Swift chief: "When we don't sleep, it is because of cyber risks"
11 March 2014 | 8128 views | 0
Swift chief executive Gottfried Leibbrandt has called on EU policymakers to steer clear of 'data protectionism' and work towards the creation of a standardised global framework for international cyber-security.
Speaking at a high level EU conference on cyber-security strategy in Brussels, Leibbrandt described directly conflicting national regulations on data security as a critical challenge to international infrastructures such as Swift.
The interbank network, which connects over 10,000 institutions globally, was conceived with resilience and security at its core and designed to meet the highest standards of confidentiality, integrity and availability.
But with cyber-criminals getting better organised and funded and state actors further muddying the waters, Leibbrandt admits to feelings of paranoia over cyber-security.
"The cyber threat is very real and persistent. Cyber-attacks are getting ever more sophisticated, and the landscape is getting more complex," he says. "Every day we wake up and go to sleep thinking about, and protecting against that threat. It is hard work and never done. When we don't sleep, it is because of cyber risks."
Edward Snowden's revelations about the mass-surveillance operations of the US National Security Agency have prompted European politicians to take a hard line in drafting the EU's future cyber-security strategy.
With a nod to the sensitivities, Leibbrandt says: "We agree that an EU cyber security framework is needed and that the bar must be set high. But the framework must work internationally, and the bar must be accepted internationally.
"We would urge this Directorate, and indeed all legislators and regulators, to ensure that rules and regulations do nothing to limit digital companies' abilities to operate across borders. We need legal certainty; we can't be caught in the middle."
While acknowledging that developing and agreeing standards will be a challenge internationally, Leibbrandt says at a minimum it would be useful to have internationally agreed personnel vetting standards, supplier certification standards, readiness level standards and penetration testing standards as well as best practice definitions.
He would also like the EU to do more to encourage the creation of a vibrant ecosystem of players and advisors in cyber-security, backed by a robust R&D framework and high-level skill sets.
Concluding, Leibbrandt says: "National fortresses and market barriers make it harder for Europe to lead in digital, harder for Europe to become the natural home of secure services. Data protection cannot mean data protectionism. A secure cyber environment in Europe must not mean an isolated Europe."