CYBER SECURITY THE THREATS AND SOLUTIONS
Cyber space is a key enabler in European Societies for their social and economical development
Cyber threat − the need for an EU response by Gilles de Kerchove, EU Counter-terrorism Coordinator, Brussels In recent weeks our physical borders, the Schengen area and internal controls between Member States have been a key concern for security and migration reasons. But when discussing future security challenges, we should not forget that in cyberspace these boundaries hardly exist.
Cyber space in area of security concern Cyber space is a key enabler for social and economical development but is also an area of concern when it comes to security, data protection and privacy, or agitation through hate speech or terrorist propaganda. Painful experience but also successful investigations have taught us the lesson that terrorists are always keen to adopt new technology. They are using cyber space regularly and in a more and more professional way − to incite to commit terrorist attack, to recruit and to instruct. They are constantly improving their tactics and capacities and will make use of every tool they can master to target us where we are vulnerable. Cyber security has thus become a key concern − from a perspective not only of espionage and organised crime, but also of counter terrorism. Last summer the Stuxnet virus was a wake-up call that more has to be done. As cyber space does not follow physical borders, we can achieve cyber security only through international cooperation. Stuxnet has disclosed how exposed and vulnerable critical infrastructures can be to cyber attacks. Although cyber terrorism is − for the moment − not the major hazard, cyber space could become an attractive target for terrorist groups. Cyber attacks can be performed through cheap tools from all around the world and even a small attack can have huge impact. Terrorists can also profit from a certain anonymity on the net. We have to intensify our efforts before terrorists acquire the know-how and capacities.
Cyber security needs international cooperation Cyber security is primarily an issue of Member States competences and responsibilities. But the cross border nature of cyber space, the interdependence of our infrastructures (like communication, energy or transport), creates the need to have standards and measures in place all around Europe, and if possible beyond. A more intense discussion on cyber security has now started in the EU and in cooperation with our partners. Last November the EU and the US agreed to set up a working group on cyber security and cybercrime. A first joint EU-US cyber-incident exercise has been announced for the end of 2011.
How to achieve a higher level of security When fostering EU cooperation we can build on a number of achievements (see box), but there is still a need to come forward with a more integrated approach at the EU level. This also requires distinguishing clearly the task in the EU from the work done in the military arena − like at NATO. To achieve a higher level of cyber security we should address the following issues: • The EU institutions must be better protected: The Commission and EEAS have been recent victims of cyber attacks. Vice President Kroes had appointed of a group of wise men to explore the set-up of an EU Computer Emergency Response Team (CERT). • The establishment of a European Cybercrime Centre by 2013, which will include both national and European alert platforms (ICROS − Internet Crime Reporting Online System) to report cyber/internet crime. • We need to achieve a minimum level of cyber security preparedness throughout the EU. The new Commission Communication on Critical Information Infrastructure Protection “Achievements and next steps: towards global cyber-security” highlights plans to enhance EU preparedness by establishing a network of well functioning National/Governmental CERTs by 2012, the development of a European Information Sharing and Alert System by 2013 or a European cyber-incident contingency plan by 2012.
EU Achievements in cooperation • The creation of ENISA, the European Network Security Agency. The evolving threat requires a new mandate and enhanced activities − to support the EU institutions, Member States and the private sector. A new mandate is currently under discussion. • In 2009 the Council − in its Resolution on a collaborative EU approach to Network and Information security − endorsed an Action Plan including initiatives like a European Forum for Member States. • The first European-wide exercise, “Cyber Europe 2010”, was held in November 2010. • The Commission has tabled a proposal to step up the fight against cyber crime. In particular the emergence of large-scale simultaneous attacks against information systems and use of ‘botnets’ made it necessary to update the existing Framework Decision on attacks against information systems. • At Member State level several states have recently adopted cyber security strategies or established a National Cyber Response Centre. Mr de Kerchove's new Discussion Paper on the EU Counter-terrorism Strategy presented on 7 June 2011, is available at: > http://tinyurl.com/452tpwt
57
