EU Readies CERT Team To Fend Off Cyber Attacks

The European Union has responded to the escalating threat posed by increasingly well organised cyber attacks, with the creation of its Computer Emergency Response pre-configuration Team (CERT).

The decision was announced by the European Commission last Friday. It said that the creation of its CERT is an “important step to counter the threat of cyber attacks against the EU institutions, bodies and agencies”.

This follows on from the European Commission call in early April for member states to do more to prepare for cyber-attacks. In particular it urged the construction of an efficient network of CERTs by next year.

Cyber Battles

The European team will apparently be made up of ten IT security experts from the EU institutions.

“At the end of one year’s preparatory work by the team, an assessment will be made leading to a decision on the conditions for establishing a full-scale CERT for the EU institutions,” the EC said.

The creation of the CERT comes after the formal adoption of the Digital Agenda for Europe in May 2010, in which the Commission committed itself to establishing a CERT for the EU institutions.

In August 2010 the Commission requested four cyber-security experts to make recommendations on how to set up such a CERT. Their report was finalised in November when the Commission officially announced its proposals to deliver security measures to protect citizens and businesses on the web.

“Cyber-attacks are a very real and ever-increasing threat. Whether against individual countries, companies or most recently against the European Commission, they can paralyse key infrastructure and cause huge long-term damage,” said Neelie Kroes, VP of the European Commission for the Digital Agenda. “Setting up this CERT pre-configuration team is a further demonstration of how seriously the EU Institutions take the cyber-security threat.”

Ongoing Threats

The scale of the problem facing official institutions was clearly demonstrated earlier this year when the European Parliament’s computer network came under a prolonged attack. Indeed, the EC was forced to shut off remote access to email during the five-day long cyber-attack. Other European institutions have also been targeted.

The CERT team will operate under the auspices of the European Network and Information Security Agency (ENISA).

In the UK, meanwhile, defence secretary Liam Fox recently said that Britain is under constant attack from hackers, and last year 1,000 potentially serious offensives were blocked.

The British government has also acknowledged it has begun work on a “toolbox” of offensive cyber-weapons to complement its existing defensive capabilities.This follows the comments from Armed Forces Minister Nick Harvey last November, when he said that the UK must have the ability to launch its own attack against those carrying out cyberwarfare against this country and its infrastructure.