Tuesday

15th Oct 2019

Opinion

Lessons for EU to protect against next cyber attack

As the latest ransomeware attack 'Bad Rabbit' spreads through Europe, it is again clear that there are few degrees of separation between malware targets and global information technology networks.

Initially aimed at Ukraine's Ministry of Infrastructure and Kiev's public transportation system, the current ransomware blitz has now spread to Turkey and Germany, compromising a growing list of international businesses, government interests and thousands of personal computers.

Read and decide

Join EUobserver today

Support quality EU news

Get instant access to all articles — and 18 year's of archives. 30 days free trial.

... or join as a group

The explosive growth of cloud-based and on-demand data systems has pushed vital sectors such as business, banking, and healthcare into risky relationships with IT infrastructure that exposes them to unexpected threats. But governments have even more at stake. Their need to house sensitive citizen data and protect national security has made them ideal targets for cyber-attacks.

Many countries are actively developing e-governance strategies — digital initiatives centred on citizen needs that are meant to promote service efficiency, productivity, transparency, and technological innovation. But these actions have also introduced a range of potential security risks, which need to be met with coordinated cybersecurity frameworks.

High-profile government hacking incidents, such as the 2015 breach of more than 22 million employee profiles in the US Office of Personnel Management database (including extensive security clearance files and personal backgrounds) are alarming examples of the holes being exploited by cyber criminals and state-sponsored hackers.

What can governments do to safeguard their data systems and citizens, and to reduce the spread of global 'e-pidemics'?

Three steps

First, they must shift to holistic approaches that progress beyond suites of technical tools such as firewalls, intrusion detection systems and spam filters. They must embrace organisational and behavioural change. By integrating a 'prevention is better than cure' strategy, governments can create interagency knowledge networks and focus on training computer users to be aware of cyber risks, how to avoid them, and how to be first responders when attacks strike.

One such example is the Australian Cyber Security Centre (ACSC) — a government "hub for private and public sector collaboration and information-sharing to combat cyber security threats". The centre aggregates cybersecurity and cyberdefence capabilities from a wide range of government departments, police units, crime commissions, the private sector, academia, local government, and international partners.

ACSC plays a pivotal role in raising awareness of cybersecurity issues, reporting incidents, analysing and investigating attacks and threats, and coordinating national security operations to respond to cyber-attacks.

Second, governments must have a clear cybersecurity strategy and make a deliberate investment in building capacity to deal with cybercrime. This begins with a broad assessment of government organisations to fully understand all aspects of their operations in cyberspace (e.g. open doors, levels of data-sensitivity, user authentication, encryption of sensitive data, etc.). Only then can comprehensive security policies and best practice guidelines be developed to ensure that overarching cybersecurity defences are effectively scaled to protect critical information and infrastructure.

But strategies must also be built on a reliable foundation of focal points in relevant government agencies, authorities and civil society. These human resources are crucial links to wider detection of, and recovery from, cyber-attacks.

Third, while the responsibility to develop strong legislation that discourages cyber-attacks falls on the shoulders of governments, they should look to impartial advisors and international organisations such as the United Nations, who are dedicated to enhancing cybersecurity culture and building awareness at policy levels.

UN research centres, like those of the United Nations University, are well positioned to bring partners to the table to find solutions. For example, development of an internet governance model and an international treaty harmonising national laws against cybercrime such as copyright infringement, fraud, child pornography, hate crimes, and cybersecurity breaches with supervision of related UN agencies would be welcome by member states.

Effective cybersecurity is a complex transnational challenge that requires strategy and cooperation at all levels and among states. There is a long way to go to build a coordinated response to computer crimes, but with new exploits being developed every day, there is no time to wait. Our short-term solutions must be devised as building blocks of a collaborative effort to fight global cyber-attacks.

Nuno Lopes and Jose Faria are researchers at the United Nations University operating unit on policy-driven electronic governance.

Disclaimer

The views expressed in this opinion piece are the author's, not those of EUobserver.

EU unsure how to 'make most' of AI

Whoever controls AI, 'will become the ruler of the world', according to Russian president Vladimir Putin. EU leaders want to move quickly to harness the opportunities of the technology.

On cybersecurity, Europe must act now

Some governments have closed their eyes, hoping that the menace will go away. It will not - it will only become stronger, according to the former prime minister of Estonia, one of the EU's leading digital states.

New Dutch terror bill must not target aid workers

A controversial counterterrorism bill could end up criminalising aid workers in the Netherlands if they enter conflict hotspots when assisting the world's most vulnerable people.

Defending the defenders: ombudsmen need support

Ombudsmen are often coming under attack or facing different kinds of challenges. These can include threats, legal action, reprisals, budget cuts or a limitation of their mandate.

Column

The benefits of being unpopular

Paradoxically, the lack of popularity may be part of the strength of the European project. Citizens may not be super-enthusiastic about the EU, but when emotions run too high in politics, hotheads may take over.

Stakeholders' Highlights

  1. Nordic Council of MinistersBrussels welcomes Nordic culture
  2. UNESDAUNESDA appoints Nicholas Hodac as Director General
  3. UNESDASoft drinks industry co-signs Circular Plastics Alliance Declaration
  4. FEANIEngineers Europe Advisory Group: Building the engineers of the future
  5. Nordic Council of MinistersNew programme studies infectious diseases and antibiotic resistance
  6. UNESDAUNESDA reduces added sugars 11.9% between 2015-2017
  7. International Partnership for Human RightsEU-Uzbekistan Human Rights Dialogue: EU to raise key fundamental rights issues
  8. Nordic Council of MinistersNo evidence that social media are harmful to young people
  9. Nordic Council of MinistersCanada to host the joint Nordic cultural initiative 2021
  10. Vote for the EU Sutainable Energy AwardsCast your vote for your favourite EUSEW Award finalist. You choose the winner of 2019 Citizen’s Award.
  11. Nordic Council of MinistersEducation gets refugees into work
  12. Counter BalanceSign the petition to help reform the EU’s Bank

Latest News

  1. EU countries to halt arms sales to Turkey
  2. Nine Catalan separatist leaders given long jail terms
  3. Poland's right-wing ruler wins four more years
  4. EU powerless in new Syrian mayhem
  5. Hungarian opposition wins Budapest in blow to Orban
  6. New Dutch terror bill must not target aid workers
  7. EU proposes pesticide ban, but key documents still secret
  8. Brexit nail-biter and EU nominations This WEEK

Stakeholders' Highlights

  1. UNICEFChild rights organisations encourage candidates for EU elections to become Child Rights Champions
  2. UNESDAUNESDA Outlines 2019-2024 Aspirations: Sustainability, Responsibility, Competitiveness
  3. Counter BalanceRecord citizens’ input to EU bank’s consultation calls on EIB to abandon fossil fuels
  4. International Partnership for Human RightsAnnual EU-Turkmenistan Human Rights Dialogue takes place in Ashgabat
  5. Nordic Council of MinistersNew campaign: spot, capture and share Traces of North
  6. Nordic Council of MinistersLeading Nordic candidates go head-to-head in EU election debate
  7. Nordic Council of MinistersNew Secretary General: Nordic co-operation must benefit everybody
  8. Platform for Peace and JusticeMEP Kati Piri: “Our red line on Turkey has been crossed”
  9. UNICEF2018 deadliest year yet for children in Syria as war enters 9th year
  10. Nordic Council of MinistersNordic commitment to driving global gender equality
  11. International Partnership for Human RightsMeet your defender: Rasul Jafarov leading human rights defender from Azerbaijan
  12. UNICEFUNICEF Hosts MEPs in Jordan Ahead of Brussels Conference on the Future of Syria

Join EUobserver

Support quality EU news

Join us