Podcast 🎧 & blog: Resilience, protection, freedom – what the future holds for cybersecurity

How long do 20 years of cybersecurity actually feel? Quite intense and intensive, for sure. It’s unlikely that anyone thought that with internet and ICTs would come no risks, no maliciousness, no actors aiming to exploit vulnerabilities of digital systems.

Two of e-Governance Academy’s own cybersecurity experts are here to remind us how far we’ve come. With them, we recap events and lessons learned on safeguarding digital spaces from two decades of activity. But also, how future strategies and actions should strike the right balance between protection and freedom.

Kadri Kaska, Senior Cybersecurity Expert, joins host of the episode and Programme Director Merle Maigre for both upcoming scenarios and a retrospective on an ever-relevant matter.

Do you remember computer viruses?

Long gone seem to be the times of computer viruses, by now some vintage memory of pop-ups frantically appearing on your computer screen, or heists using early-stage tech in movies. “I like saying that cybersecurity, at its very core, is simply about the security of interconnected devices,” Kaska begins with. “Those viruses were mainly something amusing. Sometimes they would cause problems, but hardly disrupt business continuity or service delivery.”

“But as digitalization advanced, and penetrated every aspect of our lives, cybersecurity becomes a matter of sustainingand protecting what we consider our normal, habitual way of life in this modern society,” Kaska says.

Cybercrime – since we mentioned movie heists – is when things started changing a bit. “Around the early 2000s, cybercrime started to be more and more of an issue, to the point of becoming recognized as worthy of being a public security concern. So governments started to pay more attention to it.”

How far we’ve come – from spam emails to critical infrastructure

Next to cybercrime, then threats in the digital sphere took on a more political dimension – and expanded too, in scope and range. “That’s for example when Estonia got its own early shock, a wake-up call: the 2007 cyber attacks against the country, which brought public cybersecurity into the media spotlight. That’s the moment when many realized that cyber threats could become matters of national security and sovereignty, as in the way countries behave and arrange internal matters,” Kaska continues.

Then Russia’s war in Georgia one year later, where cyber attacks served to complement kinetic activities on the ground, showed us how such dimension entered the world of warfare. “Ransomware campaigns, then, brought to the public attention that attacks aimed at manipulating critical state infrastructure can affect the provision even of essential services – such as in the case of healthcare in the United Kingdom, to mention one among many.” Then there were the 2016 presidential elections in the United States, with the known cases of meddling and influencing targeted at the public opinion, with the aim to distort it and move votes.

“All these examples show we’ve gained awareness. Awareness that cybersecurity is something that countries should keep in mind, and properly address in their national security agendas,” Kaska points out.

Resilience on the internet, between protection and freedom

20 years of cybersecurity, though, did not simply expose a collection of potential threats. They also served to develop different approaches, from protection to resilience. “One of the fundamental shifts that took place over the past 20 years, as you [Kaska] have written elsewhere too, is the move away from attempting to shield against everything. This shift towards resilience, instead, strongly resonates with me,” Maigre adds.

“It ultimately underlines the importance of two tracks to work on. Building firewalls and working on preventive measures, which is still a good and useful course, but shouldn’t be the only one. Next to it, assuming that a breach has happened, we must build resilience to take us through and past such breach,” Maigre says.

A point that indicates how there isn’t one way of thinking and doing cybersecurity. As there isn’t only one relevant pillar to take into account in national cybersecurity agendas – and to hear all about them, do make sure to tune in to the podcast. But according to the episode’s host, “Internet freedom must be in the picture too. Cybersecurity matters, but countries must strike the right balance between safeguarding their digital space, and protecting basic rights and freedoms on the internet.”

To not discard its constructive value, “Cybersecurity should be regarded as an enabler, rather than something that puts a constraint on people’s rights and freedoms. When that mindset becomes part of how national strategies and agendas are defined, security and freedom on the Internet seem less conflicting terms,” Kaska concludes.