECA!
“I was impressed that from all the different people we talked to and all their different approaches and solutions, all are united in the wish for a stronger European offer in products, community, and lobbying”, says this young lawyer met at the exit door of the FIC.
This June 2022 session of the International Cybersecurity Forum in Lille, France, had a European fragrance. Take the workshop (*) organized by the ECA on “where does the European Cybersecurity industry stand?”. Many nationalities attended, including France, Germany, the Netherlands, Luxemburg, and Switzerland. We discussed some key ideas:
- Yes, the Cybersecurity industry is mature, its products are serious and are on an equal footing with those designed by US vendors, support capability and customer care are efficient ;
- Moreover, European Cybersecurity solutions respect regulations about data. They do not unnecessarily capture customers’ data and, it’s worth repeating it, they don’t resell these data as happens alas in some other models.
- As the international crisis shows, Cybersecurity is part of our sovereignty, mirroring the fact that cyber-attacks are becoming an element of warfare.
So what is the « missing brick »? Why are so many buyers still leaning to purchase US Cyber solutions as a sort of reflex, even though, said our speakers, more customers pay now more attention to where their solution comes from and what outage possibility it can include?
The answer can be multiple:
- absence of a common set of certifications valid at a European scale (but such an embarrassing situation is slated to come to an end now)
- European vendors have less money, less marketing long arm, less lobbying capabilities, and sometimes, they don’t sell as well as their US competitors.
- US Cyber products are seen as part of an ecosystem whose other components are Cloud provision and software, they are somewhat borne by it
- finally, culture and strategy: where US vendors’ DNA is shooting for the sky, many European vendors are just about to start the journey to become a worldwide leader.
These considerations provide a work frame for the next months. The ECA will organize a set of actions to help companies ambitionning to act as leaders to do so successfully.
We will rely on some findings put forward during our workshop exchanges:
- Attention should be paid to where is code developed and under what governance – and, as code is less and less written on a white sheet, what about precautions in choosing external components?
- Is the solution Cloud Act immune? Moreover, so far, all European actors have de facto let their data move to the USA, it’s time to make an effort regarding data including those mobilized for cybersecurity reasons!
- A good Cybersecurity solution should anticipate a new generation of attacks. In the context of the conflict started by Russia against Ukrainian, you can see for instance brute force Cyber-attacks, named Vipers, which simply aim at destroying data and disrupting infrastructure. This will not quiet down soon.
- What about labels? We all know that the best-known evaluation systems are biased, as they primarily consider US products. In Europe, we have some « made here » labels, but customers are reluctant to rely on them as they are mostly based on self-declaration than a common set of rules. Shouldn’t it be a goal to build a European, unbiased, evaluation system? Of course a long-haul target and a step-by-step process. But probably time to begin by listing the evaluation criteria, among which what should be the part of classical « ISO type » ones, such as incident management or customer satisfaction review?
- Help develops a climate favorable to innovation: in the USA, this is partly a result of the constant pressure on merging and acquisitions, also partly due to the impact of public orders. To balance this in Europe these days, two levers should be considered:
- 1) Public sector responsibility: innovative vendors need orders no subsidies! We need to develop more Private-Public Partnerships in Cyber, for example, the Paris Cyber Campus, which is a good example of the development of cybercentric clusters.
- 2) Community effort: Cyber users (CISOs) have their organizations, and vendors do too, isn’t it time to confront their views more systematically, and do this on a European scale?
As a final word, let’s quote one of our speakers, Luc d’Urso: “We certainly don’t dream of a closed Europe, we simply want to rebalance the exchanges, with the best impact on innovation. In our domain, technology moves fast, no dominance is carved in iron, «the war is not over»!”
(*) warmest thanks to our incredible speakers: Ingrid Söllner (Tetris), Luc d’Urso (Atempo), Joep Gommers (EclecticIQ), Fabien Gainier (Campus Cyber), Eric Singer (Schneider Electric & CESIN), Mathieu Bailly (CYSEC)
Written by: Dominique Tessier & Andrea Vaugan / firstname.lastname@example.org & email@example.com