An in-depth look at the results of the third area of the report ‘Sustainability and Cyber Security’, carried out by the Foundation for Digital Sustainability with the contribution of Gyala: what actions are needed in the area of cyber security and digital sovereignty?
Digital sovereignty refers to a state’s ability to regulate, manage and control the digital technologies, data and services used on its territory. This means protecting critical infrastructures, guaranteeing the security of personal data, ensuring technological independence and governing access to digital platforms, with cyber security as a central and strategic element. This is an important concept in a context of digital transformation, but not only: it is also a strategic issue in terms of sustainability.
And it is precisely to this element that the third section – after those onIT/OT integration and privacy – of the research ‘Sustainability and Cyber Security‘, realised by the Foundation for Digital Sustainability with the contribution of Gyala, is dedicated: the study that frames the essential convergence between these two crucial pillars in the era of digital transformation.
Cyber security and digital sovereignty: what actions to take?
What emerges is, first and foremost, a centrality of digital sovereignty in security for ensuring Economic Sustainability, as well as for the Social Sustainability dimension. In this direction, the element that clearly emerges as the most important for digital sovereignty is
ensuring that a company’s trade secret data and that of the country’s critical infrastructure cannot be acquired by foreign states (SDG 8 of Agenda 2030: Decent work and economic growth).
Next among the sustainability goals in respect of which digital sovereignty is most important are other infrastructure-related aspects such as: ensuring that energy infrastructure data cannot be acquired by foreign states (SDG 7: Clean and accessible energy); ensuring that water infrastructure data cannot be acquired by foreign states (SDG 6: Clean water and sanitation); and ensuring that patient data cannot be acquired by foreign states (SDG 3: Health and well-being). Less relevant, however, are data concerning citizens in different roles, such as employees of a company (SDG 8) or students (SDG 4: Quality education).
Of the actions that can be taken, the one on which there is the highest level of agreement (60%) is the need for countries to invest in cyber security by favouring national operators
thus shielding them from the risks of external interference in the event of conflict. With almost the same percentage (57 per cent), respondents also agree that to ensure sustainability, it is necessary for companies providing cybersecurity systems and solutions to be independent from foreign interference. In addition, access to data, especially if this is not segregated within national borders, can be compromised by forcing foreign providers: just under one in two respondents (49 per cent) agreed with this statement.
In the field of cybersecurity, therefore, when it comes to digital sovereignty, a fundamental element of assurance comes into play: a foreign operator could be forced to provide access to data and information collected by its government. And this even if the data are segregated within national borders.
A risk, this one, that becomes particularly important when data and information concern a company’s trade secret data, the country’s critical infrastructure, as well as energy and water infrastructures. Less relevant to the national interest, but equally important for individuals, is the risk of data and information concerning patients, students or employees of companies being stolen.
For this reason, as the report concludes, the main actions to be implemented in the area of cybersecurity and digital sovereignty include both the importance of relying on cybersecurity systems and solutions that are independent of foreign state interference, and the need to make investments in cybersecurity that favour domestic actors.