Your digital "Home of IT Security"
365 days a year: solutions, knowledge and networking.
Find and offer innovative IT security solutions, take part in our diverse action program and make and maintain contacts.
Become part of the it-sa 365 community!
Make an appointment with
So that you can make an appointment, the calendar will open in a new tab on the personal profile of your contact person.
Create an onsite appointment with
So that you can make an onsite appointment, the appointment request will open in a new tab.
ECSO Secretary General Rebuffi characterises the EU’s cyber security plans as “the bricks without the house” and bemoans the lack of EU-wide strategies and standards.
Luigi Rebuffi, Secretary General of the European Cyber Security Organisation (ECSO), doesn’t mince his words when it comes to the lack of a grand plan at EU level: “There is no pan-European IT security strategy,” he says during the press conference at the opening of the first it-sa since the start of the Covid-19 crisis. In an interview during the event, he clarifies his position thus: “The EU strategy consists of a lot of bricks, but it doesn't build a house,” adding: “What’s needed in the EU is a shared vision.” And that also includes the corresponding financial framework. “The EU Commission’s budget for cyber security projects for the next seven years is a mere €2.5 billion,” Rebuffi laments. The investment volume was much higher in the USA, and “even Israel is investing more in this area than the EU,” says the Secretary General.
Rebuffi attributes the lack of a common overall strategy primarily to the different political interests of the various member states. “For example, German is already dealing with security issues in conjunction with Industry 4.0, while in some other countries there isn't the same sensitivity to IT security,” the ECSO chief points out. He cites as an example some Eastern European countries, “which have a lot of security firms but little awareness of the need to invest at an overarching level,” he bemoans. Although it was precisely these countries that had a lot of talent at their disposal.
IT security needs to be a top priority
Rebuffi is Secretary General of ECSO, which he co-founded in 2016 and which is run as a public private partnership. The native Italian is well acquainted with Germany, as this is where he completed his doctorate and worked as a nuclear researcher. Before launching ECSO, he spent six years as an advisor to the European Commission for the EU’s research programmes on IT security. As a result, he also knows his way around at the European level when it comes to IT security. ECSO was established as a counterpart to and point of contact for the EU Commission, to promote cyber security in the form of public private partnerships, he explains.
“A lot of different organisations are members of ECSO, from large companies, universities and research centres to public institutions from EU member states,” says Rebuffi, explaining that initially, ECSO’s focus was on research projects. “But we are about more than that now; for example, we are working on the development of the European ecosystem or the creation of EU-wide standards,” he adds. However, the diversity within the EU member states didn’t exactly make it easy to create a single market, as every country has its own prescriptions. “Europe has more than 300 regions that have developed very differently and have different expectations,” says Rebuffi. Because of the very disparate industrial and economic development stages in the various countries, they naturally also accorded different priorities to IT security. These differences were even reflected in different sectors; for example, many hospitals were falling behind in this area.
Getting more women involved
To realise its goals, ECSO has established various working groups, including one for education and training matters. In this context, the shortage of skilled professionals was a factor, as were problems caused by diverse levels of education. “Education and training are national issues, and all Brussels can do is propose various directives,” Rebuffi laments, which made joint projects more difficult.
“We are specifically supporting women who want to get involved in IT security,” he says. Women often had a different approach that could be extremely helpful. However, he was not advocating for women to simply go and study computing. “In cyber security we don’t just need geeks, mathematicians or computer scientists, we also need female lawyers, political scientists, communications experts or psychologists, for example,” he adds, stressing: “We urgently need the latter in the cyber security field in particular.” This could open doors, and men would benefit as well. But female teachers were also important if you wanted to design and shape relevant training programmes.
He is therefore planning a “European Cybersecurity Academy for Women” for next year. Although this project is still in the discovery phase, it is particularly important to Rebuffi. Hardly surprising, given that in 2019 he established the Women4Cyber initiative to promote the participation of women in the cyber security field.
Author: Uwe Sievers
