How to create understanding of necessity of cybersecurity among leaders of European countries?
– Very important is to present actual examples of how the cyber attacks can influence not only our economy but our democracy as well. We have been experiencing number of cyber attacks on state own as well as private companies. You in Ukraine have your own experiences with attempts to hack the nuclear power grid in 2015. Also Europe, especially Germany, had to face several attacks on its energetic sector. Even more important are, nevertheless, cybernetic operations aiming at our democratic processes. We have already witnessed disinformation campaigns against referendums, such as Brexit in the UK or Association agreement with Ukraine in Netherlands. Also operations trying to swing the votes during elections are becoming the new normal
Which sources and types of threats you see in cybersphere?
– I can see several types of threats we can face in a cyberspace nowadays and how harmful they can be depends to a significant degree on how good protected our systems are. The key is always the data. There is a ransomware which was used in the NotPetya attacks as well, where the the data are encrypted which makes a lot of computers unavailable. There is a theft of personal data as well which can be then misused in many ways, where blackmailing is still one of the least problematic. You can also change the data to get a different result. If parts of your crucial infrastructure are mainly IT controlled than hacking into a system and changing how it operates can costs thousands of lives. And last but definitely not least, you have the social sphere of cyber threats such a disinformation media, hostile campaigns, bot accounts and internet trolls.
Do authorities in Czech Republic detect the sources of this threats or players, who can conduct such attacks?
– The very basic of internet cyber warfare is that the attribution of any activity is very hard to identify. One of the first thing the hacker will do is to hack another computer, so from this hacked computer he can start attack, he will not do this from his own laptop. NotPetya has started from some accounting company in Kyiv, who has no idea of that their servers are used for attack. So this is the way the hackers can hide their traces. To commit a cybercrime you need a lot of authority, it’s not an easy task.
Does Europe actually have success in creating safe and secure cyber space?
– I would say yes. First of all, NATO recognizes the cyber as a war domain, same as land, air, sea and space. Once you recognize the problem you can make further steps. On the level of governments it is already a standard, that each country has its own CERT, Czech Republic has it and Ukraine too. You can hire best experts and leave them there, because they know what to do.
Also, a new legislation which will adapt to the new warfare needs to be created and implemented. Systems and crucial infrastructure must be protected accordingly. That is the current biggest challenge governments are facing everywhere. Czech Republic can serve as an example to follow in this area. We established our own Center for terrorism and hybrid threats which focuses mainly on tackling the above mentioned cyber threats. Also our IT experts from National office of cybernetic security has one of the top experts annually winning the most prestigious international security trainings such as LockShield in Estonia. That’s why I’m promoting collaboration in format of Vysegrad 4, cause they could share their experience.
Can you provide more details about Czech approach to cybersecurity?
– New legislation on cyber security has been implemented in 2016.. It strengthens mandate of to National Cyber and Information security agency. They are authorized to execute screenings of different ministries and organizations to help them optimalize their security capabilities.That’s how we created special environment to deal with cybersecurity, we have guidelines for that.
What is public opinion on such activities?
– Cybersecurity itself is not a problem. Basically everyone appreciate those steps. But I would say that not all people have enough information. So that’s why it is so necessary for the government to educate the people, to promote key principles of security among institutions, not only on state level. How to behave on Internet, how not to get influenced by hostile propaganda.. Where might be some kind of split in the society is the security of information, the privacy. Actually, this not always the issue of cybersecurity, it’s a part of information war. But since we have the freedom of speech, it is important to keep this values. On the other hand the security services want to have all the access to all the information.
Which steps can be useful to improve security?
– All stakeholders on the domestic as well as international level need to understand how important the topic of cyber security is and make it ist priority. An expert consultant teams should be established and the politicians should act on their advices. We need to give it a concrete form make cyber security more understandable, measurable even. Companies of critical infrastructure must be responsible for their defense and readiness. The consequences of non functioning organization in today’s dynamic world can be devastating.
The international regulation of cyberspace. Can it be effective?
– Definitely, the international community must agree that cyberwarfare must be prohibited. It’s number one priority. The real cooperation between state leaders will easily identify the sources of activities. And that can be the way to solve the problem. Because, you may prohibit it, but you can’t stop it.
Are there some activities between Czech Republic and Ukraine in cybersecurity field?
– We need to strengthen our cooperation among others on the basis of know-how sharing. Ukraine has significant experience in this field. It has become a cyber battlefield, where Russians try its new cyberweapons. Once tested, Kremlin spreads it worldwide. That is why helping Ukraine should be be European priority, we are actually helping ourselves by doing so. Cyber security will be the number one topic for future EU-Ukraine cooperation.
Jan Lipavský was born in 1985. He studied international relations at the Charles University in Prague and at the University of Kent in the UK. Prior to entering politics, he developed a career in the private sector in managerial positions in the field of information technology in banking and marketing. He is a member of the Pirate Party since 2015. In the autumn of 2017 was elected as the member of House of Commons of the Parliament of the Czech Republic from the Prague district. He focuses primarily on security and foreign policy. He is also a member of the parliamentary committee on defence and committee on foreign affairs. Among his areas of interests belong digitalization and cyber security, countering hostile propaganda and disinformation, screening of foreign investments, foreign missions and the EU Eastern Neighbourhood initiative. Among others, he is working on implementation of a law protecting the strategic sectors of the Czech economy from the loss of sensitive data and knowhow. He also oversees the activities of Czech intelligence services and defends their independence.