EU To Create New Cyber Defence Unit

Three months after the European Commission was hacked in a bid to get sensitive data on external relations and monetary issues, EU institutions are setting up a joint team of internet security experts. Brussels is also setting up a new Computer Emergency Response Team (CERT) to stave off future attacks.

“It was probably espionage, but this is very difficult to prove. We don’t expect to ever know if it was the case or not.”

Senior EU official

The attack in March – just a few days ahead of an EU summit on military strikes in Libya and on the euro zone debt crisis – saw commission systems attacked “in a very well-organised and targeted way, focusing on three or four keywords on external relations and monetary issues,” according to a senior EU official.

“It was probably espionage, but this is very difficult to prove. We don’t expect to ever know if it was the case or not,” the source added.

The contact did not reveal if any data was actually stolen.

The commission has not launched a criminal investigation at this stage and is still assessing the level of damage.

It has in the past three months beefed-up its email security, the EUobserver writes.

Up until the attacks email accounts could be accessed remotely by typing in a password. But now users have a special “security token” – a small device which generates a secondary password required to log on.

Brussels is also setting up a new Computer Emergency Response Team (CERT) to stave off future attacks.

The unit will pull together existing IT security departments from the commission, the EU parliament and the EU Council to handle cyber attacks on all EU institutions and to share intelligence in real-time with CERTs in EU member states.

The new body is to run tests in June and to be fully operational by 1 October.

Otmar Lendl – the head of the Austrian CERT – says the new measure will not make EU systems impregnable.

“Prevention is very difficult. It’s like fire – even if you have a good fire brigade which sets up the best firewalls, you will still have fires. But CERTs certainly will help you deal with anything that happens and get a clearer response, as well as putting sensors in place and tools to monitor networks, so that you detect an attack early on.”

Detecting the fact that an attack is taking place is in itself not an easy thing.

The next step is to find out how the hacker got into the system, what documents have been accessed or changed and if any “time bombs” or “back doors” have been left behind to allow future access.

“At EU level, there are a lot of own little kingdoms, it’s not centralised like in a company – so it will be a difficult task,” Lendl explain.

National CERTs dealing with governments (GovCERTs) “also have to deal with various ministries, cities, local administrations and other stakeholders. So it’s not unusual,” he adds.

Related by the Econotwist’s:

• EU Institutions Hit By Major Cyber Attack
• Cyber Attack Against Norwegian Military, Massive and Targeted
• UK Treasury Under Constant Cyber Attacks
• Stuxnet Mutants All Over The Web
• Hackers Target The New York Stock Exchange
• Vatican: Hackers Do God’s Work
• Top 10 Cyber Threats of 2011 – Updated

Related articles:

• ‘Serious’ cyber attack on EU bodies before summit (europebiz.wordpress.com)
• EU officials and diplomats target of cyber attack (msnbc.msn.com)
• EU Commission Rocked by Cyber Attack (defensetech.org)
• EU probes cyber attack (theglobeandmail.com)

Internal Wrangles Could Leave EU Without 2011 Budget

It’s the EU in a nutshell;  internal disagreements could leave the bloc without a formal budget next year, as newly empowered MEPs seek to use their ability to sanction the annual budget in order to extract their more longer-term wishes from member states.

“There is a real possibility of not agreeing a 2011 budget.”

Belgian EU official

This concern was expressed by a senior Belgian official at an off-the-record briefing on Monday, as the outgoing government prepares to take over the EU’s rotating presidency this week at an interesting juncture regarding future EU funding, the EUobserver reports.

“There is a real possibility of not agreeing a 2011 budget,” said the official, who has conducted extensive behind-the-scenes talks with members of the EU legislature, according to the EUobserver.

“As the first budget to be agreed under the Lisbon Treaty, it would not set a good precedent.”

The new EU rulebook, which came into force last December, hands MEPs a greater say over how the bloc spends its money.

The Belgian official said he feared euro deputies would use the 2011 budget discussions to show that parliament meant business ahead of the fast-approaching debate on the EU’s next long-term spending programme (2014-2020).

“The 2011 debate is a strategic debate,” the official said. “I hear MEPs want to have a greater say over the longer-term issues of the EU’s 2020 growth strategy and the matter of budgetary ‘own resources’.”

But there is also room for a potential argument due to shorter-term fiscal constraints.

Fiscal Constraints

Under the standard institutional game played out between EU institutions, the commission proposes a draft annual budget in the spring, which member states then generally seek to reduce and parliament usually tries to increase.

In April the commission proposed a €130 billion recession-busting budget for 2011, measured in forecast expenditure, an increase of 5.9 percent on this year’s budget.

While MEPs are likely to back the increase due to the heavier workload under the Lisbon Treaty, member states are slashing their domestic spending plans, giving in to pressure from financial markets by imposing swingeing austerity measures.

Should the parliament and member states fail to reach an agreement by the end of this year, the EU’s 2010 budget will simply be rolled out again as negotiations continue, but “cohesion payments and the European External Action Service could be affected,” said the Belgian source.

Own Resources

In September, the European Commission will come forward with an initial paper on the next multi-annual financial perspectives, plunging the Belgians into the heart of a wider debate, which will ultimately dictate much of the EU’s future actions.

While most of the tough negotiations will be carried out next year, Belgian authorities have indicated they will attempt to hold a preliminary meeting between member states, the parliament and commission officials this autumn in a bid to generate a “real discussion” on the subject.

The controversial issue of ‘own resources’ will be on the agenda, under which the EU institutions would have the power to raise their own revenue, reducing their heavy reliance on member-state contributions.

A future EU carbon tax or banking levy are among the possible sources cited so far, but opposition to the idea is fierce in a number of EU states, which have traditionally been more cautious about uploading powers to the EU level.

Their fear is that allowing the institutions to raise their own funding would provide them with an excessive level of independence. But Belgium intends to put forward proposals in the area regardless.

“Without imagination, the new financial perspectives will never be agreed,” said a senior Belgian diplomat this week, recalling the torturous debate that preceded the current budgetary period (2007-2013).

Original post at the EUobserver here.

Related by the Econotwist:

German Banks With More Than 200 Billion Euro In Faul Credits

Investors Are Dumping Covered Bonds

Secret Plan To Undermine The EU Parliaments Authority?

Romania’s Pension Cuts Ruled As Illegal

Desperation Gets A Grip: Greece Puts Islands Up For Sale

Welcome To The Euro, Estonia! Here’s Your 4,5% Extra Risk Premium

EU Wants To Tax Bonds Of Deficit Countries (And Old People)

Citigroup: Euro Zone No Longer A Single Economy

*

Related articles by Zemanta

• David Cameron will back down in fight with EU, say officials (telegraph.co.uk)
• MEPs vote themselves more “staff expenses” money (politics.ie)
• Despite Internal Political Turmoil, Belgium Prepares for E.U. Presidency (nytimes.com)
• First Belgium, then the EU? (search.japantimes.co.jp)

We Give You Merkel – You Give Us Batman

Batman’s got one, Superman’s got one, too –  even the US President have a an emergency situation room where monitors are showing satellite images, security advisers are shouting at each other, and the Commander in Chief is given a briefing note and sends an agent out to gather more information. We’ve seen it in the movies. Well, now EU’s foreign relations chief, Catherine Ashton, is going to get one of her own.

“Member states are afraid to give away power. But this could be the new mega-commodity in Brussels.”

The EUobserver.com

Ms. Ashton will not have an army or a “European Intelligence Service” to send into action. The centre-left British politician, a former activist in the anti-nuclear CND group, is said to distrust military types and her first priority is the kitchen-sink construction of the European External Action Service (EEAS).

But she has already told EU leaders that she wants a “single crisis response center” under her direct command, and internal discussion on the Ashton situation room is already at an advanced stage.

One  consideration is a crisis department run by a director general, and situated close to Ms. Ashton’s office in the EEAS headquarters, most likely in the so-called “Triangle” building, facing the EU Council in the heart of the EU quarter in Brussels.

It would have a staff of some 160 people and a modest budget of €10 to €20 million a year, the EUobserver reports.

24/7 Hotline

The situation room itself would have a conference table and banks of monitors showing breaking news and commercial satellite pictures of hotspots.

In the back-rooms, the crisis department would have a team of IT experts, scientists and tacticians sifting open source data in search of conflict threats.

Ms. Ashton’s private intelligence would come from officials manning 24/7 hotlines to the EU’s 136 foreign delegations and 14 civilian and military missions.

Another unit would send people to crisis zones at short notice to hunt for information.

A cell of secret-service agents seconded from key EU states would pass Ms. Ashton’s queries to spy agencies such as the UK’s MI6 or France’s DGSE and file replies.

The European Commission‘s existing Crisis Room and the EU Council’s Joint Situation Centre (SitCen) are to form the backbone of the crisis department.

SitCen already sends people into the field. When war broke out in Georgia in 2008 it dispatched two analysts to “re-inforce the EUSR  with reporting,” a contact familiar with SitCen operations told the EUobserver.

In an insight into the opaque bureau’s work, the source added: “These are fairly normal people who have perhaps in their lives had some experience of being out in the field in a place less comfortable than Washington. They are not spooks by any means. We avoid anybody who even looks like one. They are people who can write reports. Who do not mind not staying in five star hotels. Who know how to take precautions when they go out at night.”

The new set-up is to see Ms. Ashton pick up the phone or walk down the hall and “task” people herself to go overseas or to query EU countries’ secret services.

Current bureaucracy means that 27 EU ambassadors in the Political and Security Committee first hold a debate before tasking SitCen.

The idea is to give the EU foreign relations chief a powerful asset when she asks EU foreign ministers to deploy an EU battle-group or if she decides to send an EEAS diplomat, or even a prominent MEP, on a peace mission.

“Today, if you go through the normal channels to make a threat assessment in Kosovo, for example, by the time the [SitCen] officer gets to Pristina, it’s all over,” one PSC ambassador says.

“Imagine how effective the high representative could be if the new SitCen was to function like her shadow cabinet,” a contact in the EU institutions said. “Member states are afraid to give away power. But this could be the new mega-commodity in Brussels.”

Wider Or Deeper?

One question is whether the crisis response center will handle man-made conflicts only, or natural disasters and pandemics also.

The wider portfolio could spark turf wars between Ms, Ashton and aid and development commissioners Kristalina Georgieva and Andris Piebalgs.

It could also dilute EEAS resources, perpetuating the phenomenon of forgotten conflicts and threats, such as plans by UK private security firm Saracen International to build a pirate-fighting base in Somalia.

The Sidekick Question

But the big question is: who will be playing Ms. Ashton’s sidekick?

Former UK soldier and diplomat William Shapcott, who built SitCen, walked away in June to a new post in the EU Council administration, creating a risk that his successor might take a minimalist approach to the job.

One candidate for the job is French diplomat Patrice Bergamini, who worked close to Ms Ashton’s predecessor, Javier Solana, and helped draft the EU’s first security strategy in 2003.

The appointment could give France a monopoly on the EEAS security side, however. French diplomat Christine Roger is to be the new PSC president.

French official Claude-France Arnould is the new head of the EU Council’s civilian-military crisis planning office. A French secret service agent runs SitCen’s intelligence-sharing cell. And French diplomat Pierre Vimont is tipped to become EEAS secretary general, in charge of the body’s internal security structures.

“It would be good to have a German appointment to make sure that Germany is engaged at the highest levels. Somebody with a diplomatic and a security or intelligence background,” the source in the EU institutions said.

“Nationality can be overplayed. Intel is sensitive, so in that sense you do not want to play up the [director’s] national connections,” the contact familiar with SitCen’s work says.

Original post at the EUobserver.com here.

*

*

Related articles by Zemanta

• Lady Ashton secures key powers (guardian.co.uk)
• Europe’s lonely foreign minister (jonworth.eu)
• Parliament groups reject EU diplomatic corps plan (reuters.com)
• Lady Ashton invited back to school to brush up her French (timesonline.co.uk)
• Resignation of key aide upstages Ashton’s foreign policy plans (independent.co.uk)
• EU advances towards having own diplomatic service (reuters.com)