EU will take a year to set up full cybersecurity agency

The plan comes in the wake of recent attacks on government websites

Security experts have criticized the European Commission's plans to set up a team to look at how to combat cyberattacks as too little, too late, saying that more coordination between member states is needed.

The so-called "pre-configuration" Computer Emergency Response Team (CERT) of IT security experts will spend the next 12 months assessing how a full-scale CERT should be set up for European Union institutions. But experts have warned that the threat of cyberattacks is current and real.

"Most individual member states already have their own CERTs, so I think the primary aim of the E.U. CERT should be one of coordination," said Rik Ferguson, director of security and research at Trend Micro. "Twelve months is not an unreasonable length of time to prepare, but it should also include best practice so that all the different member states can work together."

"Some action is better than no action. Also, an effective CERT should be well designed, and that takes planning and review," added Ulla Toivanen from F-Secure

In recent years, CERTs have been developed in both private and public organizations to quickly and efficiently respond to information security incidents and cyber threats, and the Commission has called for member states to establish their own national CERTs.

"Over recent years, cyberattacks have risen to an unprecedented level of sophistication. It is essential that the European institutions make a joint effort in order to respond to the threat of massive cyberattacks," said Maroš Šefčovič, Commission vice president for Inter-Institutional Relations and Administration.

But given the sensitivity of the information held by the European Institutions, security experts have warned that effective security is essential immediately. In March, an attack on the European Commission disrupted e-mail systems, while an attack on the E.U.'s Emissions Trading Scheme recently saw at least €30 million (US$44 million) of emissions allowances stolen from national registries.

The plan to set up a single agency to manage all large-scale IT systems could also prove a target for cyber criminals. The proposed agency would bring together databases such as the Schengen Information System (a common database which facilitates the exchange of information on individuals between national law enforcement authorities), the Visa Information System (a database that will allow member states to enter, update and consult visa data, including biometric data, electronically) and EURODAC (an IT system for comparing the fingerprints of asylum seekers and illegal immigrants). The goal is for the agency to start working in summer 2012 in Tallin, Estonia.

"Obviously aggregated data creates a target," said Ferguson. "We have seen a sharp increase in the last 12 months of this sort of theft. We have entered the era of 'steal everything.' Criminals are no longer going after a single server. But hopefully lessons will be learned from incidents such as the Sony hack."

Meanwhile, E.U. justice ministers agreed on Friday to draft rules setting out minimum sentences for cyber criminals. However security experts argue that trying to convict criminals who cannot be caught is a waste of time. "The emphasis should be on catching them in the first place. And for this there needs to be much more coordination because these criminals inevitably work across borders," said Ferguson.

A proposed Directive on Attacks against Information Systems is also in the pipeline. The draft law lists crimes such as illegal access to IT systems, interference with these systems, stealing or deleting data and the interception of non-public data transfers.

Europol, the E.U.'s police force, currently manages information-sharing on cybercrime between police in different E.U. countries. But the Commission plans to set up a dedicated European Cyber Crime Centre by 2013 to coordinate operations across borders and provide training to law enforcement authorities.

The CERT pre-configuration team will comprise 10 members of staff from the European Commission, the European Parliament, the Council, the Committee of the Regions and Economic and Social Committee and ENISA.

Tags Government use of ITsecurityeuropean commissiongovernment

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jennifer Baker

IDG News Service

Comments

Comments are now closed.

Latest News Articles

Most Popular Articles

Follow Us

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Resources

Best Deals on GoodGearGuide

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?