18th Mar 2018


On cybersecurity, Europe must act now

  • Estonia managed to keep the impact of WannaCry to almost zero by a large-scale targeted campaign in cooperation with the private sector (Photo: Blogtrepreneur)

A spectre is haunting the world – the cyber spectre.

This menace can reveal itself under different faces, taking the form of criminality, terrorism or state-sponsored activity – often using several faces together and masking its true intentions.

Over 200,000 victims in more than 150 countries across the globe were hit last year by Wannacry, probably the most significant cyber attack to date.

Among them were large corporations such as Telefonica and hospitals in the UK, which had to cancel or delay medical procedures.

The NotPetya attack a month later is estimated to have cost companies more than $1.2bn (€975,000). We have seen election campaign hacks in 2016 and 2017 where attacks were used to delegitimise the electoral process or cast a shadow over elected representatives.

By now it is becoming clear that the threats cyber attacks pose are real. Luckily, while cyber threats may be inevitable, their paralysing impact is not.

But fighting them is new for us.

Some governments have closed their eyes, hoping that the menace will go away. It will not. It will only become stronger.

No borders

Other governments are more diligent, creating their own ways and institutions for response. Unfortunately the spectre does not recognise borders, which is why the NotPetya, that seemed first to be targeting primarily Ukraine, spread fast and closed businesses in Estonia while the systems that caused this were located in France.

We can win this war only if we stand united. NATO has by now officially recognised cyberspace as a domain of operations, confirming that a cyberattack on any of its allies will be considered an act of war. But cyber threats are significantly larger than military, often fought by non-military means.

The former Estonian president Toomas Hendrik Ilves, whose country in 2007 witnessed one of the first massive cyber attacks in the world, recently made a proposal to create a worldwide alliance to fight cyber threats.

A timely proposal, but realising it can take more time than we actually have.

We must act immediately, using existing structures and, where necessary, taking a step further. Europe has become a major player in fighting cyber threats.

The EU solidarity clause is valid in the case of a cyber attack, too, not only in the case of conventional threats. Luckily, today in EU we do no longer lack the tools, we just have to be able to use them.

EU response

In September, the Commission published the renewed EU cyber security strategy.

The Estonian presidency in the council acted quickly upon the commission's proposals and adopted council conclusions in November, followed by adoption of the concrete action plan to implement the EU cybersecurity strategy in December.

For us to be able to convincingly deter cyber threats, the EU agreed last year on its framework that will allow to use all EU common foreign policy tools as a response to cyber attacks – from diplomatic demarches to economic sanctions.

Now the politicians of Europe must be ready to use it. But experience and understanding of cyber threats among various member states are too different.

What for some is everyday reality seems to others like a fantasy from another world. We do not have time to wait for everybody to get on board, we must act now.

In the EU, this action can be taken, if needed, in the form of enhanced cooperation.

It is a procedure where a minimum of nine member states are allowed to establish advanced integration or cooperation inside the EU.

One may argue that the EU´s recently established Permanent Structured Defence Cooperation (Pesco) should provide a suitable platform for stepping up cyber defence cooperation as well.

But although there are two cyber-related projects among the initial list of projects under Pesco, the whole area of cyber security is so much broader and brings together so many civilian elements that cooperation under Pesco will never be enough.

For core challenges, enhanced cooperation would allow the participating countries to put in place rules for decreasing possibilities of cyber attacks, such as exchanging information more actively, widening the NIS directive list of essential services to areas protecting our way of life, such as democratic elections and government systems.

This would allow the member states to coordinate common responses to possible attacks and, importantly, attribute the attacks to perpetrators.

Cyber 'hygiene'

Member states could launch an investment program to R&D centres, which provide for solutions in cyber security and massive cyber education programs not only for experts but also for the general public, raising awareness in cyber hygiene.

By following simple rules, we can significantly decrease the risks of becoming a target of future attacks.

The Wannacry attack could easily have been avoided by basic security practices, such as replacing outdated software and installing critical updates.

Estonia managed to keep the impact of WannaCry to almost zero by a large-scale targeted campaign in cooperation with private sector, asking people to stop using the obsolete system containing a critical vulnerability.

From enhanced cooperation, we could take the next move: forming a cyber defence alliance, including members from other parts of the world, as cyber threats recognise no borders.

With such steps, Europe can lead the fight for the future. In the past, Europe has always been successful when it succeeded in seeing current problems as opportunities for the future.

A similar opportunity is now open for us.

Mart Laar is a former Estonian prime minister (1992-1994 and 1999-2002)


EU to beef up cybersecurity agency

The Commission's president proposed to set up a European Cybersecurity Agency. The EU already has an agency for Network and Information Security.

Four years on – but we will not forget illegally-occupied Crimea

Together with many other partners, including the United States, Canada and Norway, the European Union has implemented a policy of non-recognition and sanctions regimes, targeting people and entities that have promoted Russia's illegal annexation.

Column / Brussels Bytes

EU e-privacy proposal risks breaking 'Internet of Things'

EU policymakers need to clarify that the e-privacy should not apply to most Internet of Things devices. The current proposal require explicit user consent in all cases - which is not practical.

News in Brief

  1. Sweden emerges as possible US-North Korean summit host
  2. Google accused of paying academics backing its policies
  3. New interior minister: 'Islam doesn't belong to Germany'
  4. Hamburg 'dieselgate' driver wins case to get new VW car
  5. Slovak deputy PM asked to form new government
  6. US, Germany, France condemn 'assault on UK sovereignty'
  7. MEPs accept Amsterdam as seat for EU medicines agency
  8. Auditors: EU farm 'simplification' made subsidies more complex

Stakeholders' Highlights

  1. Counter BalanceConmtroversial Turkish Azerbaijani Gas Pipeline Gets Major EU Loan
  2. World VisionSyria’s Children ‘At Risk of Never Fully Recovering', New Study Finds
  3. Macedonian Human Rights MovementMeets with US Congress Member to Denounce Anti-Macedonian Name Negotiations
  4. Martens CentreEuropean Defence Union: Time to Aim High?
  5. UNESDAWatch UNESDA’s President Toast Its 60th Anniversary Year
  6. AJC Transatlantic InstituteAJC Condemns MEP Ana Gomes’s Anti-Semitic Remark, Calls for Disciplinary Action
  7. EPSUEU Commissioners Deny 9.8 Million Workers Legal Minimum Standards on Information Rights
  8. ACCAAppropriate Risk Management is Crucial for Effective Strategic Leadership
  9. EPSUWill the Circular Economy be an Economy With no Workers?
  10. European Jewish CongressThe 2018 European Medal of Tolerance Goes to Prince Albert II of Monaco
  11. FiscalNoteGlobal Policy Trends: What to Watch in 2018
  12. Human Rights and Democracy NetworkPromoting Human Rights and Democracy in the Next Eu Multiannual Financial Framework

Latest News

  1. Brexit and trade will top This WEEK
  2. Dutch MPs in plan to shut EU website on Russian propaganda
  3. Four years on – but we will not forget illegally-occupied Crimea
  4. Evacuated women from Libya arrive newly-pregnant
  5. Merkel in Paris for eurozone reform talks
  6. Commission rejects ombudsman criticism over Barroso case
  7. Western allies back UK amid Russian media blitz
  8. Meet the European Parliament's twittersphere

Stakeholders' Highlights

  1. Mission of China to the EUDigital Cooperation a Priority for China-EU Relations
  2. ECTACompetition must prevail in the quest for telecoms investment
  3. European Friends of ArmeniaTaking Stock of 30 Years of EU Policy on the Nagorno-Karabakh Conflict: How Can the EU Contribute to Peace?
  4. ILGA EuropeCongratulations Finland!
  5. EUobserverNow Hiring! Sales Associate With 2+ Years Experience
  6. EUobserverNow Hiring! Finance Officer With Accounting Degree or Experience
  7. UNICEFCyclone Season Looms Over 720,000 Rohingya Children in Myanmar & Bangladesh
  8. European Gaming & Betting AssociationEU Court: EU Commission Correct to Issue Guidelines for Online Gambling Services
  9. Mission of China to the EUChina Hopes for More Exchanges With Nordic, Baltic Countries
  10. Macedonian Human Rights MovementCondemns Facebook for Actively Promoting Anti-Macedonian Racism
  11. Nordic Council of MinistersGlobal Seed Vault: Gene Banks Gather to Celebrate 1 Million Seed Collections
  12. CECEIndustry Stakeholders Are Ready to Take the Lead in Digital Construction

Stakeholders' Highlights

  1. ILGA EuropeAnkara Ban on LGBTI Events Continues as Turkish Courts Reject NGO Appeals
  2. Aid & Trade LondonJoin Thousands of Stakeholders of the Global Aid Industry at Aid & Trade London
  3. Macedonian Human Rights MovementEuropean Free Alliance Joins MHRMI to End the Anti-Macedonian Name Negotiations
  4. Mission of China to the EUChina-EU Tourism Year to Promote Business and Mutual Ties
  5. European Jewish CongressAt “An End to Antisemitism!” Conference, Dr. Kantor Calls for Ambitious Solutions
  6. UNESDAA Year Ago UNESDA Members Pledged to Reduce Added Sugars in Soft Drinks by 10%
  7. International Partnership for Human RightsUzbekistan: Investigate Torture of Journalist
  8. UNICEFExecutive Director's Committment to Tackling Sexual Exploitation and Abuse of Children
  9. Nordic Council of MinistersState of the Nordic Region 2018: Facts, Figures and Rankings of the 74 Regions
  10. Mission of China to the EUDigital Economy Shaping China's Future, Over 30% of GDP
  11. Macedonian Human Rights MovementSuing the Governments of Macedonia and Greece for Changing Macedonia's Name
  12. Swedish EnterprisesHarnessing Globalization- at What Cost? Keynote Speaker Commissioner Malmström