When we start talking about cyber security, we often think of the computer and the security of that same computer. In the last few years, however, as society has begun to be heavily digitized, we have begun to link cybersecurity to the context of the wider society. We humans tend to take care about our safety. When we leave our apartment or house, we check several times if we have locked the front door, we are also very careful when locking our car. What about cyber security or online security? Are we humans just as cautious as we are in other areas? Are we aware of new challenges as a society, the state, the local community and individuals?
Already for Thomas Hobbes, security was a fundamental value of every human being, which was also the basis for the individual and collective security to be built later. After the end of the Cold War, due to the reduction of the conflict situation, security lost some of its significance, however, it remains a key factor in the existence of an individual, a nation and the international community.
In the context of digitalization and digital transformation of society, however, it is necessary to talk primarily about cyber security. Cyber security contains various processes and technologies that protect various programs, networks, web data, etc. Cyber security is not only concerned with the protection of information and data (as information security deals with this), but by protecting the entire ICT infrastructure (protecting computers, servers, etc.).
Security threats in cyberspace are diverse. Europol recognizes the following: cyber threats, sexual exploitation of children via the Internet, payment fraud, illegal online marketplaces and cyber terrorism.
At the panel discussion “Democratic Society and Cyber Threats” organized by the Institute for Digitization in cooperation with the US Embassy in Slovenia, IPM Digital discussed how cyber threats can threaten a democratic society with Uroš Svete, Director of the Information Security Administration of the Republic of Slovenia; Milan Gabor, certified ethical hacker and owner of Viris; dr. Vladimir Prebilič, Mayor of the Municipality of Kočevje; and mag. Ajša Vodnik, General Manager of AmCham Slovenia.
All discussants agreed that digitalization is a real situation and that it, together with new technologies, brings new opportunities and security risks. It all depends from which point of view we look. A knife can be a good tool for cutting bread or injuring someone, and it is similar with digital tools.
Social networks are a digital tool that allows us to stay in touch with different people during the epidemic caused by COVID-19. These same tools, however, can be used for identity abuse, payment fraud, and so on. The speakers note that cyber threats are present in virtually all segments of society, especially the key areas are the economy and the state and public administration, which also includes local communities. For all segments of society, cyber security is crucial, but this is not happening in practice.
Local communities, which face the problem of low funding in the field of cyber security, remain a major problem. In addition, the state is not aware that it is the local communities that are vital to the existence of the individual (they provide water, electricity, sewerage, etc.) and that all local communities are attached to the state’s information systems. This means that poor cyber protection of local communities can bring cyber threats to the country. Why? Because it is a link between information systems between the state and the local community, a hacker can use the local community as a “back door” and access state information systems through it.
Companies and public administrations became aware of the importance of digitalization, cyber threats and good cyber security only during the epidemic, as COVID-19 forced them to “work from home” and consequently to use digital tools. However, the gap in awareness of the importance of cyber security between individual companies and public administration segments remains. In this context, it is also necessary to mention the gap between public and private and public-private partnerships. Public-private partnerships are extremely problematic in the field of security, as an individual who, on the basis of “outsourcing”, takes care of the cyber security of individual state segments (local communities, public institutions, etc.) can act in his own favor or do not work correctly. In this case, the consequences are felt by all citizens. “Outsourcing” in the field of cyber security must be carried out in a complementary and prudent manner, and we cannot leave the care for cyber security to the market.
Awareness of the importance of cyber threats differs not only in our country, but it is a general trend around the world. In areas where ICT is very present, awareness of cyber threats is quite high, in areas where it is not, awareness is lower. During the discussion, the case of Silicon Valley was highlighted, where awareness of cyber threats is very high, and a hotel a few kilometers outside of Silicon Valley already has lower standards of cyber security.
In the context of international comparisons, it should be pointed out that cyberspace is unlimited, so the issue can move from one end of the world quickly and without major restrictions to the other end of the world. All these issues can be limited to some extent with good control. At the level of the European Union, ENISA is working for this purpose, according to which the most pressing problem is currently uncertified software and hardware by various companies, which further increases the vulnerabilities that are already present in one way or another.
The problem of information systems is also their complexity. In accordance with the Information Security Act, the Information Society Inspectorate operates in Slovenia, which operates under the auspices of the Information Security Administration of the Republic of Slovenia. The main task of the Information Society Inspectorate is to control the providers of essential services (water supply, electricity, transport, transport, etc.) and to control public administration bodies. In addition to the control of various institutions, the awareness of the whole society about the dangers of cyber attacks is crucial. Of particular concern is the fact that many countries are strengthening their cyber security capabilities for offensive purposes, so prudence and awareness are all the more important.
Awareness of the whole society, however, can only be achieved in one way and that is education. Both in Slovenia and internationally, companies are often unaware of the importance of cyber security, and there is a shortage of experts in this field (there are only a handful of ethical hackers in this field). Compared to the international space, Slovenia is also facing the problem of a low security culture, as we are really digitizing various areas of society, but the mentality of citizens does not follow suit.
This problem can be solved only through education. The solution is not only in the introduction of the subject of informatics in the initial stages of primary school, but in the comprehensive renovation of the education system in the field of digitalization and cyber security. Education on digitalization and cyber security must start in primary schools, and such education must be maintained in the system of adult education and lifelong learning. It is also important to connect the local community, the economy and wider civil society. In addition to education, the connection between the public and private sectors is also crucial, which will be a step towards starting to solve the problems that digitalization through digital disruption brings.
Despite some criticism, the state has already begun implementing measures in the field of economy that will improve companies’ awareness of the importance of digitalization and cyber security. As a result, the Slovenian Enterprise Fund (SPS) in cooperation with the Digital Innovation Center Slovenia (DIHS), from the spring of 2019, allows various types of SMEs to use four umbrella vouchers in the field of digitalization, including a voucher in the field of cyber security. Businesses that have managed to use very limited resources are extremely satisfied with such an aid mechanism, as companies, like other organizations, lack the resources needed to successfully implement the digital transformation. An increase in funds for co-financing the implementation of activities in the field of cybernetics is thus desirable by the economy, and the state must take a decisive step in this. It is necessary to be aware that both digitalization and cyber security contribute to the well-being of society, so it is necessary to think in the future about developing an appropriate security culture that will allow cyberspace to be exploited for the benefit of society as a whole.