EC Urges More Action On Cyber-Defences

Member states must act swiftly to establish Computer Emergency Response Teams by next year

The European Commission has called upon European member states to do more to prepare for cyber-attacks, in particular urging the construction of an efficient network of Computer Emergency Response Teams (CERTs) by next year.

The Commission made the recommendation on Friday in a report taking stock of the progress in implementing a 2009 EU-wide action plan.

Action plan

The action plan was set out in March 2009 in a communication called “Protecting Europe from large scale cyber-attacks and cyber-disruptions: enhancing preparedness, security and resilience”. The protection of Internet resources is also a key priority for the 2010 Digital Agenda for Europe.

“Europeans need and expect to have access to secure, resilient and robust online networks and services,” said Commission vice president for the Digital Agenda, Neelie Kroes, in a statement. “In the past two years we have achieved significant progress but we must step up our efforts in the EU and at the global level to address ever-changing cyber-threats.”

The Commission noted that several recent attacks have aimed at disrupting government functions, including the attacks on the networks of the French Finance Ministry ahead of the G20 summit, and attacks on the EU Emission Trading System, the European External Action Service and the Commission itself.

“These events demonstrate the need to create a well functioning network of governmental/national CERTs by next year, to organise more regular cyber attack simulations and to look into governance issues for the security of emerging technologies like cloud computing,” the Commission stated.

The Commission said a majority of member states have set up CERTs and said member states are now participating in regular exchanges on good security policy practices via the European Forum for Member States, set up in 2009.

The Commission called for the creation of a European cyber-incident contingency plan by 2012, the organisation of regular national and pan-European cyber incident exercises and strategic partnerships with non-EU countries, notably with the US.

Meetings with US, NATO

Last November the Commission announced proposals to deliver security measures to protect citizens and businesses on the web. The defence plans to counter cyber-crime and cyber-terrorism were developed at a meeting of European Union, United States and NATO officials.

The conference was held following military-style exercises held independently by the US and the EU involving government and business participants in cyber-defence scenarios. The wargames involved detecting, tracking and neutralising simulated major web-based attacks.

The result is a three-pronged pre-emptive strategy which will be rolled out over the next three years under the auspices of the European Network and Information Security Agency (ENISA). The announcement formalises work that ENISA has been bringing together over the past year.

Armed Forces Minister Nick Harvey said last November that the UK must have the ability to launch its own attack against those carrying out cyberwarfare against this country and its infrastructure.