Cybersecurity in AI and Robotics: The importance of a protective EU framework
With the development of artificial intelligence and the IoT cybersecurity became a major concern for citizens, ranging from the infringement of our right to privacy to the threat of major terrorist attacks.
Cyberattacks clearly can have considerable consequences for our society and are the prototype of international cross-border activities, it is thus clear that the EU has to act and create a protective European framework.
There are plenty of examples showing that the development of our technologies and the improvement of cybersecurity have to go hand in hand.
For instance, how could we trust autonomous cars that rely on a vulnerable infrastructure / network?
All the experts I have discussed this matter with clearly agreed on one thing: When it comes to the hacking of a product or a service, the question is not “will it be possible to hack this product?” but “How long will it take to hack it?”
To meet this challenge, an increased EU-level cooperation is needed both for citizens and for industries.
For four years, I have been calling on the Commission to act on AI and robotics for the EU to catch up with China and the US.
If we are deemed late on this issue, the EU strength could still be to foster the development of a safe and ethical AI.
From the Communication of the Commission in 2016 to the adoption of the Cybersecurity act by the Parliament in the plenary March I, many steps go in the right direction for the development of a trustworthy framework.
I believe the creation of an EU cybersecurity certification framework for ICT products and services is a very good first step.
These harmonised requirements provide more legal certainty for companies, guarantee safer products and services and boost the trust of consumers.
The creation of compulsory certification for products and processes that operate in critical sectors of our economy (transport, energy, health, banking system etc) is a plus.
However, I consider that a general standardisation carried out by the CEN-CENELEC would have been more efficient than a voluntary basis or a sectorial approach.
The new mandate of the ENISA as a per- manent and stronger Cybersecurity agency is definitely a plus to assist Member States and ensure a good cooperation.
The involvement of the different stakeholders such as industries, consumers, SMES and other relevant actors in the cybersecurity sphere to provide to the Commission and the Agency with external expertise and know-how is a good initiative.
The recommendation for a coordinated EU response to cyber-attacks, the so-called Blueprint, is an essential mechanism to answer to the increasing number of cyber-attacks.
Diplomacy is also a strong mean to ensure the countries selling their products in Europe respect at least the same standards of protection as the ones applied in the EU.
Given the global nature of the challenge, building and maintaining robust alliances and partnerships with third countries is fundamental to prevent and limit cyber-attacks which are increasingly central to international stability and security.
Beyond the challenge of security, I think we should carefully look at the ethical and educational aspects.
The Ethics guidelines proposed by the High Level Expert Group in the beginning of April should pave the way for an ethical development of AI respecting our European values such as the right to privacy. But here again, I am afraid of the voluntary basis parameter.
We should seize the opportunity to make ethical principles compulsory. Our EU values are the core of our identity, it should not be something you choose to take part in or not.
The transparency and accountability of algorithms requested in the guidelines could be useful to understand how AI works and thus improve their resilience to cyberattacks.
This additional information is however useless for the consumer if it is not put in place along with a proper/ an efficient educational system.
Users should be aware of the functioning of AI, its advantages and risks and should know the best practices to take the most benefit from the use of these products and services.
It is our role to provide consumers, businesses and researchers with the best framework to ensure safe, cyber-secure and trustworthy products in the EU.