Less than 20 years ago, the “I Love You” virus caused havoc around the world. For 10 days, this malware spread across all networks, infecting more than 50 million machines and causing between $5.5 and $8.7 billion of damage. “10% of all computers connected to the Internet were affected,” explained Pascal Steichen, CEO of, the national cybersecurity platform. He opened the event “Cybersecurity for successful innovation: Challenges and tools” organised by Luxinnovation on 17 October as part of Cybersecurity Week.

“I Love You” was the trigger for a major reflection that led to the publication of OECD’s guidelines on IT security in 2002. A year later, Luxembourg launched its first initiative in this field with the creation of, Cyberworld Awareness and Security Enhancement Services.

“The period 2008-2012 was pivotal for the ecosystem”, recalled Mr Steichen, referring to the successive creations of the Computer Incident Response Centre Luxembourg (Circl) in 2008, the Bee Secure initiative (the result of a partnership between the ministries of the Economy, of National Education and of Family) in 2009 and in 2010, bringing together the Cases and Circl platforms. All this resulted in the first national strategy implemented from 2012 onwards.

Finally, in 2018, added a third string to its bow with the creation of the Cybersecurity Competence Center, while the issue of cybersecurity is becoming increasingly important. “Being permanently connected via different devices obviously helps us on a daily basis, but it also increases potential risks and the exposure to threats,” said Mr Steichen.

A well-proven ecosystem

This public organisation has considerably contributed to the development of a substantial private ecosystem in Luxembourg, as described in the mapping presented at the opening of the Cybersecurity Week.

It lists 304 companies that are totally or partially active in this field, 74 of which (employing about a thousand people) have cybersecurity as their main activity. 22% of the 304 companies are start-ups, more than a third of which have cybersecurity as their main activity.

“The solutions proposed by these companies include governance, risk management and compliance, access management and data security,” summarised Mr Steichen, who was able to highlight a very positive development over the past two decades.

“Building such a security culture takes time. Pragmatism and perseverance are essential and it is important to have a strategy, starting small but evolving quickly.”

He also welcomed the fact that the government was involved from the outset, in order to give the necessary impetus. “However, it is important that the framework for its intervention be well defined, in order to encourage and not hinder competition in the market.”

Increasingly sophisticated threats

In this market, some major players have built up a worldwide reputation, such as Kaspersky, an international group specialising in information systems security (antivirus, anti-spyware, anti-spam, etc.) founded 22 years ago.

Timur Biyachuev, VP Threat Research at Kaspersky Lab, recalled that while in 1994, one virus was created every hour worldwide on average, there are now 360,000 new cases per… day.

“Today’s most sophisticated threats are highly targeted,” Mr Biyachuev said. “No security provider has full visibility of all existing attacks and threats.” In the first half of 2019 alone, 105 million attacks from 276,000 unique IP addresses were detected by Kaspersky.

The exponential deployment of connected objects statistically increases the occurrence of attacks. “40% of so-called smart buildings were attacked in the first half of the year,” he said. “’Simple’ infrastructure protection is no longer sufficient. In the future, the risks of damage are increasingly significant for citizens, as all systems are increasingly interconnected, including in-between cities. We must all ask ourselves if we are ready for the future.

Luxembourg, the right place

The examples cited below by Dr. -Ing. Marcus Völp, Research Scientist CritiX at the Interdisciplinary Centre for Security, Reliability and Trust (SnT) of the University of Luxembourg, perfectly illustrated this point: taking control of connected vehicles from a simple laptop; hacking into health equipment; accessing billions of medical data from private patients… “In recent years, we have seen a greater sophistication of attacks while, at the same time, the level of knowledge required to develop such attacks has decreased,” noted Mr Völp. “It is very easy to acquire tools and software on the Darknet.”

In the face of this increase in threats, the usual “best practices” are no longer sufficient.

“Being able to go beyond these ‘best practices’ is a strong argument. Luxembourg is the right place for this, at the right time: the country is sufficiently agile and flexible and has strong support for academic research and technology transfer.”

Integrating the human being

It must be said that the subject matter is particularly rich in terms of how to approach it, as evidenced by some data presented by Jurgen De Wever, Strategy Manager at Siemens Digital Industries Belux. “90% of successful attacks were based on vulnerabilities for which a patch had already been released. And 34% of companies with automation and process control systems have been attacked more than twice in 12 months.” He also indicates that 44% of the companies attacked are unable to identify the source of the incident. In 2015, the average time taken by a company to identify an attack was 205 days. “Clearly enough time to go bankrupt,” Mr De Wever ironically said.

While the trend of increased digitisation is developing, industry is still partially spared by the phenomenon, as many processes are still manual. “But the challenge is clearly to be able to integrate all aspects of the issue, including both the requirements of IT security and those of operational technology security.”

The other challenge is to adopt the right approach: “The greatest risk comes not from the outside, but from the inside,” says Mr De Wever. “This aspect must clearly be kept in mind regardless of the approach: the way in which these new technologies are used also influences the cybersecurity strategy to be pursued.”

A competitive advantage

This “human” dimension was also highlighted during two small round tables that completed the programme of this morning, which was rich in information and exchanges.

“The interest of such a cross-sectoral event is indeed to show that this topic is not only reserved for technology specialists, but directly concerns all levels of company management,” explains Jean-Paul Hengen, manager of the Luxembourg ICT Cluster. “Building cybersecurity infrastructures should not be seen as a cost, but as a competitive advantage. That is how the Luxembourg government sees cybersecurity.”

Pictures : Luxinnovation / Marie De Decker

Read more

Smart Manufacturing Week in 10 quotes


Here are 10 highlights of the 5th edition of the Smart Manufacturing Week, organised by Luxinnovation from 8 to 10 June 2022 at the Chamber of Commerce in Luxembourg.

Read more

Industry-oriented research: the synergy approach


Performing research in close collaboration with companies is essential for Luxembourg’s research institutes. We spoke to Professor Djamila Aouada at the University of Luxembourg about how the expertise of her team can support industry and their motivation to work in partnership with the private sector.
Read more

Differdange on the way to climate neutrality


With the support of Luxinnovation, the country's third largest city is participating in the European project to become climate neutral and intelligent.
Read more

A mature and dynamic automotive sector


The mapping presented at the beginning of June provides valuable information about the automotive sector in Luxembourg.
Read more

"Become a consultant for Fit 4 Sustainability"


As part of the implementation of the new programme announced in May by the Minister of the Economy Franz Fayot, Luxinnovation is looking for specialised consultants to support companies. Explanations with Emmanuelle Kipper, Senior Advisor- SME Performance at Luxinnovation.
Read more

All news