Policymakers and Experts Tackle Europe’s Cybersecurity Challenges

By /

nnISC2 took part in the recentnnBrussels Cybersecurity Summit, which played host to over 500 key European policy makers and globalnexperts in cybersecurity looking to tackle current economic andntechnology disruption and take a fresh look at policy plans through ton2027.nn

n

nCybersecurity is a critical consideration for the European Union (E.U.) andnits member states. Nowhere was this clearer than at the BrusselsnCybersecurity Summit, a two-day E.U. forum that brought together over 500nkey stakeholders, not only policymakers, but also a wide variety of externalnstakeholders from across the European public and private sector.n

n

nAt the invitation of the Centre for Cybersecurity Belgium (CCB), ISC2 was anpart of this event, delivering a keynote address during the Competence andnCoordination track, representing and advocating for the cybersecuritynprofessionals in discussions with policymakers across the EuropeannCommission, European Council, and the member states.n

n

n

n

A Closer Look at Cybersecurity Skills

n

n

n

nISC2 CEO Clar Rosso delivered the keynote address for the Competence andnCoordination track, which looked specifically at cybersecurity skills in thenfuture – and whether artificial intelligence (AI) will be a means to helpnbridge the on-going skills gap in the sector or if training will take thenlead role in addressing skills challenges. Rosso was joined in anpost-keynote discussion by panel moderator Lauri Tankler, Head of thennational cybersecurity coordination center for Estonia (NCC-EE) and Chair ofnthe NCC Network; Wouter Joosen, Professor and Head of Distributed and SecurenSoftware, KU Leuven; Rick Verhagen, an AI cybersecurity specialist atnDarktrace; Arnaud de Vibraye, Junior Manager for Skills and Human Factors atnECSO and Jean-Luc Peeters, Head of CERT.be, Centre for Cybersecurity Belgiumn(CCB).n

n

nThe keynote highlighted a number of areas for consideration and discussion.nMost notably, Rosso highlighted the finding from latestnnISC2 Cybersecurity Workforce Studynnthat in the E.U., there are just under a million cybersecuritynprofessionals, but that alongside the active workforce, there is a shortagenof approximately 274,000 individuals, a deficit requiring a minimum 29%nincrease in the active workforce to address.n

n

nFurthermore, there is also a skills gap to consider alongside the physicalnpersonnel gap. Overall, 91% cybersecurity professionals have reported thatnthey have a skills gap in their organization, with 14% indicating thenshortfall to be a critical gap. Breaking this down, there are particularnskills shortages in AI and machine learning (ML), cloud computing, alongnwith implementing trust and access. Beyond these, non-technical skills likenstrong problem-solving ability, curiosity, eagerness to learn, andncommunication skills are in high demand in cybersecurity roles.n

n

nOutside of the track, Margaritis Schinas, the European CommissionnVice-President in charge of Promoting the European way of life echoed thenconcerns about the workforce gap, noting Commission data that aligns withnthe ISC2 findings for the region. He noted that legislation and supportninitiatives are needed and are being delivered. For instance, there is thennCybersecurity Skills Academy. Schinas noted that the Academy is not a school, but rather a single pointnto secure funding opportunities, jobs and education from. Its work willnultimately encourage young people to pursue a cybersecurity or relatedncareer path. Committed to enhancing and expanding the cybersecuritynworkforce in the E.U., ISC2 was the first organisation to make annpledgennto the Cybersecurity Skills Academy launched by the European Commission.nISC2 committed to provide its Certified in Cybersecurity (CC) certificationnand education program to at least 20,000 individuals in the E.U., preparingnthem for entry- and junior-level cybersecurity roles.n

n

n

n

Technology Mitigating Skills Shortages

n

n

n

nAutomation is being used in part to mitigate shortages, with 61% usingncybersecurity automation in some form to compensate for not having people innplace to carry out the same function.n

n

nGiven the extensive use of automation, it was little surprise that 30% ofnE.U. respondents to the ISC2 Cybersecurity Workforce Study believe that AInwill play a significant role in securing organizations, while 42% alsonpredict that AI will become a significant cybersecurity challenge by 2025.n

n

nThese metrics underlined much of the industry challenge, as well as shapingndiscussion that followed, in particular around how to create a path forwardnto reducing both shortages.n

n

n

n

Keeping Pace with Demand

n

n

n

nPanel moderator Lauri Tankler canvassed the audience with the statementn“individual training initiatives are too slow”. Opinion was mixed, but thenpoint was made that training is not a one-size fits all approach, and thatnAI is likely to play more of a role in shaping individual training in thenfuture. Rosso highlighted ISC2’s use of adaptive learning across threencertifications as an example of how intelligent courseware and exams thatnalign with the individual and their responses has delivered many benefits,nincluding reducing exam times considerably compared with the time needed toncomplete traditional linear exam papers. The feedback from individuals whonhave used this approach indicates that it has reduced their study time bynmore than 25%.n

n

nESCO’s Arnaud de Vibraye also noted thatnthe organization is actively engaged in skills and human factors. While hendidn’t necessarily agree with the statement, he agreed that there’s a greatndeal of work still to be done, particularly in the field of AI and the rolenit plays in business and in society in general, with it being a global need,nnot just a European one. He added that adapting education curriculum tonexpose and familiarize people early on in life will be important to preparenthe next generation of society for a more AI-driven andncybersecurity-centric technology age. However, such an adaptation ofncurriculum is going to be a long-term effort and that existing universitiesnand courses are a strong starting point for delivering this change.n

n

nDarktrace’s Rick Verhagen also rebutted the idea that things are moving toonslowly, but added that AI has the potential to enable a proactivencybersecurity approach. Instead of the classic cat-and-mouse game, we cannstay ahead of threats. In his view, the real issue is not that we’re movingntoo slowly; it’s about ensuring that we move ahead of the threats.n

n

n

n

A False Sense of Security?n

n

nTankler posed the statement “AI solutions may lead to a false sense ofnsecurity due to their inability to replace human adaptability, criticalnthinking skills, and accountability”.n

n

nIn response, Wouter Joosen, who is also leading the Flemish Research Centrenon Cyber Security, added the point that it’s not about AI itself, but rathernhow people communicate and assure users and customers about its security. DenVibraye also pointed out that while AI is already incredibly powerful todaynand constantly improving, there’s still a significant role for criticalnthinking. He reiterated that AI is not perfect and there’s a need for legalnand ethical considerations whenever AI is involved. Relying solely on AI cannindeed lead to a false sense of security in any scenario, with a human-AInpartnership being a better approach rather than one replacing the other,nwhich Rosso also agreed with, noting that there is concern aboutnorganizations investing in a single technology solution where AI isnconcerned, which like only asking a single person for an opinion, can resultnin a skewed outcome. Such a lack of critical thinking can result innorganizations being placed in a precarious position.n

n

nJean-Luc Peeters from CCB was verynclear, stating that you can’t simply trust the machines and their resultsnblindly. He raised concerns over the black-box nature of AI and a number ifncybersecurity countermeasures. Not understanding what’s happening behind thenscenes is a batter, and he believes that everyone on a cybersecurity teamnneeds to have a sufficient understanding, without needing to be anmathematician, to comprehend the results being generated by the tools andntechnology in use. This was not an argument against AI and ML, both of whichnare needed in his view, but not at the price of having no visibility ornawareness of how outcomes are being achieved.n

n

n

n

Skills Needed for Critical Infrastructure Supportn

n

nIllustrative of the challenge within the E.U. in the current geopoliticalnclimate is the ability to monitor, protect and maintain continuity ofnoperation of increasingly digitized systems and services that are criticalnto the smooth and frictionless movement of trade, money, people andnservices.n

n

nRelevant to the skills discussion, Juhan Lepassaar, Executive Director ofnthe EU Agency for Cybersecurity (ENISA),nhighlighted in a separate talk that by 2030, the proliferation of smartndevices across critical infrastructure such as energy networks, transportnand the European industrial base will pose significant cybersecuritynchallenges, necessitating the retrofitting of legacy systems and developmentnof necessary skills to defend and protect key capabilities.n

n

nAcross this and the other tracks, the Brussels Cybersecurity Summit showed how the E.U. member states and its policymaking bodies areninvesting, understanding, debating and engaging with a wide array ofnstakeholders over the future of cybersecurity – from technology to training,nfrom education to qualifications – in order to strengthen its skills andnindustrial base for the future. ISC2 is and will continue to participate onnbehalf of members to ensure their needs and views are heard and that thenreal-world experiences of cybersecurity professionals can be conveyed toninfluence and inform decision making and policy development.

n ]]>

Leave a Comment

Your email address will not be published. Required fields are marked *