Interview
EU 'underestimated' cyber-crime
-
'If anything, we'd underestimated the scale of the challenge' of cybercrime, EU security commissioner Julian King told the conference. (Photo: European Commission)
By Peter Teffer
The European Union has underestimated the scale of the threat from cybercrime, the EU commissioner for security, Julian King, told EUobserver.
"Cybercrime is growing much, much faster than I think we anticipated," said King at the Cybersec conference in Krakow on Monday (9 October).
Join EUobserver today
Become an expert on Europe
Get instant access to all articles — and 20 years of archives. 14-day free trial.
Choose your plan
... or subscribe as a group
Don't miss out on
Our exclusive news stories and investigations. Influential. Investigative. Independent.
Why join?
Watch our founder Lisbeth Kirk explain the reasons in this 30-second video.
Already a member?
-
King is likely to be the last EU commissioner from the UK. 'I don't think that anything I'm doing is, as it were, a wasted effort in the light of Brexit.' (Photo: Steve Johnson)
"The challenge is to equip ourselves to deal with these problems, which are bigger, more complicated and more multi-faceted than perhaps we originally assumed," he said, comparing the current situation to four years ago.
In 2013, the European Commission, under the leadership of Jose Manuel Barroso, adopted a strategy paper on cybersecurity. One of its five "strategic priorities" was "drastically reducing cybercrime."
Four years later, under Barroso's successor, Jean-Claude Juncker, commissioner King said that "if anything, we'd underestimated the scale of the challenge".
"In the 2013 cybersecurity strategy, we said that our ambition was to get ahead of cybercrime. Cybercrime has grown five times in the last four years, and is estimated to grow potentially up to four times more in the next two years," said King, who joined the commission as the UK's member in the summer of 2016.
Last month, the EU commission presented a legislative proposal that would beef up the bloc's cybersecurity agency, based in Greece, and would set up a framework to create EU-wide cybersecurity certificates.
The commission has also begun a study, looking at next year setting up a network of cybersecurity 'competence centres' and a European Cybersecurity Research and Competence Centre.
Additionally, the EU's police agency, Europol, already has a European Cybercrime Centre.
Boost our research
King compared the EU's public-private partnership on cybersecurity - which was set up last year to trigger financing of cybersecurity research - to US spending on this area of research.
"We've got this public-private partnership, which is good, very good, mobilising €1.8 billion of investment over the next few years, [until] 2020."
"But if you look at the US, they are spending $17 billion [€14.5bn] this year. So we are not at the scale which is commensurable to the challenge."
"We've said we need to boost our research by building this network of centres of excellence and research, and a hub at the centre of that, a European hub, to drive that research effort."
But Enisa (the European Union Agency for Network and Information Security), created in 2005, was also supposed to become "the information hub of the EU" when it came to "knowledge and information, awareness raising", according to the commission's proposal, which also noted that Enisa "has not fully succeeded in developing a strong brand name and gaining sufficient visibility to become recognised as 'the' centre of expertise in Europe."
Different roles
Commissioner King, however, did not agree that the new EU research and competence centre should fall under Enisa.
"I think there are different roles," he said.
"There's a role for a boosted Enisa, the agency. There's definitely a role for turbo-charging our research. And that is often a different set of relationships, different requirements."
"And there is a need for us to get even more serious about the cyber policing. I don't see those as competing, or unnecessary, or redundant. I think they are completely complementary."
Ahead of the interview, King gave a speech at the Krakow conference, noting why he thought the prospect of pan-European cybersecurity certificates for businesses was important.
He noted the different certificates companies currently have to acquire, in order to do business in France and the UK, and that a pan-EU certification scheme could simplify this.
Brexit?
When EUobserver pointed out that this could once again be the situation after Brexit, King said: "Let's see."
"I hope that whatever else happens on Brexit, in the future we are going to be able to keep close cooperation on issues like terrorism, fighting cyber, and serious and organised crime."
He said the "people who are trying to attack us don't make any distinction about whether you are in or outside of the European Union".
King is expected to be the final British EU commissioner, but he said it was "very important for everybody across Europe that we make progress on these issues" before he leaves office.
"I don't think that anything I'm doing is, as it were, a wasted effort in the light of Brexit."
