Managing New Issues

This report reflects the findings of a conference on cyber security and cyber crime on 9 April 2002 in The Hague, The Netherlands. It looks into the urgency for a better common understanding and better cooperation on these issues, in the light of the growth of the Internet, both in terms of number of users and in terms of social, cultural and economic impact. Focus was at three themes regarding the role of the public and the private sector in dealing with cyber security and cyber crime: What are the threats and what is the matrix of possible responses? How should Europe and the United States cooperate? How should the public and the private sector work together? The threat to information infrastructures is real. Threats run the gamut of possibilities, from faulty software to groups or hostile states intending to inflict damage. There is no agreement on whether the threat is waning. Overcoming the childhood diseases of current technology may abate the threat. On the other hand, more complicated technology may create greater vulnerabilities. Awareness of the threat varies. It gets ample and concerned attention from cyber security experts in industry and government. However, CEOs and top government officials, perhaps complacent after the Y2K experience, do not count cyber security among their top five concerns, yet. But, even as opinions vary as to whether future threats will be less or worse, many experts expect a high impact event somewhere in the (near) future. Comparison has been made to the oil disaster with the Exxon Valdez: a disaster like this is likely to happen. This will bring the risk high onto the agenda of decisionmakers and politicians. For mitigation of the risk, as a general rule, market-driven approaches have much to recommend themselves. Practical steps in this have already been identified. But there is also a clear role for government. Last but not least: the threat cannot be dealt with by one country (or trade block) alone. The report expands on this.