Less than 20 years ago, the “I Love You” virus caused havoc around the world. For 10 days, this malware spread across all networks, infecting more than 50 million machines and causing between $5.5 and $8.7 billion of damage. “10% of all computers connected to the Internet were affected,” explained Pascal Steichen, CEO of, the national cybersecurity platform. He opened the event “Cybersecurity for successful innovation: Challenges and tools” organised by Luxinnovation on 17 October as part of Cybersecurity Week.

“I Love You” was the trigger for a major reflection that led to the publication of OECD’s guidelines on IT security in 2002. A year later, Luxembourg launched its first initiative in this field with the creation of, Cyberworld Awareness and Security Enhancement Services.

“The period 2008-2012 was pivotal for the ecosystem”, recalled Mr Steichen, referring to the successive creations of the Computer Incident Response Centre Luxembourg (Circl) in 2008, the Bee Secure initiative (the result of a partnership between the ministries of the Economy, of National Education and of Family) in 2009 and in 2010, bringing together the Cases and Circl platforms. All this resulted in the first national strategy implemented from 2012 onwards.

Finally, in 2018, added a third string to its bow with the creation of the Cybersecurity Competence Center, while the issue of cybersecurity is becoming increasingly important. “Being permanently connected via different devices obviously helps us on a daily basis, but it also increases potential risks and the exposure to threats,” said Mr Steichen.

A well-proven ecosystem

This public organisation has considerably contributed to the development of a substantial private ecosystem in Luxembourg, as described in the mapping presented at the opening of the Cybersecurity Week.

It lists 304 companies that are totally or partially active in this field, 74 of which (employing about a thousand people) have cybersecurity as their main activity. 22% of the 304 companies are start-ups, more than a third of which have cybersecurity as their main activity.

“The solutions proposed by these companies include governance, risk management and compliance, access management and data security,” summarised Mr Steichen, who was able to highlight a very positive development over the past two decades.

“Building such a security culture takes time. Pragmatism and perseverance are essential and it is important to have a strategy, starting small but evolving quickly.”

He also welcomed the fact that the government was involved from the outset, in order to give the necessary impetus. “However, it is important that the framework for its intervention be well defined, in order to encourage and not hinder competition in the market.”

Increasingly sophisticated threats

In this market, some major players have built up a worldwide reputation, such as Kaspersky, an international group specialising in information systems security (antivirus, anti-spyware, anti-spam, etc.) founded 22 years ago.

Timur Biyachuev, VP Threat Research at Kaspersky Lab, recalled that while in 1994, one virus was created every hour worldwide on average, there are now 360,000 new cases per… day.

“Today’s most sophisticated threats are highly targeted,” Mr Biyachuev said. “No security provider has full visibility of all existing attacks and threats.” In the first half of 2019 alone, 105 million attacks from 276,000 unique IP addresses were detected by Kaspersky.

The exponential deployment of connected objects statistically increases the occurrence of attacks. “40% of so-called smart buildings were attacked in the first half of the year,” he said. “’Simple’ infrastructure protection is no longer sufficient. In the future, the risks of damage are increasingly significant for citizens, as all systems are increasingly interconnected, including in-between cities. We must all ask ourselves if we are ready for the future.

Luxembourg, the right place

The examples cited below by Dr. -Ing. Marcus Völp, Research Scientist CritiX at the Interdisciplinary Centre for Security, Reliability and Trust (SnT) of the University of Luxembourg, perfectly illustrated this point: taking control of connected vehicles from a simple laptop; hacking into health equipment; accessing billions of medical data from private patients… “In recent years, we have seen a greater sophistication of attacks while, at the same time, the level of knowledge required to develop such attacks has decreased,” noted Mr Völp. “It is very easy to acquire tools and software on the Darknet.”

In the face of this increase in threats, the usual “best practices” are no longer sufficient.

“Being able to go beyond these ‘best practices’ is a strong argument. Luxembourg is the right place for this, at the right time: the country is sufficiently agile and flexible and has strong support for academic research and technology transfer.”

Integrating the human being

It must be said that the subject matter is particularly rich in terms of how to approach it, as evidenced by some data presented by Jurgen De Wever, Strategy Manager at Siemens Digital Industries Belux. “90% of successful attacks were based on vulnerabilities for which a patch had already been released. And 34% of companies with automation and process control systems have been attacked more than twice in 12 months.” He also indicates that 44% of the companies attacked are unable to identify the source of the incident. In 2015, the average time taken by a company to identify an attack was 205 days. “Clearly enough time to go bankrupt,” Mr De Wever ironically said.

While the trend of increased digitisation is developing, industry is still partially spared by the phenomenon, as many processes are still manual. “But the challenge is clearly to be able to integrate all aspects of the issue, including both the requirements of IT security and those of operational technology security.”

The other challenge is to adopt the right approach: “The greatest risk comes not from the outside, but from the inside,” says Mr De Wever. “This aspect must clearly be kept in mind regardless of the approach: the way in which these new technologies are used also influences the cybersecurity strategy to be pursued.”

A competitive advantage

This “human” dimension was also highlighted during two small round tables that completed the programme of this morning, which was rich in information and exchanges.

“The interest of such a cross-sectoral event is indeed to show that this topic is not only reserved for technology specialists, but directly concerns all levels of company management,” explains Jean-Paul Hengen, manager of the Luxembourg ICT Cluster. “Building cybersecurity infrastructures should not be seen as a cost, but as a competitive advantage. That is how the Luxembourg government sees cybersecurity.”

Pictures : Luxinnovation / Marie De Decker

Read more

On the way to Smart Manufacturing Week


The 3rd edition of Smart Manufacturing Week will be held in digital format from 16 to 20 November. It will be an opportunity to share experience of digital transformation and sustainability strategies in order to meet the challenges of tomorrow.
Read more

Take part in the Circular By Design Challenge


Twelve weeks of intensive coaching are offered to the most inspired creatives willing to develop ideas and propose solutions to achieve sustainable and circular ambitions. Applications must be submitted by 4 December.
Read more

“Key issue behind ecodesign is lifecycle thinking”


Speaker at the Circular by Design Challenge presentation webinar, the 27. October, Professor Martin Charter, an international specialist in the circular economy, explains the challenges of circular design.
Read more

Facilitating data exchange for innovation


Data is one of the most precious assets in today’s information society. In a keynote address given at the final of the EU Datathon competition on 15 October 2020, Luxinnovation’s CEO Sasha Baillie spoke about the enormous value that can be derived from data and the need for establishing accessible, high-quality, secure data exchange platforms.
Read more

New Fit 4 Start graduates and participants announced


Minister of the Economy Franz Fayot and Sasha Baillie, CEO of Luxinnovation, announced on 15 October the names of the 20 start-ups that have been selected for participation in the 10th edition of the Fit 4 Start acceleration programme. The minister also summarised the results of the programme, 5 years after its launch.
Read more

All news