EC: Major Cyberattack Could Cost £179bn

There is a 10 to 20 percent risk of a major failure in communications networks within the next 10 years, according to the European Commission.

The European Commission (EC) has warned that the region is not prepared for the effects of an act of cyber-terrorism or a natural disaster on communications networks, because EU menber states’ plans are not co-ordinated.

Recent large scale attacks on communication networks in Estonia, Lithuania, and Georgia highlighted the dangers to European economies and societies from disruption to information systems, said the EC in a statement this week.

“The Information Society brings us countless new opportunities and it is our duty to ensure that it develops on a solid and sustainable base,” said Viviane Reding, commissioner for Information Society and Media. “Europe must be at the forefront in engaging citizens, businesses and public administrations to tackle the challenges of improving the security and resilience of Europe’s critical information infrastructures. There must be no weak links in Europe’s cyber security.”

The EC claims there is a 10 to 20 percent probability that telecom networks will be hit by a “major breakdown” in the next 10 years, with a potential economic cost of around €193 billion (£179bn). “This could be caused by natural disasters, hardware failures, rupture of submarine cables (there were 50 incidents recorded in the Atlantic Ocean in 2007 alone), as well as from human actions such as terrorism or cyber attacks, which are becoming more and more sophisticated,” the EC stated.

Purchases and sales over electronic networks amounted to 11 percent of total turnover of EU companies in 2007 and around 77 percent of businesses accessed banking services via internet and 65 percent of companies used online public services, according to the EC. “Communications infrastructure also underpins the functioning of key areas from energy distribution and water supply to transport, finance and other critical services,” the EC stated.

According to the EC, Member States’ approaches and capacities “differ widely” at the moment. “A low level of preparedness in one country can make others more vulnerable, while a lack of coordination reduces the effectiveness of countermeasures,” the EC claimed in a statement.

The EC is calling on businesses and the public sector to focus on:

  • Preparedness and prevention: Fostering cooperation, exchange of information and transfer of good policy practices between Member States via a European Forum. Establishing a European Public-Private Partnership for Resilience, which will help businesses to share experience and information with public authorities.
  • Detection and response: Supporting the development of a European information sharing and alert system.
  • Mitigation and recovery: Stimulating stronger cooperation between Member States via national and multinational contingency plans and regular exercises for large-scale network security incident response and disaster recovery.
  • International cooperation: Driving a Europe-wide debate to set EU priorities for the long term resilience and stability of the Internet, with a view to proposing principles and guidelines to be promoted internationally.
  • Establish criteria for European critical infrastructure in the ICT sector: The criteria and approaches currently vary across Member States.

The Commission has also called on the European Network and Information Security Agency (ENISA) to support the initiative and encourage communication between international businesses and the public sector

As evidence for the pressing need for action to protect information networks across the region, the EC cited the recent large-scale cyber attacks against Estonia in 2007 which forced the country’s Parliament to shut down its email system for 12 hours. In addition two major Estonian banks had to stop their online services.