Thursday

23rd Nov 2017

Interview

Internet of Things to create security risks, EU cyber expert says

  • EU institutions are currently negotiating on the first-ever set of pan-European cyber security rules (Photo: Miguel)

The popularisation of the so-called Internet of Things will be accompanied with an increase in cyber threats.

“I can predict there will be applications which are not secure, because they are done by inexperienced people, and statistically you will then hear of more threats,” Udo Helmbrecht, executive director of the European Union Agency for Network and Information Security (Enisa) said in an interview in Brussels.

Thank you for reading EUobserver!

Subscribe now for a 30 day free trial.

  1. €150 per year
  2. or €15 per month
  3. Cancel anytime

EUobserver is an independent, not-for-profit news organization that publishes daily news reports, analysis, and investigations from Brussels and the EU member states. We are an indispensable news source for anyone who wants to know what is going on in the EU.

We are mainly funded by advertising and subscription revenues. As advertising revenues are falling fast, we depend on subscription revenues to support our journalism.

For group, corporate or student subscriptions, please contact us. See also our full Terms of Use.

If you already have an account click here to login.

  • Udo Helmbrecht: 'You still have a lot of fake e-mails which put malware on your PC' (Photo: ITU Pictures)

The Internet of Things (IoT) refers to the proliferation of digitally connecting physical objects with small sensors.

People may, for example, connect the lights in their house or the washing machine to their smartphone, so that they can be controlled remotely.

A well-known example of an IotT application is the so-called smart meter, which connects consumers' electricity or heating system to the Internet. Helmbrecht said that accidental “human mistakes” will be made in the roll-out of smart meters.

“If you have companies developing analogue meters, do they have the IT security specialists when they now make digital meters?”, said Helmbrecht.

But there will also be cyber security threats unintentionally elicited by hobbyists, he added.

“It's very cheap to have these Internet of Things sensors. You can buy for a few dollars sensors, processors, you can put it together – plug and play … What we currently see is a do-it-yourself Internet of Things. Nobody of these people think about IT security,” noted Helmbrecht.

He warned of privacy and security implications.

The German EU official himself connected a camera to his wireless network at home. If hackers get accces to his network, they could also operate the camera. But other, potentially more hazardous home appliances can also be hooked up to the Internet of Things.

“What if it's my oven? If you turn the heat on, then my kitchen burns. There are things where people make a joke about it, but on the other hand, how many people think about this interconnection?”, the EU official said.

For his agency, Helmbrecht sees awareness-raising as the most important task to help the IoT become a secure environment, noting that it is too soon for strict rules.

“The question for the government is always when do you do some regulation? … We hope that there is responsibility, awareness, self-regulation, and if this does not work, the government comes with regulation.”

Helmbrecht added that while risks are bound to increase intially, they should also tail off.

“It's something like a curve; technology comes, increases, incidents come, then you have a reaction either by self-regulation or because of competition. The automotive industry does a lot about safety by itself. And we will see the same, I predict, in the IT sector.”

New cyber security legislation

EU institutions are currently negotiating the first-ever set of pan-European cyber security rules.

The European Commission proposed the package, called the Network and Information Security Directive, in 2013 and included an obligation for key Internet services to report major incidents.

“Putting obligation of reporting incidents will hopefully create a mechanism that people say: ‘Oh if I have to report something, then I also have to do something for prevention' and by this increasing IT security,” said Helmbrecht.

The Council – representing member states – the European Parliament, and the commission are scheduled for another round of talks next Tuesday (17 November). Luxembourg, which holds the six-month Council presidency, hopes to finish the file before the end of the year.

Helmbrecht would not comment on how the new rules will affect the work of his agency, because the final legislation may come out differently from what the commission proposed.

However, digital affairs commissioner Guenther Oettinger said Monday (9 November) that Enisa “will play an even more prominent role” once the directive has gone into force.

“The NIS directive negotiations show that the co-legislators also rely on the expertise and reputation of Enisa, and that they intend to trust the agency with some additional responsibilities,” noted Oettinger.

The German commissioner spoke at an annual event organised by Enisa, the reason why Helmbrecht made the trip to Brussels from Heraklion, on the Greek island of Crete, where the agency is based.

Greece is one of the countries where work is yet to be done on raising awareness.

According to the most recent Eurobarometer survey on measures citizens take to protect themselves online, Greeks together with Cypriots are least likely to use different passwords on different websites: only 16 percent do this.

Using the same password for all your online activities is dangerous because if one password is compromised, it will be easier for criminals to engage in identity theft.

Fake e-mails

But all over Europe, things can be improved.

“You still have a lot of fake e-mails which put malware on your PC,” noted Helmbrecht, referring to malicious software, which could scan your computer for information that can be used in an identity theft or credit card fraud, or which may turn your machine into a so-called zombie computer that is used to carry out cyber attacks.

According to Helmbrecht it is “still a challenge” to educate people that they should not believe e-mails from, for example, a prince who promises to transfer a large sum of money.

“I saw a couple of e-mails which I also had in my inbox. It was something like '€17,000, or €20,000 are ready to be transferred to your bank account, please click on this link,” he said.

“The problem behind this is that everyone of us want to have a win in the lottery. 'Yeah, I won €20,000!' and then you click and you are trapped. People still believe this.”

Opinion

Cyber space needs stronger rule of law

Even cyber warfare should be bound by conventions, for instance, not to attack hospitals, the Dutch foreign minister and the EU foreign policy chief say.

EU to force firms to report major cyber attacks

Negotiators from the European Parliament and national governments have reached an agreement on new cyber-security rules. Amazon, Ebay and Google are expected to be affected.

News in Brief

  1. Spain sends migrant arrivals to unfinished prison
  2. Iceland prepares for biggest volcano to blow
  3. Greek parliament postpones debate on Saudi arms deal
  4. Family of murdered Malta journalist to sue police
  5. UK to sell RBS bank stake, boosting government coffers
  6. December euro summit still on, Tusk confirms
  7. EU calls for end to Kenya election crisis
  8. Report: Israeli PM invited to meet EU ministers

Stakeholders' Highlights

  1. International Partnership for Human RightsEU Leaders Should Press Azerbaijan President to End the Detention of Critics
  2. CECEKey Stakeholders to Jointly Tackle the Skills Issue in the Construction Sector
  3. Idealist Quarterly"Dear Politics, Time to Meet Creativity!" Afterwork Discussion & Networking
  4. Mission of China to the EUAmbassador Zhang Ming Received by Tusk; Bright Future for EU-China Relations
  5. EU2017EEEstonia, With the ECHAlliance, Introduces the Digital Health Society Declaration
  6. ILGA EuropeFreedom of Movement For All Families? Same Sex Couple Ask EU Court for Recognition
  7. European Jewish CongressEJC to French President Macron: We Oppose All Contact With Far-Right & Far-Left
  8. EPSUWith EU Pillar of Social Rights in Place, Time Is Ticking for Commission to Deliver
  9. ILGA EuropeBan on LGBTI Events in Ankara Must Be Overturned
  10. Bio-Based IndustriesBio-Based Industries: European Growth is in Our Nature!
  11. Dialogue PlatformErdogan's Most Vulnerable Victims: Women and Children
  12. UNICEFEuropean Parliament Marks World Children's Day by Launching Dialogue With Children

Latest News

  1. Germany's Schulz under pressure to enter coalition talks
  2. LuxLeaks trial re-opens debate on whistleblowers' protection
  3. Wilders says Russia is 'no enemy' ahead of Moscow visit
  4. EU must put Sudan under microscope at Africa summit
  5. Mali blames West for chaos in Libya
  6. Orban stokes up his voters with anti-Soros 'consultation'
  7. Commission warns Italy over high debt level
  8. Mladic found guilty for Bosnia genocide and war crimes

Stakeholders' Highlights

  1. European Jewish CongressAntisemitism in Europe Today: Is It Still a Threat to Free and Open Society?
  2. Counter BalanceNew Report: Juncker Plan Backs Billions in Fossil Fuels and Carbon-Heavy Infrastructure
  3. Nordic Council of MinistersNordic countries prioritise fossil fuel subsidy reform
  4. Mission of China to the EUNew era for China brings new opportunities to all
  5. ACCASmall and Medium Sized Practices Must 'Offer the Whole Package'
  6. UNICEFAhead of the African Union - EU Summit, Survey Highlights Impact of Conflict on Education
  7. Nordic Council of MinistersNordic Council Calls for Closer Co-Operation on Foreign Policy
  8. Swedish EnterprisesTrilogue Negotiations - Striking the Balance Between Transparency and Efficiency
  9. Access EuropeProspects for US-EU Relations Under the Trump Administration - 28 November 2017
  10. Nordic Council of MinistersSustainable Growth the Nordic Way: Climate Solutions for a Sustainable Future
  11. EU2017EEHow Data Fuels Estonia's Economy
  12. Mission of China to the EUChina and EU Step Up Water Management Cooperation