Thursday

2nd Apr 2020

EU institutions to create new cyber defence unit

  • Hackers can leave 'backdoors' and 'timebombs' after a successful attack (Photo: commorancy)

EU institutions are setting up a joint team of internet security experts some three months after the European Commission was hacked in a bid to get sensitive data on external relations and monetary issues.

The attack in March - just a few days ahead of an EU summit on military strikes in Libya and on the eurozone debt crisis - saw commission systems attacked "in a very well-organised and targeted way, focusing on three or four keywords on external relations and monetary issues," according to a senior EU official.

Read and decide

Join EUobserver today

Support quality EU news

Get instant access to all articles — and 20 years of archives. 14-day free trial.

... or join as a group

"It was probably espionage, but this is very difficult to prove. We don't expect to ever know if it was the case or not," the source added.

The contact did not reveal if any data was actually stolen. The commission has not launched a criminal investigation at this stage and is still assessing the level of damage.

It has in the past three months beefed-up its email security.

Up until the attacks email accounts could be accessed remotely by typing in a password. But now users have a special "security token" - a small device which generates a seconadry password reuqred to log on.

Brussels is also setting up a new Computer Emergency Response Team (CERT) to stave off future attacks.

The unit will pull together existing IT security departments from the commission, the EU parliament and the EU Council to handle cyber attacks on all EU institituions and to share intelligence in real time with CERTs in EU membr states. The new body is to run tests in June and to be fully operational by 1 October.

Otmar Lendl - the head of the Austrian CERT - told EUobserver the new measure will not make EU systems impregnable.

"Prevention is very difficult. It's like fire - even if you have a good firebrigade which sets up the best firewalls, you will still have fires. But CERTs certainly will help you deal with anything that happens and get a clearer response, as well as putting sensors in place and tools to monitor networks, so that you detect an attack early on."

Detecting the fact that an attack is taking place is in itself not an easy thing. The next step is to find out how the hacker got into the system, what documents have been accessed or changed and if any "timebombs" or "backdoors" have been left behind to allow future access.

"At EU level, there are a lot of own little kingdoms, it's not centralised like in a company - so it will be a difficult task," Lendl explained.

National CERTs dealing with governments (GovCERTs) "also have to deal with various ministries, cities, local administrations and other stakeholders. So it's not unusual," he added.

Europol wants to host EU cyber crime centre

The EU's joint policy body, Europol, is angling to host a new European cyber crime centre, with the European Commission due next year to decide where to put its new defence against online threats.

Smartphones are 'data goldmines' for hackers

Smartphones allows us watch videos, listen to music, check emails, find the nearest restaurant, and update our 'status' on Twitter and Facebook, but with the increased technology comes new and largely under-appreciated security threats.

EU struggling to fight cyber crime

Faced with increasing cyber attacks, the EU is looking at a new law criminalising the use of 'zombie' computers and is setting up a 'cyber crime' agency and special teams of IT firefighters. But specialists and data privacy defenders remain unconvinced.

The EU and cyber security

Cloud computing, smartphones, viruses attacking nuclear plants. In the October Focus, the EUobserver turns its attention to cyber security and EU's attempts to set up rules for safer navigation on the internet.

'There's a computer worm in your nuclear centrifuge'

With the discovery of Stuxnet, a computer worm believed to have been developed by the US government to shut down a nuclear plant in Iran, European companies like Siemens are coming under increased pressure to secure software operating 'critical infrastructure' such as power plants or water treatment facilities.

Coronavirus

Journalism hit hard by corona crisis

An already fragile business model for journalism might be dealt a lethal blow in the corona crisis. And the freedom of the press itself is coming under extreme pressure, as governments take swift and debilitating measures fighting the pandemic.

Analysis

Italy and Spain: worst - or just first?

Italy and Spain, the most-affected countries in the EU, have tightened their response to the coronavirus outbreak - as the pair together now account for more than half of the world's death toll.

Stakeholders' Highlights

  1. UNESDAMaking Europe’s Economy Circular – the time is now
  2. Nordic Council of MinistersScottish parliament seeks closer collaboration with the Nordic Council
  3. UNESDAFrom Linear to Circular – check out UNESDA's new blog
  4. Nordic Council of Ministers40 years of experience have proven its point: Sustainable financing actually works
  5. Nordic Council of MinistersNordic and Baltic ministers paving the way for 5G in the region
  6. Nordic Council of MinistersEarmarked paternity leave – an effective way to change norms

Latest News

  1. Court: Three countries broke EU law on migrant relocation
  2. Journalism hit hard by corona crisis
  3. EU fighting shortages and faulty medical supplies
  4. New EU navy operation to keep migrant details secret
  5. MEP: Constituents are our window into this tragedy
  6. Without European patriotism, EU decline is inevitable
  7. EU cancels April Fool's 'fake news'
  8. A coronavirus 'Marshall Plan' alone won't be nearly enough

Join EUobserver

Support quality EU news

Join us