Dragos Preda: EU Cybersecurity Center must adopt zero-trust security model

The European Cybersecurity Center must use the zero-trust concept, which is imperative and highly topical in cybersecurity, Secretary of State in the Ministry of Transport and Infrastructure Dragos Preda told a debate on digitization today. "The zero-trust concept implies total distrust, permanent verification. I know these things are scary, but I tell you that these are the international developments. Beyond the moment of implementation, or including it, the EU Cybersecurity Center must use the zero-trust model in its development, an imperative and highly topical concept in cybersecurity. Organizations follow zero-trust network principles to help address the security requirements of rapid digital transformation and the expansion of remote workforce. We also want to create an ecosystem that also incorporates much broader contextual information. This is why everyone is wondering why all this geopolitical rhetoric about 5G? 5G is no longer just a technology in the area of classic end-user broadband electronic communications. From now on it is an industrial technology, and hence the need for increased attention to our connectivity. Technologies that support zero-trust are moving into the mainstream. That's why experts say it's the best way to stop data breaches. The zero-trust network or zero-trust architecture model was created in 2010 and at that time it was an attempt to protect the systems not only against external vulnerabilities, but also against the internal vulnerabilities of the system operators," said Dragos Preda. The Transport Ministry's official mentioned that the zero-trust model has the role of looking for vulnerabilities without affecting the identity of persons. "The zero-trust model is an operating model of this system we operate in. It's a security concept focused on the belief that organizations should not trust anything inside or outside their perimeter. They must check everything attempting to connect to their systems before granting access, so this is not a monitoring process. For instance, amid the pandemic, the EU asked the operators to provide anonymised data on the pandemic situation, which means that the natural or legal person is monitored as an item, without affecting its identity. What is being sought is the vulnerability, not the person," said Dragos Preda. On the other hand, he cautioned that the cities are becoming increasingly more vulnerable to cyberattacks. "With the convergence of both digital and physical infrastructures, activated also by the cloud size - now that we've been talking in the last year about the government cloud, the Internet of Things - cities are becoming increasingly vulnerable to cyberattacks, and cybersecurity practice in the smart city, smart community area assists all actors involved in this endeavor, both public and private, to address cybersecurity and privacy risks associated with connected environments, while adopting this solution provided by the new technologies, the next generation networks such as cloud, IoT, blockchain, artificial intelligence, machine learning. We are talking a lot about tele-school, telework, all these must be done by developing these infrastructures. At the same time, we know, there are things that are already obsolete in the field of post-crisis recovery: the switch from an L-shaped recession to a V-shaped recovery is done through the development of infrastructures. This means connectivity. And I am referring to all types of infrastructures, they must be seen as a whole," said Dragos Preda. AGERPRES (RO - author: George Coman; editor: Andreea Marinescu; EN - editor: Simona Klodnischi)