EU will take a year to set up full cybersecurity agency

The plan comes in the wake of recent attacks on government websites

Security experts have criticized the European Commission's plans to set up a team to look at how to combat cyberattacks as too little, too late, saying that more coordination between member states is needed.

The so-called "pre-configuration" Computer Emergency Response Team (CERT) of IT security experts will spend the next 12 months assessing how a full-scale CERT should be set up for European Union institutions. But experts have warned that the threat of cyberattacks is current and real.

"Most individual member states already have their own CERTs, so I think the primary aim of the E.U. CERT should be one of coordination," said Rik Ferguson, director of security and research at Trend Micro. "Twelve months is not an unreasonable length of time to prepare, but it should also include best practice so that all the different member states can work together."

"Some action is better than no action. Also, an effective CERT should be well designed, and that takes planning and review," added Ulla Toivanen from F-Secure

In recent years, CERTs have been developed in both private and public organizations to quickly and efficiently respond to information security incidents and cyber threats, and the Commission has called for member states to establish their own national CERTs.

"Over recent years, cyberattacks have risen to an unprecedented level of sophistication. It is essential that the European institutions make a joint effort in order to respond to the threat of massive cyberattacks," said Maroš Šefčovič, Commission vice president for Inter-Institutional Relations and Administration.

But given the sensitivity of the information held by the European Institutions, security experts have warned that effective security is essential immediately. In March, an attack on the European Commission disrupted e-mail systems, while an attack on the E.U.'s Emissions Trading Scheme recently saw at least €30 million (US$44 million) of emissions allowances stolen from national registries.

The plan to set up a single agency to manage all large-scale IT systems could also prove a target for cyber criminals. The proposed agency would bring together databases such as the Schengen Information System (a common database which facilitates the exchange of information on individuals between national law enforcement authorities), the Visa Information System (a database that will allow member states to enter, update and consult visa data, including biometric data, electronically) and EURODAC (an IT system for comparing the fingerprints of asylum seekers and illegal immigrants). The goal is for the agency to start working in summer 2012 in Tallin, Estonia.

"Obviously aggregated data creates a target," said Ferguson. "We have seen a sharp increase in the last 12 months of this sort of theft. We have entered the era of 'steal everything.' Criminals are no longer going after a single server. But hopefully lessons will be learned from incidents such as the Sony hack."

Meanwhile, E.U. justice ministers agreed on Friday to draft rules setting out minimum sentences for cyber criminals. However security experts argue that trying to convict criminals who cannot be caught is a waste of time. "The emphasis should be on catching them in the first place. And for this there needs to be much more coordination because these criminals inevitably work across borders," said Ferguson.

A proposed Directive on Attacks against Information Systems is also in the pipeline. The draft law lists crimes such as illegal access to IT systems, interference with these systems, stealing or deleting data and the interception of non-public data transfers.

Europol, the E.U.'s police force, currently manages information-sharing on cybercrime between police in different E.U. countries. But the Commission plans to set up a dedicated European Cyber Crime Centre by 2013 to coordinate operations across borders and provide training to law enforcement authorities.

The CERT pre-configuration team will comprise 10 members of staff from the European Commission, the European Parliament, the Council, the Committee of the Regions and Economic and Social Committee and ENISA.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags governmenteuropean commissionGovernment use of IT

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jennifer Baker

IDG News Service
Show Comments

Cool Tech

Toys for Boys

Family Friendly

Stocking Stuffer

SmartLens - Clip on Phone Camera Lens Set of 3

Learn more >

Christmas Gift Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Aysha Strobbe

Microsoft Office 365/HP Spectre x360

Microsoft Office continues to make a student’s life that little bit easier by offering reliable, easy to use, time-saving functionality, while continuing to develop new features that further enhance what is already a formidable collection of applications

Michael Hargreaves

Microsoft Office 365/Dell XPS 15 2-in-1

I’d recommend a Dell XPS 15 2-in-1 and the new Windows 10 to anyone who needs to get serious work done (before you kick back on your couch with your favourite Netflix show.)

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?