What is NBIP and how have you been contributing so far to the IPCEI-CIS?
NBIP is a Dutch foundation that provides professional cyber security services to providers and organisations in the digital infrastructure sector, based on the idea that an open and resilient Internet is a shared responsibility. We therefore operate on a non-for-profit basis to achieve this goal.
NBIP operates and develops facilities from a shared service center concept. This enables providers and organisations using the internet, to comply with legal and availability requirements. These facilities are costly to acquire, operate and maintain as a single party. Therefore, it makes sense to jointly operate such services. An example of such a facility is our not-for-profit DDoS scrubbing center NaWas, which currently services some 200 organisations in 10 European countries.
Our role in the IPCEI-CIS lies primarily in developing a secure by design open security platform that will be integrated in the stack of a new modular data center design for a distributed European cloud infrastructure. One of the avenues we are currently exploring in this regard is a distributed edge DDoS mitigation platform. We also have a very active role in the cross-cutting security workstream which involves many IPCEI-CIS projects.
How important is it to foster a model of joint technological innovation for strengthening the global competitiveness of the EU cloud industry?
I think it would be, at this moment in time, hard to overstate the significance of cooperation for technological innovation in the EU, especially in the digital domain. We are now rapidly becoming more aware of what risks are associated with outsourcing much of our needs for digital technology and services to non-EU corporations. I believe the EU has taken and is taking important steps to reduce these risks, for example by investing in programs to realize its own cloud infrastructure. But this will take time, perseverance, and a shift in mentality. What I mean by that is that I think it should be self-evident to everyone that Europe will only be able to prosper if we cooperate more and more often and put our collective interests as Europeans above other concerns.
How do you understand the concept of “European digital sovereignty”, and what role should cybersecurity play in that?
In the past decades we have created dependencies on foreign technology and services that in hindsight seem undesirable. There are many circumstances that have led to these dependencies, and I don’t think it is useful to dwell too much on the past. We do need to carefully consider now, nevertheless, how we are going to disentangle ourselves from non-EU tech. When we talk about digital sovereignty, we should understand it as a certain level of control over the digital technology we use, whether it’s hardware, software, or the infrastructure we use to deliver digital services. Open source solutions are an important way to achieve this.
This is also true for cybersecurity. Many cybersecurity services and applications that are used across Europe have not been developed within the EU. Given the current geopolitical context, we cannot rule out that this will one day be turned against us. Does that mean we need to become a digital autarky? Of course not. This would harm us more than it would do good. But we do need to think carefully about what it means to be digitally sovereign in a world that is thoroughly digitally interconnected.
I think a sensible first step would be to ensure that critical digital infrastructure is firmly in our own hands. In addition, we need to move away from using non-EU cloud services for anything and everything, without much regard for the (national) security risks associated with it. When it comes to cybersecurity, we need to be able to develop and provide core services ourselves, whether it is DDoS-mitigation, AV-software, or firewalls.
How do you perceive recent EU regulatory initiatives such as the Cyber Resilience Act?
I think that, as Europeans, we should be proud that the EU is taking the lead and setting an example when it comes to regulating the digital domain, including cyber resilience. In my view, many issues around cybersecurity are the result of two things: non-intentional incompetence and a classic collective action problem. What I mean is that many organizations that need to be more cyber resilient, fail to achieve this because they do not know they are falling short in this respect.
Secondly, issues such as the abuse of security vulnerabilities are enabled by the fact that it’s not always in the interest of organizations to commit resources to solving these types of problems, even though if everyone would take it seriously, the problem would be less persistent and less costly. So it helps to have clear rules about what is expected from manufacturers and developers in this respect, which will hopefully ultimately result in less abuse.
Technological challenges aside, what do you think is the main digital policy aspect that the EU should address in the short-mid term?
I think we are on the right track, but I think the EU should be wary of over-regulating the digital sector. It is difficult for many SMEs to keep up with the regulations that have been enacted in the past years. These regulations are necessary, there is no doubt about that. But we also run the risk that SMEs, who play an important role in ensuring Europe’s digital sovereignty by participating in European funded projects, will refrain from participating and boosting innovation. For them, a steep regulatory burden is stifling their capacity for innovation. I would therefore say the EU should be mindful of this if it wants its ambitious projects to come to fruition sooner rather than later.
Octavia de Weerdt is General Director of NBIP. She has extensive experience in IT, internet technology, cyber security and organizational governance, having fulfilled various leadership roles during her 30 year career. At NBIP, she is currently at the helm of various European funded projects the non-for-profit participates in, including the IPCEI-CIS. She is a European at heart and strongly believes in the strength of collaborative action.
This guest blog post is part of a series of interviews with EU industry leaders and technology experts carried out by OpenNebula Systems as part of the NexusForum.EU project [2024–2026], a Coordination & Support Action co-funded by the 🇪🇺 European Union’s Horizon Europe research and innovation programme under Grant Agreement 101135632 and by the 🇨🇭 Swiss State Secretariat for Education, Research, and Innovation (SERI).
0 Comments