Thursday

24th May 2018

Interview

Greece keen to keep EU cybersecurity agency

  • 'I clicked on a wrong link. … I have learned this time, but there is another risk coming next week, and another next week.' (Photo: Peter Teffer)

The Greek government's contact person for the EU's cybersecurity agency has welcomed a proposal to give the agency a bigger role.

"I am always saying that the next threat to European security will be through the internet, so there are huge stakes there for the EU," the secretary general for telecommunications and post, Vassilis Maglaras, told EUobserver in an interview at his office in Athens.

Dear EUobserver reader

Subscribe now for unrestricted access to EUobserver.

Sign up for 30 days' free trial, no obligation. Full subscription only 15 € / month or 150 € / year.

  1. Unlimited access on desktop and mobile
  2. All premium articles, analysis, commentary and investigations
  3. EUobserver archives

EUobserver is the only independent news media covering EU affairs in Brussels and all 28 member states.

♡ We value your support.

If you already have an account click here to login.

  • With increased threats from cyber attacks, the EU commission has proposed increasing the mandate of the EU's cybersecurity agency (Photo: *n3wjack's world in pixels)

He spoke to this website just hours after Jean-Claude Juncker announced in his State of the Union speech that the EU's cybersecurity agency will be given a bigger mandate.

Maglaras is responsible on behalf of the Greek government for liaising with the Greece-based European Union Agency for Network and Information Security (Enisa).

Enisa will - if member states and the European Parliament accept Juncker's proposal - become a fully-fledged European Cybersecurity Agency.

Europe needs a stronger agency, Maglaras said.

He warned of a potential loss of lives if, in a future scenario, terrorists target a system of connected cars to create accidents.

The future cyber threat is no longer about "losing data ... and your personal photos, but maybe someone would be able to hijack a car", he said.

Because of the transnational nature of the internet, he said a European response is needed.

"If you have an attack, you have an attack on the systems of Europe," he noted, adding that if each European country is trying to stop a cyber attack on its own, it's a "waste of time and resources".

Yet, there are questions over how much centralisation of power in Enisa national governments will want to accept, particularly in a policy area as sensitive as national security.

Mostly research

Up until recently, the agency was mostly a research facility, issuing opinions and recommendations.

It will have some additional coordinating tasks when the new EU directive on security of network and information systems comes into force next year.

The directive is one of the reasons why the European Commission has proposed an updated mandate for Enisa, which was set up in 2004.

The cybersecurity agency is the only EU agency with a fixed term - renewed three times, currently until June 2020 - while the tasks given to it through the directive have no end date.

In the legislative proposal, which will need to be approved by member states and the EU parliament, the commission is somewhat critical of Enisa's track record.

"Enisa managed to make an impact, at least to some extent, in the vast field of network and information security, but it has not fully succeeded in developing a strong brand name and gaining sufficient visibility to become recognised as 'the' centre of expertise in Europe," the commission said in its proposal.

It said the reason for this was that the agency's "broad mandate" was not met with "proportionally sufficient resources". The commission proposed doubling the budget for staff from 2020 onwards.

Two offices

However, it also criticised the "location split between Athens and Heraklion", which has "generated further administrative costs".

After Enisa was set up in 2004, the Greek government decided that its seat should be based in Heraklion, on the island of Crete. According to Maglaras, the idea behind that decision was so it could be close to a Greek technology institute.

According to a UK House of Lords investigation, this led to problems in recruiting and retaining staff. Crete is also difficult to reach other than during the tourist seasons.

Enisa was allowed to transfer most of its staff to an office in Athens in 2013, but the administrative staff of Enisa remained in Heraklion.

The double location has been criticised by the European Court of Auditors, and the EU parliament.

According to a speech by Enisa executive director Udo Helmbrecht in 2016, this involved approximately twenty workers, but Maglaras said that the number of staff in Heraklion was between six and eight - or "something like that".

He remained fuzzy on whether the Heraklion office would be closed.

"Now with a bigger role and a bigger mandate, it should be in a more populated area, in Athens. And we will fix that … later, when the mandate is changed," he said, only to add minutes later that there "is no problem with having a few persons there", in Heraklion.

Maglaras noted that if Enisa wanted to keep the office in Heraklion open, that was also possible.

"If it's the best position to do its job for Greece and for the European citizens to be in Athens, it's okay to be in Athens," he said.

"There is no problem. It's very minor. It's not a big deal for us," he said.

The official added that the Greek government could not unilaterally decide on closing the Heraklion office, but that it had a "legal obligation" until 2020 to keep an office on the Greek island.

Maglaras seemed to refer to the 2013 regulation, the most recent legal text to set out Enisa's legal status.

That text said that staff "engaged in the administration" of the agency "should be based in Heraklion". However, that sentence is from the preamble, and the European Court of Justice ruled in 1997 that preambles have "no binding legal force".

Enisa's press office only wanted to provide a written comment, saying that the agency "has two offices and that will be situation for the current mandate".

In its legislative proposal published on Wednesday, the EU commission did not directly say that the Heraklion office should be closed, but noted the agency should "be based in an appropriate location".

Computer virus

One of Enisa's objectives will be to increase awareness of the need for "cyber hygiene" - making sure employees are not vulnerable to cyber threats.

Vassilis Maglaras himself admitted he recently learned he needed more cyber hygiene.

"Six months ago I lost all my professional data from my computer because I had a virus," he said.

"I clicked on a wrong link. … I lost files, I lost studies, I lost personal information. I lost everything. That was very painful."

He noted that the ministry had "a lot of layers of security", but that "after ten hours of working", he dropped his guard.

Now, Maglaras said he makes more backups of his files, and whenever he doesn't trust an e-mail, he passes it on to a secretary to open it on a separate computer.

"I have learned this time, but there is another risk coming next week, and another next week."

EU to beef up cybersecurity agency

The Commission's president proposed to set up a European Cybersecurity Agency. The EU already has an agency for Network and Information Security.

Opinion

EU cyber diplomacy requires more commitment

The EU is right that diplomacy is key in deterring cyberattacks. Yet, more political decisiveness and coordination are required to be successful.

EU agency to fight election hacking

A new-model EU cybersecurity agency could help states defend their elections against "hybrid attacks", the Commission has said.

Interview

EU 'underestimated' cyber-crime

"Cybercrime is growing much, much faster than I think we anticipated," the EU commissioner for security, Julian King, told EUobserver.

Opinion

Cybersecurity and defence for the future of Europe

Cybersecurity is a core element of Europe's strategy to become a global leader in digital technologies and a secure place for its citizens, write EU commissioner Jyrki Katainen and expert Jarno Limnell.

New EU fines will apply to 'old' data breaches

On 25 May, a new general data protection regulation will apply. Data breaches that happened before that date, but were covered up, can be fined under the new regulation.

News in Brief

  1. Gazprom accepts EU conditions on gas supplies
  2. Facebook tells MEPs: non-users are not profiled
  3. Commission proposes ending France deficit procedure
  4. UK households hit with Brexit income loss
  5. Report: EU faces 10% cut in steel exports to US
  6. Australia wants more access to EU agricultural market
  7. CV of Italian PM candidate under scrutiny
  8. Puigdemont Spain extradition rejected by German court

Stakeholders' Highlights

  1. Nordic Council of MinistersOECD Report: Gender Equality Boosts GDP Growth in Nordic Region
  2. Centre Maurits Coppieters“Peace and reconciliation is a process that takes decades” Dr. Anthony Soares on #Brexit and Northern Ireland
  3. Mission of China to the EUMEPs Positive on China’s New Measures of Opening Up
  4. Macedonian Human Rights MovementOld White Men are Destroying Macedonia by Romanticizing Greece
  5. Counter BalanceControversial EIB-Backed Project Under Fire at European Parliament
  6. Nordic Council of MinistersIncome Inequality Increasing in Nordic Countries
  7. European Jewish CongressEU Leaders to Cease Contact with Mahmoud Abbas Until He Apologizes for Antisemitic Comments
  8. International Partnership for Human RightsAnnual Report celebrates organization’s tenth anniversary
  9. Nordic Council of MinistersNordic Cooperation Needed on Green Exports and Funding
  10. Mission of China to the EUPremier Li Confirms China Will Continue to Open Up
  11. European Jewish CongressCalls on Brussels University to Revoke Decision to Honour Ken Loach
  12. Sustainable Energy Week 2018"Lead the Clean Energy Transition"- Register and Join Us in Brussels from 5 to 7 May

Latest News

  1. Visegrad Four 'nothing to hide' on rule of law issue
  2. GDPR does not (yet) give right to global oblivion
  3. Privacy Shield less relevant given GDPR, says data chief
  4. Unknown academic to lead Italy into EU clash
  5. 'Killer robot' projects eligible for EU defence fund
  6. Funding for European values needs radical changes
  7. Feeble EU format deflates Zuckerberg 'hearing'
  8. Are EU data watchdogs staffed for GDPR?

Stakeholders' Highlights

  1. EU Green Week 2018Green Cities for a Greener Future. Join the Debate in Brussels from 22 to 24 May
  2. Nordic Council of Ministers12 Recommendations for Nordic Leadership on Climate and Environment
  3. Macedonian Human Rights MovementOxford Professor Calls for an End to the Anti-Macedonian Name Negotiations
  4. ACCAPeople Who Speak-Up Should Feel Safe to Do So
  5. Mission of China to the EUProgress on China-EU Cooperation
  6. Nordic Council of MinistersWorld's Energy Ministers to Meet in Oresund in May to Discuss Green Energy
  7. ILGA EuropeParabéns! Portugal Votes to Respect the Rights of Trans and Intersex People
  8. Mission of China to the EUJobs, Energy, Steel: Government Work Report Sets China's Targets
  9. European Jewish CongressKantor Center Annual Report on Antisemitism Worldwide - The Year the Mask Came Off
  10. UNICEFCalls for the Protection of Children in the Gaza Strip
  11. Mission of China to the EUForeign Minister Wang Yi Highlights Importance of China-EU Relations
  12. Nordic Council of MinistersImmigration and Integration in the Nordic Region - Getting the Facts Straight

Stakeholders' Highlights

  1. Macedonian Human Rights MovementMacedonians in Bulgaria Demand to End the Anti-Macedonian Name Negotiations
  2. Counter BalanceThe EIB Needs to Lead by Example on Tax Justice
  3. ILGA EuropeTrans People in Sweden to be Paid Compensation for Forced Sterilisation
  4. International Partnership for Human RightsThe Danger of Standing Up for Justice and Rights in Central Asia
  5. Mission of China to the EUChina and EU Must Work Together to Promote Global Steel Sector
  6. Swedish EnterprisesEU Tax Proposal on Digital Services Causes Concern for Small Exporting Economies
  7. European Jewish CongressCondemns the Horrific Murder of Holocaust Survivor Mireille Knoll in Paris
  8. Mission of China to the EUAn Open China Will Foster a World-Class Business Environment
  9. ECR GroupAn Opportunity to Help Shape a Better Future for Europe
  10. Counter BalanceControversial Turkish Azerbaijani Gas Pipeline Gets Major EU Loan
  11. World VisionSyria’s Children ‘At Risk of Never Fully Recovering', New Study Finds
  12. Macedonian Human Rights MovementMeets with US Congress Member to Denounce Anti-Macedonian Name Negotiations