As Michal Stachník explained, our first reaction has been to build a castle and fortify it as much as we can. This has often resulted in the purchase of a bunch of really cool stuff that has not actually helped that much, because it lacked the ability to work in concert, and we lacked the skilled people to operate and maintain it. Even more problematic, all the protection disappeared once people walked outside the castle. Now, the aim is to deliver Secured Access Service Edge (SASE), which aims to blanket each user with a mobile coat of armor.
I thought this description of the castle could be applied to cybersecurity policy as well. Both Europe and America rely on technology and the continuous, timely development of new technology to retain our competitive advantage. That technology, more and more often, is the result of research and development coordinated on both sides of the Atlantic (see, for example, the Pfizer vaccine or the recent announcement that Honeywell will develop part of its hybrid aircraft engine in Brno). We need more cooperation to overcome the challenge of climate change. That is why digital sovereignty seems to be like building a castle in a world in a SASE world where data flows past borders and through walls. Or the idea that governments should only use cloud services with servers on their home soil. You could also argue that the same applies to the American Cloud Act. The goal of cybersecurity regulation should be to improve the cybersecurity of citizens. When politics or competition policy becomes a priority, by definition cybersecurity becomes less of a priority. Our goal should be a safe Europe and America securing our future through rapid technology development. Leave the castles for conferences and cocktail parties.
-wms-