Prof. Dr. Marco Gercke is an international expert in the field of Cybersecurity and director of the Cybercrime Research Institute. Holding a PhD in criminal law with a focus on Cybercrime he is for several years teaching law related to Cybercrime, International Criminal Law and European Criminal Law at the University of Cologne. The focus of his research is on international aspects of strategy/policy/law/regulations related to Cybersecurity. In this respect he was and is working as an expert for several international organizations among them the Council of Europe, the European Union, the United Nations and the International Telecommunication Union. Marco assisted various countries in Europe, Africa, Asia, Latin America, Caribbean and Pacific in developing strategies, policies and legislation in relation to Cybersecurity and Cybercrime.
Collective Cyber Defence – A State and Industry Perspective?
Although scientifically reliable data is not available reports indicate that during the last five years both quality and quantity of Cyber attacks against government institutions and the industry increased. Defence against such attacks in general goes along with significant financial investments as attack methods and techniques constantly change. Several challenges could be solved by an information exchange or closer cooperation within defence strategies.
Today Cyber Defence Strategies (CDS) have become an essential component of risk assessment and risk management processes as well as security strategies. This is relevant for both states and major industry players. Despite intensive
outsourcing approaches in the field of ICT (cloud computing is only one example) CDS are dominantly still based on fully autonomous concepts. Based on
this strategy each government institution and private company maintain a complete cyber protection environment.
An exchange of information (either within the industry or between the industry and the public sector) as well as collective cyber defence (CCD) approaches that are based on shared responsibilities are hardly ever implemented. The reasons for this protective approach differ significantly between states and industry as well as within different industry sectors.
The speaker, who addressed the issue in different studies, will provide an overview about the current situation and highlight some of the major consequences of the lack of information exchange and cooperation. After the analysis of the status quo the speaker will develop key elements of a collective cyber defence strategy for states as well and the private sector. He will underline similarities in the approach, underline risks and show best practice examples. The speaker will in this regard also elaborate upon consequences of the current debate about minimum Cybersecurity standards for critical infrastructure provider as well as reporting obligations for Cybersecurity incidents.