Saturday

25th Jun 2022

EU institutions to create new cyber defence unit

  • Hackers can leave 'backdoors' and 'timebombs' after a successful attack (Photo: commorancy)

EU institutions are setting up a joint team of internet security experts some three months after the European Commission was hacked in a bid to get sensitive data on external relations and monetary issues.

The attack in March - just a few days ahead of an EU summit on military strikes in Libya and on the eurozone debt crisis - saw commission systems attacked "in a very well-organised and targeted way, focusing on three or four keywords on external relations and monetary issues," according to a senior EU official.

Read and decide

Join EUobserver today

Become an expert on Europe

Get instant access to all articles — and 20 years of archives. 14-day free trial.

... or subscribe as a group

"It was probably espionage, but this is very difficult to prove. We don't expect to ever know if it was the case or not," the source added.

The contact did not reveal if any data was actually stolen. The commission has not launched a criminal investigation at this stage and is still assessing the level of damage.

It has in the past three months beefed-up its email security.

Up until the attacks email accounts could be accessed remotely by typing in a password. But now users have a special "security token" - a small device which generates a seconadry password reuqred to log on.

Brussels is also setting up a new Computer Emergency Response Team (CERT) to stave off future attacks.

The unit will pull together existing IT security departments from the commission, the EU parliament and the EU Council to handle cyber attacks on all EU institituions and to share intelligence in real time with CERTs in EU membr states. The new body is to run tests in June and to be fully operational by 1 October.

Otmar Lendl - the head of the Austrian CERT - told EUobserver the new measure will not make EU systems impregnable.

"Prevention is very difficult. It's like fire - even if you have a good firebrigade which sets up the best firewalls, you will still have fires. But CERTs certainly will help you deal with anything that happens and get a clearer response, as well as putting sensors in place and tools to monitor networks, so that you detect an attack early on."

Detecting the fact that an attack is taking place is in itself not an easy thing. The next step is to find out how the hacker got into the system, what documents have been accessed or changed and if any "timebombs" or "backdoors" have been left behind to allow future access.

"At EU level, there are a lot of own little kingdoms, it's not centralised like in a company - so it will be a difficult task," Lendl explained.

National CERTs dealing with governments (GovCERTs) "also have to deal with various ministries, cities, local administrations and other stakeholders. So it's not unusual," he added.

Europol wants to host EU cyber crime centre

The EU's joint policy body, Europol, is angling to host a new European cyber crime centre, with the European Commission due next year to decide where to put its new defence against online threats.

Smartphones are 'data goldmines' for hackers

Smartphones allows us watch videos, listen to music, check emails, find the nearest restaurant, and update our 'status' on Twitter and Facebook, but with the increased technology comes new and largely under-appreciated security threats.

IT bugs haunt work of EU fraud busters

EU efforts to fight fraud have been hampered by bugs and delays in an €29m IT system meant to help manage investigations more efficiently.

EU reaches deal on flagship cybersecurity law

The European Parliament and EU member states have reached an agreement over new rules intended to protect Europe's public and private critical entities from cyberattacks.

Stakeholder

The CPDP conference wants multidisciplinary digital future

During the Computers, Privacy and Data Protection (CPDP) conference, many high-level discussions will touch upon the dynamics of decision-making in the design of new technologies, including the importance of inclusion, diversity, and ethics perspectives within these processes.

EU Commission won't probe 'Pegasus' spyware abuse

The European Commission says people should file their complaints with national authorities in countries whose governments are suspected of using an Israeli-made Pegasus spyware against them.

News in Brief

  1. Belgian PM: Gas shortage requires joint response
  2. Bulgarian MPs set conditions for lifting enlargement veto
  3. Latvia: We need a brigade-size Nato force to 'feel safe'
  4. Deal reached on controversial energy treaty reform
  5. EU carbon emissions from energy up 6% in 2021
  6. Germany step closer to gas rationing
  7. Albania: EU 'disgrace' at lack of enlargement progress
  8. 'Serious blow' to EU credibility over North Macedonia

Stakeholders' Highlights

  1. Nordic Council of MinistersEmerging journalists from the Nordics and Canada report the facts of the climate crisis
  2. Council of the EUEU: new rules on corporate sustainability reporting
  3. Nordic Council of MinistersNordic ministers for culture: Protect Ukraine’s cultural heritage!
  4. Reuters InstituteDigital News Report 2022
  5. EFBWW – EFBH – FETBBHow price increases affect construction workers
  6. Nordic Council of MinistersNew Nordic think tank examines influence of tech giants

Latest News

  1. EU summit's uncertainty in the face of economic war
  2. Next winter's gas looms large at EU summer summit
  3. Ukraine becomes EU candidate after 120 days of war
  4. How to enhance EU cybersecurity
  5. Competing options for EU enlargement
  6. MEPs demand to exit 'ecocide treaty' after reforms 'fail'
  7. Finland optimistic in Turkey talks over Nato
  8. Hungary's global-tax veto seen as 'blackmail'

Join EUobserver

Support quality EU news

Join us