Fortress Europe – EU to defend states against cyber attacks

30 Mar 2009

In light of recent large-scale attacks on Estonia, Lithuania and Georgia, as well as the revelations in recent days about a Chinese cyber-espionage ring, the EU is proposing a plan to prepare Europe to withstand further widespread attacks.

Over 93pc of European businesses depend on the internet, and any prolonged interruption of service could have a major economic and social impact, the EU warned.

The recent large-scale attacks have taken on many forms, from denial of service attacks to malware spread by Trojan viruses.

The EU warned there is a 10–20pc probability that telecom networks will be hit by a major breakdown in the next 10 years, with a potential global economic cost of around €193bn (US$250bn).

This could be caused by natural disasters, hardware failures, rupture of submarine cables (there were 50 such incidents recorded in the Atlantic Ocean in 2007 alone), as well as from human actions such as terrorism or cyber attacks.

In 2007, after large-scale cyber attacks, the Estonian Parliament had to shut down its email system for 12 hours, and two major Estonian banks had to stop their online services.

“The information society brings us countless new opportunities, and it is our duty to ensure that it develops on a solid and sustainable base,” said Viviane Reding (pictured), EU Commissioner for Information Society and Media.

“Europe must be at the forefront in engaging citizens, businesses and public administrations to tackle the challenges of improving the security and resilience of Europe’s critical information infrastructures. There must be no weak links in Europe’s cyber security,” Reding warned.

Reding said that across the EU, approaches and capacities to combat cyber threats differ widely, and that a low level of preparedness in one country can make others more vulnerable, while a lack of co-ordination reduces the effectiveness of countermeasures.

The EU plan involves five steps:

  • Preparedness and prevention:increasing co-operation, exchange of information and transfer of good policy practices between member states via a European Forum. Establishing a European public-private partnership for resilience. This will provide expertise to businesses and public authorities
  • Detection and response: supporting the development of a European information sharing and alert system
  • Mitigation and recovery:developing co-operation between member states via national and multinational contingency plans, and regular exercises for large-scale network security incident response and disaster recovery
  • International co-operation:driving a Europe-wide debate to set EU priorities for the long-term stability of the internet, with a view to proposing principles and guidelines to be promoted internationally
  • Establish criteria for European critical infrastructure in the ICT sector: the criteria and approaches currently vary across member states.

Reding has asked the European Network and Information Security Agency (ENISA) to organise dialogue between governments, businesses and citizens.

Smooth functioning of communications infrastructures is vital for European economy and society, she said.

Communications networks also underpin most of our activities in daily life. Purchases and sales over electronic networks amounted to 11pc of total turnover of EU companies in 2007.

Seventy-seven percent of businesses accessed banking services via internet, and 65pc of companies used online public services.

In 2008, the number of mobile phone lines was equivalent to 119pc of the EU population. Communications infrastructure also underpins the functioning of key areas, from energy distribution and water supply to transport, finance and other critical services.

By John Kennedy

Pictured: Viviane Reding, EU Commissioner for Information Society and Media