‘Digital 9/11’ unless EU network security heightened

28 May 2008

Europe is in danger of experiencing a ‘digital 9/11’ if problems in national security approaches are not addressed, a European IT security organisation has warned.

ENISA, the EU Agency for European Network and Information Security, outlined some of the dangers posed by cyber attacks, spam and social networking misuse in its summary of its General Report 2007.

The agency said EU member states have a long way to go to safeguard the European digital economy.

It said that while spam cost business €64.5bn in 2007, double the figure for 2005, the fact that only 6pc of spam reaches mailboxes gives the false impression that the problem is under control. However, ENISA noted that spam is growing in quantity, size and bandwidth and remains a costly problem, with the unseen 94pc being an invisible part of the ‘iceberg’.

“Europe must take security threats more seriously and invest more resources in network and information security,” said Andrea Pirotti, executive director, ENISA. “ENISA calls for the EU to introduce mandatory reporting on security breaches and incidents for business, just as the US has already done.

“The member states should undertake concerted efforts to reduce the imbalances in security levels, through more cross-border co-operation. ENISA is confident that the need for secure networks to safeguard the European economy is a distinct driving force for member states to co-operate more closely,” he added.

ENISA stressed the risks of online social networking sites and recommended a review of the Regulatory Framework of Directive 2002/58 on privacy and electronic communications. It has also produced a feasibility study on a European Information Sharing and Alert System for citizens and small business, particularly as SMEs constitute two thirds of the EU economy.

ENISA identified upcoming threats in the years ahead as fraud in virtual worlds, where assets were estimated to be between €64.5m and €100m in 2006. It signaled its intention to issue a number of position papers with recommendations during 2008, for example on e-ID for Europe. It will also continue to oversee the three-year programme launched in the beginning of 2008 to improve resilience to public e-communication networks.

During 2008, the number of EU member states with governmental CERTs (computer emergency response teams) grew to 14, up from eight in 2005. Some 10 more are planned within the next two years, ENISA said.
CERTs are key components in combating cyber attacks and spam generated by botnets.

By Niall Byrne