The European Union facing the new challenges of cyber threats

The European Union facing the new challenges of cyber threats

As a consequence of this evolution of events and the general global environment on security issues the European Union institutions have stepped up operations on setting up a single security team to co-ordinate their response to cyber attacks.

By Christos Venetis, Senior Scholar, Program on Information Security Strategy

In the middle of fiscal crisis EU has also to direct the challenge of a large scale cyber attack to European Commission systems. Antony Gravili, inter-institutional relations spokesman for the Commission told at ZDNet UK, that the Commission frequently suffers attacks that try to eavesdrop on sensitive political information. “We are treating this as a serious attack because it is targeted. What’s new is that we have never taken precautionary measures on such a scale” Gravili said.

In response, the Commission has stopped web access to employee emails from home. It has also blocked access to its internal intranet from outside the Commission, and all users have been told to change their passwords.

The investigation, which is being run by the Commission’s Security Directorate — an in-house security team — will focus on how to “avoid similar infections in the future”, he added.

EU-Computer Emergency Response Team (EU-Cert)

As a consequence of this evolution of events and the general global environment on security issues the European Union institutions have stepped up operations on setting up a single security team to co-ordinate their response to cyber attacks.

The organisations have established a preliminary 10-strong group to oversee the effort to set up the EU Computer Emergency Response Team (EU-Cert). Once it is established, it will provide an overview of security threats to the Parliament, Commission, Council and other EU agencies. “These guys are going to be working for over a year putting in place measures to ensure a co-ordinated response for EU institutions,” digital agenda spokesman Jonathan Todd told ZDNet UK.

Cert is a team of security professionals who monitor and deal with attacks on information systems, and collect and disseminate advisories on vulnerabilities and other risks. Many countries, including the US, have a national Cert. The UK government Cert — GovCert UK — assists public-sector organisations in their response to security incidents

This adoption to set up EU-Cert was at first decided by the Digital Agenda for Europe in May 2010, but things go more rapidly now.

The Belgrade Declaration

After all, the very-very new progress is the overall approach by the Organization for Security and Cooperation in Europe (OSCE) to promote cybersecurity. The participating nations of the OSCE, including the United States, discussed in Serbia, (6-10 July 2011) on a resolution to improve cybersecurity cooperation. As it was declared “the threats emanating from cyberspace have increased substantially, including terrorism, illegal trafficking, organised crime, as well as the risk of conventional conflicts between states spreading to cyberspace<

The Belgrade Declaration represents the collective will of the regional organization that coordinates with the United Nations. The proposal calls for participants to exchange information about the way they intend to deploy cyber technology and also requests arguments on international legal standards and codes of conduct for operating in cyberspace.

The declaration emphasizes on the respect of human rights, basic freedoms, democracy and the importance of taking account of the different way the Internet is used depending on the gender, age and education level of its users, exposing women, men, girls and boys in different ways to cybercrime and terrorist activities on the Internet.

The text of the proposal for further information, is available here

As a conclusion we can mention, the final statements adopted to advance the development of confidence-building measures, such as:

a. promotion of dialogue between States to discuss the standards concerning the use by States of information and communication technologies, to reduce the collective risk and protect critical national and international infrastructure;

b. development of confidence-building measures to deal with the implications of the use by States of information and communication technologies, including their use in conflicts;

c. exchanges of information, particularly on national legislation and best practices, policies, technologies and security strategies.

Sources

  1. 1. http://www.zdnet.co.uk/news/security-threats/2011/03/24/european-commission-suffers-serious-cyberattack-40092260/
  2. 2. http://www.zdnet.co.uk/news/security-management/2011/06/10/eu-starts-building-cyber-response-team-40093067/

All opinions and statements made reflect solely, the author. They do not reflect nor represent any govenrments or any organizations. They do reflect the policy opinions of Strategy International.

Editorial
Editorial
CONTRIBUTOR
PROFILE

Leave a Comment

Your email address will not be published. Required fields are marked with *

Cancel reply