China, EU should team up on internet security

Did Russian government hackers influence the outcome of the presidential election in the United States? Or are the allegations just another urban legend, launched by Americans unhappy with the outcome? There will probably never be certainty.

What is certain, however, is that the internet is much more vulnerable than we used to think. Cybersecurity is rightly one of key topics for discussion at the Internet Global Forum, the annual get-together of all internet stakeholders, in Guadalajara, Mexico.

Cybersecurity is a global issue; it requires a global response. In the early 2000s, the European Union set up a specialized agency to promote common approaches and to exchange best practices in the EU - the European Union Agency for Network and Information Security, or ENISA.

The ENISA worked closely with the governments of EU member states and the private sector to deliver advice and solutions. For example, it hosted the pan-European Cyber Europe Security Exercises in 2010, 2012 and 2014. It also advocated the development of national cybersecurity strategies, which are now mandatory in the EU under the recent Network and Information Security Directive. In parallel, ENISA developed a methodology to identify critical communication networks, links and components - dependencies on communication networks of critical infrastructure, such as electrical grids.

ENISA disseminates its cybersecurity expertise through studies. For example, it published a study on secure cloud services, addressing data protection issues, privacy enhancing technologies and privacy on emerging technologies, electronic identity cards and trust services, and identifying the threat landscape.

Another example is the report Communication Network Interdependencies in Smart Grids, which was published in January. It's mainly directed at smart grid operators, manufactures and vendors, as well as tool providers.

The mandate of the ENISA will lapse in June 2020 and the EU is reflecting on its future mandate. Most of the reflection is focused on ENISA's future tasks, now that the network of national computer security incident response teams is in place. Insufficient attention was given to the possibility of widening the geographic scope of its mission, in view of the global nature of internet security.

At the Trust Tech event in Cannes, the China Information Technology Industry Federation, or CITIF, highlighted the urgent need to establish a professional and perfect information security personnel training mechanism in China. The federation also bemoaned the fact that China's information security awareness lagged behind the world average, and that very few countries purchase information security services.

The Chinese government pledged to make network and information security a national strategy and has already introduced a series of policies and taken other steps to strengthen information security and promote the development of an information security industry.

But why do it all alone? Why not make use of the re-evaluation of the ENISA to transform it into a Chinese-European agency for network and information security, or CENISA? The legal basis of ENISA could evolve from an EU regulation to an international agreement between the European Union and China, which could eventually be joined by other countries, for example the UK after its exit from the EU.

The new body would build on the current practice and expertise of ENISA to promote network security through:

Recommendations;

Activities that support policy-making and implementation, such as exchanging best practices and coordinating global security exercises;

Hands-on work, where CENISA would collaborate directly with operational teams in China and the EU.

Such reforms would be only first steps toward greater internet security, but would confirm the commitment of the EU and China to work together for a more secure internet.

The author is president of ChinaEU, a business-led association that aims to strengthen joint research and business collaboration and investment in internet, telecommunications and high-tech between China and Europe. The views do not necessarily reflect those of China Daily.