The EU regulation 2021/887 passed on 20 May 2021 mandated the creation of the European Cybersecurity Competence Centre. We spoke to their Executive Director Luca Tagliaretti, who is also a speaker at the forthcoming Luxembourg Internet Days event, (Nov 19-20) focusing on “Connectivity, DDoS and Resilience”.

What are the most common types of attacks and where are these attacks coming from?

Recent statistics from ENISA indicate that Ransomware is the number one type of attack followed by Malware and Phishing, the latter especially boosted by the development of AI tools.

Further analysis suggests that as more individuals and companies move their data online, this will become an ever-bigger target for hackers.

The Issue of attribution is complex as it is not easy to find where the attacks are coming from, however there is certainly an increase in state sponsored attacks. The currently unsettled geopolitical situations around the world will continue to increase this. These actions are dangerous for the stability of the European Union and our digital market, and this is where we need to focus our efforts and investments in the future.

The protection of hospitals and the health sector is a key focus where the European Commission wants to invest in 2025. With just one attack a hacker can penetrate millions of data files, such as payrolls, patient data and booking systems. In the big picture health is a “soft spot” and hackers know this. This sector tends to patch new tech on to old infrastructure, thus making it more vulnerable compared with new infrastructure. I am sure you would agree that we all need our hospitals to perform effectively. The President elected of the EU Commission, M. von der Leyen, pledge to have a plan for protecting the health sector in early 2025 and in line with this priority the ECCC will make funds available for these projects. Currently we estimated that around 10% of the budget for the next year could be allocated to this sector.

Luxembourg is small! Do you think that our financial sector makes us a target or are we under the radar?

For sure hackers know about you! The financial sector is the third most targeted sector for attacks following Government agencies and the transportation sector. Attacks to the financial institutions are around 9% of all attacks. On the plus side, financial systems are very integrated and therefore no one country is more of a target than another. The Luxembourg government is very active on this front and has taken significant steps to protect its financial sector. In addition, the banking and financial sector are more conscious of this risk and therefore has more layers of security than many other sectors.

Cybercrime is not new. Why did the European Commission feel it was necessary to create a competence centre in 2021 and how do you fit into the wider European ecosystem?

Many people ask us this! On the one hand we are here to help member states and companies to implement European regulations such as cyber resilience act, and DORA etc. On the other we exist to support companies to reach a consistent level of know-how, to help wider society to be ready for this implementation and to support European research in the global cybersecurity market.

When deciding how to address this issue, the co-legislators could have centralised the work but with cybersecurity they decided to decentralise the work and create an agency to work transversally across all members states, the commission and the wider community.

We are happy to be coming to Luxembourg for the conference in November as we are committed to meet with companies and the community to explain how we can help and what funding opportunities are available for the private sector.

There is some discussion in the media that AI will provide unbeatable security solutions. Is this the end of the story?

I am a techno optimist, and I believe AI will create a lot more opportunity than risks. Regarding cybersecurity it is still too early to understand how AI will really impact us in the long run. In our research we focus on the two sides of the coin. How can we use it to make it ourselves more secure” and “How can we secure our AI?”.  The very data that the model is based on also must be protected. This is a very important subject and it’s one of the top priorities for the ECCC. We expect to reserve a significant part of our 325 million budget for the next 3 years (around 20%) on AI.

A key part of your role is enabling funding for the private sector to address these challenges, what calls for tenders do you have coming up?

We have regular calls and offers for projects. As a guide we provide 50 to 75% of the investment into new projects meaning that applicants will need to also provide additional funding. Where possible we focus on funding SME’s and there is also a funding mechanism for member states for micro-companies.

effective when several SME’s agree to collaborate together. Often for complex projects, stakeholders get together to form consortia as these are more effective than individual applications. We have one call open at the moment that will close in mid-January 2025 for around 100m Euro. To find out more information please go to our site or that of the commission.

To understand more about how the ECCC is making a positive difference to the cyber security ecosystem and hear real case stories of how SMEs can get involved, join his presentation on Nov 19 at the Luxembourg Internet Days event, (Nov 19-20).  This is also one of the leading days in the Luxemburg tech calendar where you can meet several government ministries and large and small Tech players, all under one roof.

Frédérique Ulrich, the organizer of the event and Director of LU-CIX ASBL commented; “The Luxembourg Internet Days event is a privileged moment for exchanges between professionals from all sectors on the security and resilience issues that arise but also, and above all, on the solutions at their disposal.”

Reference:

https://www.ibm.com/reports/data-breach

https://europa.eu/eurobarometer/surveys/detail/3176