Is Europe’s reliance on technology making us more vulnerable? Technology is changing the world, and Europe is one of the most interconnected societies on the planet, but with that comes new security threats. Is Europe prepared to deal with them?
In 2015, two power distribution companies in Ukraine had their systems hacked, resulting in the loss of power for 80’000 people. Could such incidents become more common in future? In today’s world, everything from critical power infrastructure to GPS navigation relies on information networks to function. Could large-scale cyber-attacks cause significant economic damage?
Curious to know more about new security threats and cybersecurity in Europe? We’ve put together some facts and figures in the infographic below (click for a bigger version).
We had a comment from Yvetta, arguing that “the EU should be ready for a cyberwar”. But just how prepared is the EU against cyberattacks, either from criminals or, potentially, from state-sponsored hackers?
To get a response, we spoke to Heli Tiirmaa-Klaar, Cyber Security Policy Advisor for the European External Action Service (EEAS). What would she say to Yvetta?
The EU has been dealing with raising preparedness to respond to cyber threats for quite a long time already. In the field of cybercrime, the first political agreements appeared in 2005. Right now we have three Directives – two in place and one almost in place – to tackle cyber threats… Also, there are cooperative networks in place to fight cybercrime, and each EU country has a high-tech crime unit. These units are linked up, they are cooperating and launching joint investigations, and there is the European Cybercrime Centre within Europol which is facilitating this cooperation. So, on cybercrime we are making good progress.
On cybersecurity… we are finalising the Network and Information Security Directive, which has been discussed for almost three years now… Most of Europe’s critical infrastructure belongs to the private sector in democratic countries, and therefore this new EU cyber-legislation sets minimum requirements for IT risk management for those critical companies and also for public administration. Of course, not all Member States need this Directive, since they have developed their own cyber readiness, but there are still gaps here and there and we need to ensure there is even preparedness across the European Union.
Next we had a comment from Nico, who believes the transborder nature of cyber attacks means that tackling cybersecurity at a national level is inadequate. Nico believes that cyber-resilience across Europe is not possible without the top-down “Europeanisation” of cybersecurity.
Does Heli Tiirmaa-Klaar agree?
Cyber threats need to be tackled at the national level first. If there is a virus in your networks, it takes a long time before somebody from Madrid can reach somebody in Brussels, so the operational incident response has to happen locally. And people also have understand that each organisation needs to deal with cyber-threats. The top-down approach is justified in terms of awareness raising, or when it is EU-wide legislation that asks individual Member States to do more… But every country has to set up a computer emergency response team or a cyber incident response team, which is like the cyber “fire brigade” that helps to deal with cyber issues at the local level.
Is Europe prepared to cope with new security threats? Is Europe’s reliance on technology making us more vulnerable? Let us know your thoughts and comments in the form below, and we’ll take them to policymakers and experts for their reactions!
IMAGE CREDITS: CC / Flickr – Ministry of Defence
The European Commission support for the production of this publication does not constitute an endorsement of the contents which reflects the views only of the authors, and the Commission cannot be held responsible for any use which may be made of the information contained therein.
24 comments Post a commentcomment
The EU is incapable of dealing with simplier questions like the euro-crisis (presented at first as debt crisis of the weaker eurozone members), the refugee crisis etc. Do not put harder questions to a “Union”-bureaucracy that only cares for itself.
How can Europe be prepared for security threats when the powers that be on Brussels find even the words “Military & Law Enforcement” offensive?
Cmon guys, Europe is in this subject like in every subjects you can ask.. Never prepared and never up to react! A bunch of wanna be sitting all day talking while the rest of the world blow some wind for them to know what to do… Ridiculous group of contries trying to steal each other calling them friends! Wake up please, someday we wont have a turning point, federation or no future for UE
To have a secure system you need to all “components”, in the/or related to system, to be “bullet proof”. Any, apparently small, weakness can be exploited to get system wide exposure.
To get all components secured you need clear standards and guidelines for the manufacturers/software developers. And you need to encourage them, as oppose deter them, in using encryption and secure practices to secure their data.
Criminals are using encryption and we cannot see is pointless. Do you think if you ban or discourage use of strong encryption that criminals will obey that law? Custom encryption tools are already used in malware and ransomware by criminals to do fair amount of damage … Discouraging proper security practices will only help the criminals as it will leave the people/businesses exposed.
Cyber-security is very hard, technology is evolving/changing extremely fast, competition is high, demand for software developers/system admins is way higher than realistically can be properly trained – that forces many businesses to take shortcuts and that in turn leads to vulnerabilities.
If in turn to this, the political driver is fuzzy and uncertain, you will get no where in terms of cyber security.
NO!
The EU should NOT link national power systems – all nations MUST be independent re power provision to avoid ‘weakest link’ compromise of the whole EU.
The EU should NOT link IT systems – all nations MUST be independent re power provision PLUS some countries like the Baltic nations have too many pro-Russians in same to be considered a ‘safe pair of hands’ regarding international data.
For ~99,99% of people in EU there is no problem with that.
http://lobbyplag.eu/governments
Correction, politicians, people vote a general direction left/right/etc – I suspect if a referendum was to be held on issues such as privacy the results will be fairly different.
Regardless, say people give up their privacy entirely, and law enforcement can know at any time anything about anyone within EU – problem with the internet is that it’s a global network and there are already plenty of tools, out of the box and easy to use, to route the traffic through many proxies say, china or russia – and good luck with getting the them to share their data. So all this effort and cost to catch who? The dummy?
Given the nature of internet and new technologies, bold enforcements, 19th century style, won’t work – you need to be on top of the game, smarter and faster than the criminals. And accept the reality, technology is here to stay and cannot hold back, without losing an edge in an already highly competitive global economy.
Lack of political will and understanding, as opposed to encouraging secure practices and encryption, doesn’t not help the industry.
For example, do you think if you ban or discourage use of strong encryption that criminals will obey that law? Custom encryption tools are already used in malware and ransomware by criminals to make serious amount of damage. Discouraging proper security practices will only help the criminals as it will leave the people exposed.
To have a secure system you need make all “components” in the/or related(that includes people), secured. Any, even apparently small, weakness, can be exploited to get system wide exposure.
To get all components secured you need clear standards and guidelines for the manufacturers/software developers. And you need to encourage them, as oppose deter them, in using encryption and secure practices to protect customer data.
Cyber-security is no easy thing, technology is ever changing extremely fast, competition is high, demand for IT skills is way higher than realistically can be properly trained, and that forces many businesses in taking shortcuts which in turn lead to vulnerabilities.
And if the political driver is fuzzy and uncertain, you will get no wherein terms of cyber security.
Yes, but only through full censorship of the internet, what would be a very important step in the building out the One-World Government.
.
‘Europe’ = Yes
The EU = No
Ask China… xD they can tell you. They can make a stress test for you.
Apparently it is not because it is not prepared to say no to the US’ NSA :-/
https://www.facebook.com/memedumpofmemes/photos/a.532347813624933.1073741826.532346533625061/662494430610270/?type=3
For every lock ever invented there has always been someone who broke it.
For every secret code ever invented there has always been someone who broke it.
It is the nature of any security system that it will be broken.
Locksmiths and burglars are always trying to stay one step ahead of each other.
Not with encription.
Yes, even with encription!
Is Europe ready to deal with a gap between rich and poor Europeans?
no due to incompetence, lazyness, ignorance, levity and austerity delusion.! not talking about data protection and privacy!
I forgot the new cults: artificial intelligence, robots, connecting everything through the internet.
No clearly not you morans…. Well those with non patched Win-XPs
Greek public sector is ready due to no computer system. All done in hand and paper.
Greek public sector is ready due to no computer system. All done in hand and paper.
Greek public sector is ready due to no computer system. All done in hand and paper.
Greek public sector is ready due to no computer system. All done in hand and paper.
Greek public sector is ready due to no computer system. All done in hand and paper.