• Home
  • >
  • Be cyber up-to-date
  • >
  • FIC 2021 - Pascal Steichen joined the panel discussion about “Cyber crisis management: how should we be organised at a national and international level?”

FIC 2021 - Pascal Steichen joined the panel discussion about “Cyber crisis management: how should we be organised at a national and international level?”

blog-thumb

The multiplication and sophistication of cyberattacks – including against state structures – increases the risk of a crisis of such magnitude as to bring down not only the targeted organisations, but more broadly entire sectors and even states themselves. To ensure the resilience of their societies, states must therefore put in place, where appropriate, the tools and mechanisms required to effectively manage crises in order to mitigate damage, keep each crisis as short as possible, and prevent it from spreading. How can we build the conditions for resilience? How can the various government agencies concerned be linked? What contribution and cooperation can we have with the private sector? What regulatory framework should we have? Faced with a threat that knows no borders, what can be the modalities and arrangements for international cooperation?

Pascal Steichen, CEO of SECURITYMADEIN.LU, explained the classical approach of Luxembourg that covers every possible crisis domain (biotechnology, chemical, nuclear) and includes a cyber division and emergency plans.

He underlined that recently Luxembourg underwent a number of incidents that took us to rethink this model.

2 examples:

  1. In 2018,a significant DDoS attack hit a number of Luxembourgish infrastructures (incl. state infrastructures). For a limited amount of time, some services were not accessible. This appeared to be a wake-up call: “our continuity plan did not have a specific measure as well as our perception of our infrastructures wasn’t precise enough”, he said.

This led to:

  • Creating a new Anti DDoS project that will emerge at the end of the year
  • A scrubbing hub to prevent such DDoS attacks
  • Integrating this in the crisis plan as a mechanism
  • Learning by doing
  1. In the wake of major incidents, 3 to 4 of the biggest corporations in Luxembourg had been targeted by ransomware:
  • These attacks affected the Luxembourg economy, even though they were all isolated crisis.
  • These crises were barely managed due to a lack of human resources.
  • Should we collaborate on a national level to create a pool of experts?”, he asked. The answer he gave was “we need a know-how. To be integrated in the national strategy”.

The same should be done at the European level to further develop our capacity”, Pascal Steichen concluded.