EU uncorks €1.8bn in cybersecurity investment. Thirsty, UK?

Will Blighty get ours? Probably

The EU Commission has launched a public-private partnership on cybersecurity that is expected to trigger €1.8bn ($2bn) of investment by 2020. The EU is promising to invest €450m ($502m) in a bid to spur innovation in cybersecurity with the remainder coming from the private sector.

Some security commentators reckon the Brexit vote means that British organisations are set to lose out on the benefits of this investment. However given the uncertain political climate in the UK - which remains a full member of the EU for a t least two years and possibly longer - a UK lockout is far from definite.

Kevin Bocek, chief security strategist at Venafi, commented: “It’s good to see the EU increasing funding and making cybersecurity a top priority and sad that, due to Brexit, UK universities and businesses will miss out on this investment.”

More broadly, Bocek expressed concerns about whether or not the investment will be going to the right place. “One of the key areas identified that the public/private partnership will focus on is ‘securing identities online’ – however, I think beyond this they need to recognise the need to secure identities of machines, software, devices and the foundation internet itself, not just people,” Bocek explained.

According to a recent survey by management consultants PricewaterhouseCoopers, at least 80 per cent of European companies have experienced at least one cybersecurity incident over the last year. The number of security incidents across all industries worldwide rose by 38 per cent in 2015. The EU uncontroversially asserts that cybersecurity issues damage trust in e-commerce. Security risks to infrastructure providers in energy distribution, banking and health also pose a growing risk.

As part of its Digital Single Market strategy, the Commission wants to “reinforce cooperation across borders, and between all actors and sectors active in cybersecurity, and to help develop innovative and secure technologies, products and services throughout the EU”.

The EU strategy (announced Tuesday) involves the launch of the first European public private partnership on cybersecurity. The EU will invest €450m (£384m) in this partnership, under its research and innovation programme Horizon 2020. Cybersecurity firms, represented by the European Cyber Security Organisation (ECSO), are expected to invest three times more. The partnership will also include members from national, regional and local public administrations, research centres and universities. The partnership is designed to foster cooperation at early stages of cybersecurity research and development. Ii’s hoped the program will yield infosec products and services to cater to the energy, health, transport and finance sectors. in particular.

The UK’s Cyber Security Strategy is based on a similar assessment of risks but is pitched more towards protecting critical infrastructure systems than is apparent from the EU blueprint. The UK also wants to encourage cyber-security startups but this aspect of the strategy only gets a supporting role whereas for the EU it gets star billing. Last year UK Chancellor George Osborne announced plans to double investment in protecting “Britain from cyber attack and develop our sovereign capabilities in cyberspace”. with a budget totalling £1.9 billion over five years.

Part of the spending increase will go towards previously announced plans to hire 1,900 more staff at GCHQ. GCHQ director Robert Hannigan said last year that private industry wasn't doing enough to improve cyber-security.

Earlier this year, the outgoing Obama administration proposed increasing federal cyber-security spending by $5bn, or around a third, in the hope of reaching $19bn in 2017.

Jeux sans frontières

The Commission is also seeking to tackle the fragmentation of the EU cybersecurity market. Vendors currently need to undergo different certification processes to sell its products and services in several Member States. The Commission is considering plans to develop a possible European certification framework for ICT security products.

Eurocrats wants to ease access to finance for smaller businesses working in the field of cybersecurity, perhaps with an eye to emulating the success of cyber-security startups in Israel, where close co-operation between government and private industry is the norm.

Finally the EU Commission is bringing forwards its evolution of the long established European Union Agency for Network and Information Security (ENISA).This review will assess whether “ENISA's mandate and capabilities remain adequate to achieve its mission of supporting EU Member States in boosting their own cyber resilience”. The Commission also plans to look into how to improve cybersecurity cooperation across different sectors of the economy, including in cybersecurity training and education.

“This is good news and a welcome move by the Commission,” independent infosec consultant Brian Honan, the founder and head of Ireland’s CERT, told El Reg. “It demonstrates a concrete and sizeable support in making cyberspace in Europe more secure.”

“While the NIS [Network and Information Security] and the GDPR [ General Data Protection Regulation] puts the focus on cybersecurity from a legislative point of view, this type of investment and support provides industry with a strong incentive in relation to security,” he added. ®

Similar topics

Broader topics

Other stories you might like

  • $6b mega contract electronics vendor Sanmina jumps into zero trust
    Company was an early adopter of Google Cloud, which led to a search for a new security architecture

    Matt Ramberg is the vice president of information security at Sanmina, a sprawling electronics manufacturer with close to 60 facilities in 20 countries on six continents and some 35,000 employees spread across the world.

    Like most enterprises, Sanmina, a big name in contract manufacturing, is also adapting to a new IT environment. The 42-year-old Fortune 500 company, with fiscal year 2021 revenue of more than $6.76 billion, was an early and enthusiastic adopter of the cloud, taking its first step into Google Cloud in 2009.

    With manufacturing sites around the globe, it also is seeing its technology demands stretch out to the edge.

    Continue reading
  • IBM buys Randori to address multicloud security messes
    Big Blue joins the hot market for infosec investment

    RSA Conference IBM has expanded its extensive cybersecurity portfolio by acquiring Randori – a four-year-old startup that specializes in helping enterprises manage their attack surface by identifying and prioritizing their external-facing on-premises and cloud assets.

    Big Blue announced the Randori buy on the first day of the 2022 RSA Conference on Monday. Its plan is to give the computing behemoth's customers a tool to manage their security posture by looking at their infrastructure from a threat actor's point-of-view – a position IBM hopes will allow users to identify unseen weaknesses.

    IBM intends to integrate Randori's software with its QRadar extended detection and response (XDR) capabilities to provide real-time attack surface insights for tasks including threat hunting and incident response. That approach will reduce the quantity of manual work needed for monitoring new applications and to quickly address emerging threats, according to IBM.

    Continue reading
  • Israel plans ‘Cyber-Dome’ to defeat digital attacks from Iran and others
    Already has 'Iron Dome' – does it need another hero?

    The new head of Israel's National Cyber Directorate (INCD) has announced the nation intends to build a "Cyber-Dome" – a national defense system to fend off digital attacks.

    Gaby Portnoy, director general of INCD, revealed plans for Cyber-Dome on Tuesday, delivering his first public speech since his appointment to the role in February. Portnoy is a 31-year veteran of the Israeli Defense Forces, which he exited as a brigadier general after also serving as head of operations for the Intelligence Corps, and leading visual intelligence team Unit 9900.

    "The Cyber-Dome will elevate national cyber security by implementing new mechanisms in the national cyber perimeter, reducing the harm from cyber attacks at scale," Portnoy told a conference in Tel Aviv. "The Cyber-Dome will also provide tools and services to elevate the protection of the national assets as a whole. The Dome is a new big data, AI, overall approach to proactive defense. It will synchronize nation-level real-time detection, analysis, and mitigation of threats."

    Continue reading
  • Israeli air raid sirens triggered in possible cyberattack
    Source remains unclear, plenty suspect Iran

    Air raid sirens sounded for over an hour in parts of Jerusalem and southern Israel on Sunday evening – but bombs never fell, leading some to blame Iran for compromising the alarms. 

    While the perpetrator remains unclear, Israel's National Cyber Directorate did say in a tweet that it suspected a cyberattack because the air raid sirens activated were municipality-owned public address systems, not Israel Defense Force alarms as originally believed. Sirens also sounded in the Red Sea port town of Eilat. 

    Netizens on social media and Israeli news sites pointed the finger at Iran, though a diplomatic source interviewed by the Jerusalem Post said there was no certainty Tehran was behind the attack. The source also said Israel faces cyberattacks regularly, and downplayed the significance of the incident. 

    Continue reading
  • There are 24.6 billion pairs of credentials for sale on dark web
    Plus: Citrix ASM has some really bad bugs, and more

    In brief More than half of the 24.6 billion stolen credential pairs available for sale on the dark web were exposed in the past year, the Digital Shadows Research Team has found.

    Data recorded from last year reflected a 64 percent increase over 2020's total (Digital Shadows publishes the data every two years), which is a significant slowdown compared to the two years preceding 2020. Between 2018 and the year the pandemic broke out, the number of credentials for sale shot up by 300 percent, the report said. 

    Of the 24.6 billion credentials for sale, 6.7 billion of the pairs are unique, an increase of 1.7 billion over two years. This represents a 34 percent increase from 2020.

    Continue reading
  • OMIGOD: Cloud providers still using secret middleware
    All the news you may have missed from RSA this week

    RSA Conference in brief Researchers from Wiz, who previously found a series of four serious flaws in Azure's Open Management Infrastructure (OMI) agent dubbed "OMIGOD," presented some related news at RSA: Pretty much every cloud provider is installing similar software "without customer's awareness or explicit consent."

    In a blog post accompanying the presentation, Wiz's Nir Ohfeld and Shir Tamari say that the agents are middleware that bridge customer VMs and the provider's other managed services. The agents are necessary to enable advanced VM features like log collection, automatic updating and configuration syncing, but they also add new potential attack surfaces that, because customers don't know about them, can't be defended against.

    In the case of OMIGOD, that included a bug with a 9.8/10 CVSS score that would let an attacker escalate to root and remotely execute code. Microsoft patched the vulnerabilities, but most had to be applied manually.

    Continue reading
  • Symbiote Linux malware spotted – and infections are 'very hard to detect'
    Performing live forensics on hijacked machine may not turn anything up, warn researchers

    Intezer security researcher Joakim Kennedy and the BlackBerry Threat Research and Intelligence Team have analyzed an unusual piece of Linux malware they say is unlike most seen before - it isn't a standalone executable file.

    Dubbed Symbiote, the badware instead hijacks the environment variable (LD_PRELOAD) the dynamic linker uses to load a shared object library and soon infects every single running process.

    The Intezer/BlackBerry team discovered Symbiote in November 2021, and said it appeared to have been written to target financial institutions in Latin America. Analysis of the Symbiote malware and its behavior suggest it may have been developed in Brazil. 

    Continue reading

Biting the hand that feeds IT © 1998–2022