EU agency to fight election hacking
A more robust EU cyber agency could help member states defend their elections against "hybrid attacks", the European Commission has said.
Speaking at the launch of new cybersecurity proposals in Brussels on Tuesday (19 September), Julian King, the Commission's security chief, said some hacker attacks had "political objectives".
Join EUobserver today
Become an expert on Europe
Get instant access to all articles — and 20 years of archives. 14-day free trial.
Choose your plan
... or subscribe as a group
Already a member?
-
King said online security was as important as that in the real world (Photo: EC - Audiovisual Service/Photo: Georges Boulougouris)
"They can target our democratic institutions and can be used with other tools, such as propaganda and fake news, in hybrid attacks," he said.
"We need to be as serious about security online as we are offline," he said.
He also hailed Finland's new "centre of excellence" on hybrid warfare, which is designed to help EU countries fight novel assaults.
King did not name Russia, but Russian hackers and media recently attacked the French and US elections.
With Germany preparing to vote on Sunday, German authorities have also warned that Russia could leak MP's secrets after it stole data from the Bundestag in 2015.
An EU source said he was "surprised" Russia had not acted yet.
The source said one risk was that it could leak lots of dull real files and insert scandalous fake ones in the cache to try to create viral stories.
The new-model EU cyber agency was one of several Commission proposals on Tuesday that mainly targeted hacking for economic gain, crypto-currencies, and single market reforms.
Wake-up call
The Commission said the EU's existing cyber agency, Enisa in Greece, should boost staff from 84 to 125 and more than double its budget to €23 million a year.
Enisa currently drafts policy recommendations, but in future it should be able to give EU states "operational … assistance" in the event of a cyber attack.
It should conduct pan-EU cyber drills and create new protocols for member states' cyber-crisis management.
The Commission also proposed creating a Cybersecurity Emergency Response Fund to help victim states and a €50 million European Cybersecurity Research and Competence Centre to train and recruit specialists.
On the economic side, King said the Wannacry attack in May, in which hackers tried to blackmail hundreds of EU companies, was a wake-up call.
The Commission proposed pan-EU norms of jailing people for two to five years if they perpetrated fraud using virtual currencies, such as Bitcoin.
It said there should be a new EU labelling scheme, governed by Enisa, that certified which consumer and industrial cyber-connected products were safe to use.
It also proposed a law to enable firms to share "non-personal" data across borders to help companies expand in the single market.
Non-personal data could be, for instance, company financial records, or data on when machines, such as a car-wash machine, needed maintenance.
King presented the measures flanked by two commissioners in charge of digital matters, Andrus Ansip and Mariya Gabriel.
They came with a list of startling numbers.
The Commission said ransomware attacks had tripled since 2015 to hit more than 4,000 a day worldwide.
Six billion devices
They said cybercrime cost €265 billion a year and could quadruple in size by 2019.
"There are two types of company. Those who know they were attacked and those who don't yet know. With people, it's probably the same story," Ansip said.
The Commission also said there would be 6 billion cyber-connected devices in EU households by 2020.
It said unlocking the flow of non-personal data could be worth €370 billion a year for the single market in the next three years.
An EU official said the bloc's main institutions - the Commission, the European Parliament, and the EU Council - have about 30 staff each dealing with cybersecurity in Brussels.
The EU foreign service also has a special unit of 12 people dealing with Russian propaganda.
Enisa, which is located in two sites in Greece - in Athens and on the island of Crete - has struggled to attract top people and to liaise with EU states' officials due to its remote location.
But Gabriel said there was little the Commission could do about it.
"It's not the Commission that decides on that. It's only member states, with the Greek government, who can make the decision [on moving it]," she said.