The Report Cybersecurity – Our Digital Anchor brings together research from different disciplinary fields of the Joint Research Centre (JRC), the European Commission’s science and knowledge service. It provides multidimensional insights  into the growth of cybersecurity over the last  40 years, identifying weaknesses in the current digital evolution and their impacts on European citizens and industry. The report also sets out  the elements that potentially could be used to shape a brighter and more secure future for Europe’s digital society, taking into account  the new cybersecurity challenges triggered by  the COVID-19 crisis.

Given that data flows and information are  the lifeblood of today’s digital society, cybersecurity is essential for ensuring that Executive Summary

digital services work safely and securely while simultaneously guaranteeing citizens’ privacy  and data protection. Thus, cybersecurity is evolving from a technological ‘option’ to  a societal must.

From big data to hyperconnectivity, from edge computing to the IoT, to artificial intelligence (AI), quantum computing and blockchain technologies, the ‘nitty-gritty’ details of cybersecurity implementation will always remain field-specific due to specific sectoral constraints. This brings with it inherent risks of a digital society with heterogeneous and inconsistent levels of security.

This strategy should cover not only the technological aspects but also the societal dimensions of ‘behaving in a cyber secure way’. Consequently, the report concludes by presenting  a series of possible actions instrumental to building a European digital society secure by design.

We are living in an era of great opportunities enabled by digital technologies: access to information and knowledge has never been  as easy as it is today. Global economic growth2 and human well-being are becoming increasingly dependent on the adoption of digital technologies.

However, this intertwining of digital technologies in our daily lives brings with it heightened vulnerability to the deliberate exploitation of unsecure digital systems. This increases the potential impact of cyber attacks while reducing the advantages of the digitalisation of our society. To understand why cybersecurity is so central, we need look no further than the COVID-19 crisis which has triggered an increase in the cybersecurity risk facing European businesses, governments and citizens. Cyber attacks have become more frequent as the weaknesses resulting from the focus on fighting the pandemic have been exploited.

Time is a crucial  factor: we need  to move quickly  in an attempt to reduce the attacker’s advantage.

Digital technologies are currently at the heart of all our critical infrastructures. Hence, their cybersecurity is already, and is becoming increasingly, a matter of national security. Therefore, cybersecurity is both costly and crucial.

The number of citizens impacted simultaneously by a single cyber incident can be huge as  a consequence of the pervasiveness of connected devices: 3 billion accounts in the attack on Yahoo in 2013, 77 million users in the attack on Sony

PS3 in 2011, 1.3 million and 250 000 impacted citizens, respectively, in the attacks on Estonia  and Ukraine in 2017, and 7 major security incidents in December 2019 alone (CSIS, 2020), just to cite a few examples.

At the same time, cyber attacks are also  becoming more and more complex, demonstrating the attackers’ enhanced planning capabilities  and knowledge. An example of the growing complexity is the spread of malware able to  infect both mobile and IoT devices, hugely amplifying the distributed computational  power of cyber attacks while making it more difficult to effectively mitigate an attack.

As cyber attackers operate outside the norms  of regulation and law, this flexibility gives  them a significant advantage over defenders  who normally do not enjoy such freedom.  The attackers have the crucial advantage  of time which in cyberspace can be measured  in milliseconds.

Contrary to popular belief, cybersecurity is not merely a matter of technologies. Rather, it has  an impact on society and is influenced by the attitude of individuals while they are ‘living their digital life’. Their preferences, desired digital services and the way in which they are used are the first considerations when trying to design a more secure cyberspace. Once again, the explosion of teleworking and online schooling during the first half of 2020 due to the COVID-19 crisis and, as a consequence, the higher number of cyber attacks show the extent to which our lives are intrinsically dependent on digital services and why we need urgently to increase their security. Cybersecurity is thus  a very heterogeneous and multi-sectorial domain combining diverse needs, expertise and constraints.

Thus, the scope of this report is twofold:

• It gives the reader clear elements to reflect on the weaknesses of the digital evolution  and the resulting impact on European society.
• It proposes the components which  could potentially shape a new secure European society.