Cybersecurity is often mainly considered as a defence matter, but Luxembourg has a different point of view. “We also see cybersecurity as an economic success factor. To support businesses as well as public bodies, we have developed a very interesting setup of infrastructure and services that you rarely find elsewhere, if at all,” says François Thill, Director Cybersecurity and Digital Technologies at the Ministry of the Economy.

Francois Thill and Pascal Steichen speak about cybersecurity and Luxembourg's trusted data economyOne unique element is the capacity to keep internet data transfers between Luxembourg entities within the national territory. Mr Thill points out that this set-up makes it very difficult for third parties to “eavesdrop” on the data. It also enables the country to protect itself very well against distributed denial-of-service (DDoS) attacks as long as the internet traffic stays within its borders.

To support businesses as well as public bodies, we have developed a very interesting setup of infrastructure and services that you rarely find elsewhere, if at all.

A second key point is that many services are running in datacentres with the highest security standard, Tier IV. One example is LuxConnect data centre which hosts the business-oriented supercomputer, MeluXina. “To my knowledge, this is the only supercomputer that processes data in a Tier IV datacentre, which guarantees an exceptionally high standard of physical security. In addition, such datacentres are greatly resilient in terms of connectivity, energy and cooling.”

This high level of trust is crucial for the data economy to prosper. “Companies are often very reluctant to transfer their data to any type of third party as it includes information of great value. They will only be willing to work with a data exchange platform, supercomputer or other service if they are sure that their data is protected in the same way as if it would be if it remained on their premises,” Mr Thill points out.

Cybersecurity dataspace

Another component is the seamless synergy and cooperation between different players. Luxembourg was among the first countries to map all the actors in its cybersecurity ecosystem, an exercise that is now being replicated in many other countries. “Knowing the companies and having a clear view of what is going on is essential for building relevant strategies,” says Pascal Steichen, CEO of the Luxembourg House of Cybersecurity. He is also the chair of the European Cybersecurity Competence Centre (ECCC), in charge of coordinating, harmonising and synchronising cybersecurity research and innovation activities in the EU.

Mr Steichen also underlines Luxembourg’s involvement in the development of methods, tools and mechanisms that foster information sharing in the field. The internationally recognised threat sharing platform “MISP” operates from Luxembourg and has proven that companies are willing to contribute with data to collaborative initiatives. The next step is now to further fuel the data economy via a pioneering open cybersecurity dataspace.

We are going to build a collaborative dataspace where cybersecurity information is shared and available for free to anyone interested.

“Antivirus, firewall and intrusion detection programmes require constantly updated information about current threats and vulnerabilities from all over the world. Such information can be obtained from specialised providers, but at a very high cost that makes it inaccessible to 80% of businesses, especially small and medium-sized companies,” says Mr Thill. “We are going to build a collaborative dataspace where such information is shared and available for free to anyone interested in developing or using open-source cybersecurity tools. We hope that this will result in affordable solutions for all types of companies. The data can also be used for research purposes.”

Welcoming innovative businesses

The country is welcoming international cybersecurity companies that fit into its ecosystem. “The managed security service companies that are already here are overwhelmed by demand,” Mr Thill explains. “We also want to attract more innovative businesses that can develop solutions for SMEs.” The focus is mainly on companies from European countries, but not only. “Japan and South Korea are interesting as their personal data protection regulations are considered equivalent to those of the EU, which means that processing of European data is allowed and trusted. This makes cooperation very easy.”

Photo credits: Luxinnovation/Jessica Theis
Menu
Close