On Wednesday December 4th we welcomed Kevin Gundersen, vice president at Banner Public Affairs and a former intelligence and cybersecurity advisor for the US House of Representatives Committee on Homeland Security. Teresa Calvano, head of our technology practice in Brussels chaired an engaging and informative round table discussion on privacy and cybersecurity issues on both sides of the Atlantic. There was a wide range of attendees from sectors as diverse as transport and energy, as well as a sizeable contingent from the technology industry.
Kevin’s intervention touched on cybersecurity legislation pending in the United States as well as US perceptions of the Snowden/NSA scandal in the US and the prospects for legislative change in the US, as recently demanded by the European Commission. Kevin suggested that large scale legislative change in the US was unlikely as the actions of the NSA and related bodies already had a firm basis in US law. He pointed out that only 1% of the Snowden files are currently in the public domain, and it is likely further revelations will be released at important moments for the US, such as the next round of TTIP negotiations, when their impact can be most damaging.
Kevin also provided fascinating insights into what is at stake for European and American firms in cybersecurity terms, both in terms of possible regulatory obligations and the cost of intellectual property stolen via hacking, saying “there are two types of companies: ones that have been hacked and ones that know they have been hacked”. He stressed the possibility of large-scale cyber-attacks in the near future, urging companies and countries not to ignore the warning signs. He called on firms to engage with policymakers on both sides of the Atlantic on cyber issues to avoid being damaged by knee-jerk legislation which could arise after a large cyber-attack.
He also spoke of the difficulties of creating a cybersecurity framework as it touches on so many different areas and is an area where private firms and nation states co-operate and conflict with each other. In this regard he mentioned the specific issue of “active defence” from cyber-attacks, asking how far companies could go to defend themselves and their intellectual property from theft, especially if the aggressor was a nation state.
The lively question and answer session saw attendees touch on issues ranging from European cloud networks to the pace and agenda of the TTIP negotiations and the role the private sector should play in devising a voluntary or mandatory cybersecurity agenda.