Coordinated Vulnerability Disclosure (CVD) is one of the issues identified by the draft directive of the European Parliament (known as the NIS2 directive), which is currently the focus of cybersecurity experts.
In recent years, we have seen an increase in the number of threats in cyberspace. In addition to this, the pandemic and the current war in Ukraine have revealed the destructive potential of cybercriminals looking for vulnerabilities in the systems of private and public organizations and institutions – admitted the participants of the panel discussion in the NASK pavilion of the 31st Economic Forum in Karpacz. We must learn to respond to threats faster and more effectively, involving experts from different institutions and individuals.
The idea of CVD is to provide a formal and legitimate process for Internet users to find vulnerabilities in computer systems and devices and then notify the relevant stakeholders, i.e. software manufacturers and infrastructure owners. At the same time, both parties are bound by the principle of public disclosure of a given error once it has been corrected.
“Security organizations have long struggled with the issue of vulnerability disclosure, which is why it is so important to develop standards and procedures in this area. Currently, the legal issues related to CVDs are different in each state. member of the EU, but the EU institutions are taking steps to unify the guidelines of national legislation on this issue,” explained Maciej Siciarek, director of the CSIRT division of NASK.
NASK, the leading national research institute, is the co-organizer of the Cybersecurity Forum, a unique space dedicated to discussing the development directions of the digital world during the 31st Economic Forum in Karpacz. One of the meetings of experts from European countries concerned the organisational, legal and ethical aspects of CVD regulation at European level and the exchange of experiences of Member States.
“We have formulated certain guidelines which will allow EU Member States to adapt to the requirements of the long-planned directive of the European Commission. Among them are recommendations for amendments to criminal codes to provide researchers of security vulnerabilities legal protection or to regulate ethical issues that prevent, among other things, violating the principle of non-disclosure of errors in systems before they are removed or corrected”, explained Juhan Lepassaar , Director of ENISA, the European Union Agency for Cybersecurity.
The expert underlined that Member States decide to implement ENISA recommendations at different times. Some of them are leaders, such as France, the Netherlands and Belgium, while others have not yet taken significant steps in this regard. Poland is part of the group of countries that have started preparing to organize this process.
“The rapid identification of vulnerabilities in ICT systems and products and their effective elimination are therefore essential if we are to prevent criminals from taking advantage of them. Companies and institutions must therefore appreciate the determination and commitment of people who, by using the ‘unwritten code of ethics’, look for security loopholes in the law, thereby strengthening the data security of thousands of users,” noted Maciej Siciarek.
The NASK expert added that the war in Ukraine is a game-changer here. The aggression of Russia is accompanied by increased activity of hackers, the purpose of which is both financial motivation, for example, extortion of ransom, as well as the paralysis of the functioning of the political and economic life of the European Union countries. Especially as we need to ensure that the process of communicating threat information and effectively securing ICT systems and products is faster and more efficient.
The 31st Economic Forum, one of the most important and prestigious events in our part of Europe, takes place in Karpacz. From September 6 to 8, thousands of guests, including leaders from politics, economy and local government, as well as prominent representatives of culture and science from around the world, discuss the challenges the most important ones facing Poland and the entire continent.