Toward an EU strategy to defend our technological assets Second panel interview. Focus on defense against misappropriation of technogical assets Guillaume Capois – CSO EADS 4 th September Brussels CS/SY

EU technological assets protection Page /09/04 Agenda 1 1 EADS specificities Espionage / Cybercrime becomes the highest threat on Technological assets Axes for protection (1): EU legal framework for technological asset protection Axes for protection (2): Trust circle for sharing information Axes for protection (3): European trusted tooling and providers for asset protection 6 6 Risks & Traps

Specificities of EADS reflect a large number of concerns of European Industries regarding the need to develop a EU harmonized strategy to protect technological assets –EADS is « a » European Company which technological assets are shared in 4 Core Countries (Fr; Ger; Spn; UK) EADS is in many domains the unique company in EU (Airbus planes; Ariane Launcher) –EADS advanced technologies are shared with numerous external providers which are for a large part spread in the EU. –EADS is acting in Aeronautic, Space, & defense sectors which are among the most important and sensitive development objectives for a large number of countries and competitors –EADS owns and develops very advanced technologies and processes which are the main key elements to be and stay a A player at world level. Those innovations and technologies are both tangible and intangible assets. That makes EADS a valuable target for technological asset thiefs EU technological assets protection Page /09/04 Source: Mendiant 2013 threat report

Espionage is the main vector of misappropriation of Technological assets Among many technics and processes the one dramatically increasing is the Cybercrime. Cyber attacks are already one of the biggest threat on companies patrimony and will surely and quickly increase Most of the attacks are generally delivered cross border, and are spread in systems jumping legal boundaries, using any flaw, non-harmonization, lack of collaboration, absence of information-sharing, unsafe tools, and non-alignment on legal consequences This leads to increase space for freedom and hidden actions of thief EU technological assets protection Page /09/04 Source: Ponemon Institute

Defense against misappropriation of technological assets includes various axes (1) Creation of a EU legal framework for technological asset protection –Harmonization of legal framework on punishment of penetration, disruption, and attempts on information systems The new EU directive on Cyber –Creation/ Harmonization of legal framework on protection of companies technological assets and trade environment (i.e. Loi sur le secret des affaires (Fr), trade secrets law (Sweden)..) including common understanding, protection liability and punishment, litigation. Does not exists at EU level –Specific protection of EU (multi-members) specifically owned innovations and sensitive technologies (i.e. Potentiel Scientifique et Technique (Fr)) Does not exists at EU level EU technological assets protection Page /09/04

UKDeSpFr Defense against misappropriation of technological assets includes various axes (2) Creation of a trust circle for sharing information, alerts and fostering support for incidents and reactions –There is a need for breaking the mold, the national borders within the EU so as to share alerting, responses and drill exercises, potentially to coordinate responses. A « Shengen zone » for such items NIS need to share within Europe what is impactful to others and prevent a « weakest link » syndrome Industry needs to be involved to benefit from the framework both in terms of sensor to alert and receiver to protect –EADS has historically felt the need to work closely with its 4 core NIS -due to the nature of its industrial business- to some extent with success EU technological assets protection Page /09/04

Defense against misappropriation of technological assets includes various axes (3) Support for development of a European trusted tooling and providers for asset protection –The lack of European-endorsed products, services or provider to support the protection of its technology asset is a hamper to better protection. Key players tend to be from outside borders, in potential conflict with the interest of the protection of the asset in some cases –Such European-endorsed products, services and providers could cover Physical protection of premises (through materials or standards) Digital protection of assets, through approved encryption, or detection of wrongdoers « Trusted European cloud » European trusted providers in the field of technological asset protection through a label EU technological assets protection Page /09/04

Risks and traps to avoid Defense and support solutions to protect technological assets, (i.e. legal, technics..) must be pragmatic and flexible enough and avoid any dogmatic approach which may disturb or endanger fair competitions and export, slow down or complexify business and innovation … The weight of the protection must not spoil agility and industrial speed. The political time of regulations and laws and the industrial time of innovation and business are traditionally far from aligned in pace, however while this unfolds, foreign parties interested in obtaining technological assets continue operating. Standstill means a loss of the assets. While working on a « European asset protection 2.0 », and by the time it is delivered, innovation and international competition might drive us into « 3.0 assets ». Any regulation must be ready to withstand the test of fast-paced innovation. EU technological assets protection Page /09/04

Questions ? EU technological assets protection Page /09/04