The NASK (Research and Academic Computer Network) Cybersecurity Forum in Karpacz
Coordinated Vulnerability Disclosure (CVD) is one of the issues identified by the European Parliament's Directive project (the so-called NIS2 Directive), which is currently the focus of experts on cybersecurity.
In recent years, we have seen an increase in the number of threats in cyberspace. On top of that, the pandemic and the current war in Ukraine have revealed the destructive potential of cybercriminals looking for vulnerabilities in the systems of private and public organizations and institutions – admitted the participants of the expert debate in the NASK pavilion at the 31st Economic Forum in Karpacz. We need to learn to respond to threats more quickly and efficiently, involving experts from different institutions and individuals.
The idea of CVD is to provide a formal and legitimate process for internet users to find vulnerabilities in IT systems and devices, and then to inform relevant stakeholders about them, that is software manufacturers and infrastructure owners. At the same time, both parties are bound by the principle of public disclosure of a given error once it has been corrected.
"Security organisations have long faced the issue of vulnerability disclosure, which is why it is so important to develop standards and procedures in this area. Currently, the legal issues related to CVD are different in each EU member state, but the EU institutions are taking steps to unify the guidelines for national legislation of this issue," explained Maciej Siciarek, Director of the CSIRT Division at NASK.
NASK, the leading national research institute, is the co-organizer of the Cybersecurity Forum, a unique space dedicated to discussing the directions of development of the digital world during the 31st Economic Forum in Karpacz. One of the meetings of experts from European countries concerned the organizational, legal and ethical aspects of the regulation of CVD on the European level and the exchange of experiences from the member states.
"We have formulated certain guidelines that will allow EU member states to adapt to the requirements of the long-planned directive of the European Commission. Among them, there are recommendations for amendments to criminal codes to provide researchers of security gaps with legal protection or to regulate ethical issues that prevent, among others, breaking the principle of not disclosing errors in systems before they are removed or corrected,” explained Juhan Lepassaar, Director of ENISA, the European Union Agency for Cybersecurity.
The expert pointed out that the member states decide to implement the recommendations of ENISA at different times. Some of them are leaders, e.g France, the Netherlands and Belgium, while others have not yet taken significant steps in this regard. Poland is in the group of countries that have started preparing to organize this process.
"The rapid identification of vulnerabilities in ICT systems and products and their efficient elimination are therefore essential if we want to prevent criminals from taking advantage of them. Companies and institutions should therefore appreciate the determination and commitment of people who, using the 'unwritten code of ethics', are looking for security gaps within the law, thereby strengthening the security of data of thousands of users," noted Maciej Siciarek.
The NASK expert added that the war in Ukraine is a game changer here. Russia's aggression is accompanied by the increased activity of hackers, whose purpose is both financial motivation, e.g extortion of ransom, as well as paralyzing the functioning of political and economic life of the countries of the European Union. All the more so, we should ensure that the process of communicating information about threats and effectively securing ICT systems and products is faster and more efficient.
The 31st Economic Forum, one of the largest and most prestigious events in our part of Europe, is taking place in Karpacz. From 6 to 8 September, thousands of guests, i.e. leaders in politics, economy and local government, as well as prominent representatives of the world of culture and science from around the world, are discussing the most important challenges facing Poland and the whole continent.