EU To Create New Cyber Defence Unit

Senior EU official

The attack in March – just a few days ahead of an EU summit on military strikes in Libya and on the euro zone debt crisis – saw commission systems attacked “in a very well-organised and targeted way, focusing on three or four keywords on external relations and monetary issues,” according to a senior EU official.

“It was probably espionage, but this is very difficult to prove. We don’t expect to ever know if it was the case or not,” the source added.

The contact did not reveal if any data was actually stolen.

The commission has not launched a criminal investigation at this stage and is still assessing the level of damage.

It has in the past three months beefed-up its email security, the EUobserver writes.

Up until the attacks email accounts could be accessed remotely by typing in a password. But now users have a special “security token” – a small device which generates a secondary password required to log on.

Brussels is also setting up a new Computer Emergency Response Team (CERT) to stave off future attacks.

The unit will pull together existing IT security departments from the commission, the EU parliament and the EU Council to handle cyber attacks on all EU institutions and to share intelligence in real-time with CERTs in EU member states.

The new body is to run tests in June and to be fully operational by 1 October.

Otmar Lendl – the head of the Austrian CERT – says the new measure will not make EU systems impregnable.

“Prevention is very difficult. It’s like fire – even if you have a good fire brigade which sets up the best firewalls, you will still have fires. But CERTs certainly will help you deal with anything that happens and get a clearer response, as well as putting sensors in place and tools to monitor networks, so that you detect an attack early on.”

Detecting the fact that an attack is taking place is in itself not an easy thing.

The next step is to find out how the hacker got into the system, what documents have been accessed or changed and if any “time bombs” or “back doors” have been left behind to allow future access.

“At EU level, there are a lot of own little kingdoms, it’s not centralised like in a company – so it will be a difficult task,” Lendl explain.

National CERTs dealing with governments (GovCERTs) “also have to deal with various ministries, cities, local administrations and other stakeholders. So it’s not unusual,” he adds.

Related by the Econotwist’s:

1 Comment

Filed under Laws and Regulations, National Economic Politics, Technology

One response to “EU To Create New Cyber Defence Unit

  1. Pingback: The Stuxnet – Visualized | EconoTwist's