Cyber-attacks are causing mayhem across Europe with military, public, private and individuals being targeted. Ransomware viruses like WannaCry and Petya are making headlines, crippling banks utilities, telecom operators and even national health services, as was the case in the UK.
Martina Werner, who is a member of the Parliament’s industry, research and energy committee, points out that there was a fivefold increase in the economic damage caused by cybercrime between 2013 and 2017.
The German S&D group MEP also highlights that in 2016, there were 300 per cent more ransom ware attacks than in 2015. Werner says, “Cybersecurity has now become a very hot topic over the past few years, due mainly to the digitalisation of our society and economy and we will likely to see a continuation of this trend.”
She points out that many small and medium sized companies lack the knowledge and resources to cope with this threatening digital environment and thus “much too often refrain from moving their digitisation safety strategy forward.”
With the EU having presented a new cyber security strategy in September, Werner says, “I welcome the proposals the Commission has put on the table. It is a solid basis for discussions.”
However, the deputy has identified three key weaknesses. “We need a stronger emphasis on the support of SMEs.
“We need to overcome the widespread silo mentality in larger companies and sectors regarding cybersecurity that is counterproductive to a resilient digital economy.
“Finally, the WannaCry attack in May 2017 and the rise of scam tactics such as ‘Fake President’ clearly show that criminals increasingly turn to methods that systematically exploit human weaknesses. “We need a robust link between the EU cybersecurity strategy and e orts to boost IT skills.”
Monica Macovei, who sits on Parliament’s civil liberties, justice and home affairs (LIBE) committee, stresses the scale of the problem Europe now faces, saying, “The economic and day-to-day impact of cyber-crime in our lives is overwhelming. We face unprecedented threats coming from cyberspace, governed by almost no rules.”
The Romanian ECR group deputy points out that “87 per cent of our European citizens state that they regard cyber-crime as a significant challenge to the EU’s internal security.”
She adds, “It’s high time we stepped forward with a strong package of measures to protect citizens, institutions and our security.”
For Macovei, the key to success for the EU’s new cybersecurity “depends on solid regulation, speedy implementation, proper allocation of resources and very tight collaboration between member states.”
She also says, “We need to move on with this part of the Union security agenda here and now. We can only do it if, while increasing the EU’s cybersecurity capacity and building a stronger EU cybersecurity agency, we are capable of truly creating that effective criminal law response mentioned in the new strategy.”
S&D group MEP Carlos Zorrinho fully supports the new strategy saying, “It can lead to robust protection of European businesses and citizens.”
However, the Portuguese deputy warns that in the rush for stronger security, “There is a huge risk of privacy rights being invaded in the name of cybersecurity.
“The European Union must lead a response, combining assurances of security and privacy, as part of its affirmation strategy in the new digital society and in the new economy based on data and its valuation. The strategy presented is a first step in this direction.”
His Maltese colleague Miriam Dalli welcomes the European Union Agency for Network and Information Security (ENISA)’s new mandate received, as it will “most definitely help coordinate efforts” in cyber-defence.
Still, she warns, “I still believe that European citizens need more assurances with regards to security against large scale cyber-attacks on critical infrastructure, such as in the case of the WannaCry attack.”
In her opinion, “The EU still needs to equip itself in two ways - first by ensuring member states and the EU as a whole have the right security tools in place, and second by using innovation to combat the phenomena.”
The MEP also believes young people, especially those learning code and computer science, should be recruited to “to bring then on the right side of the fight against cybercrime. These upcoming young, talented people are a great resource which we must utilise.”
Evžen Tošenovský, meanwhile, points out that in an increasingly interconnected world, “energy grids, telecommunications networks, space programmes, eGoverment, transport systems, all of those could simply collapse if vulnerable to cyber-attacks.”
Also with futuristic innovations brought about by the Internet of Things such driverless cars, smart cities and household items soon becoming a reality, having effective cyber security is critical.
But in regards to an EU cybersecurity certification framework for products and services sold in the single market, Tošenovský says, “I am sensitive to the reservations expressed by the representatives of industry as authorities within member states. “I believe an in-depth discussion on the Commission’s proposal involving the expert community will be inevitable.”
Lorenzo Pupillo, head of cybersecurity at the Brussels think tank CEPS, commends the European Commission “for its effort and its holistic approach in building resilience and creating an effective cyber defence.”
However, Pupillo warns, “Europe’s ability to operate as a single player, through a unique coordination point within the EU, is critical for a successful implementation of strategy.”
He also calls for the creation of a global cybersecurity policy, following the lack of tangible results from the UN’s government group of experts, and the lack of adoption of the Budapest Convention, as pushed by the Council of Europe.
He also encourages the EU to have bilateral agreements with countries such as India and Brazil, “to make new inroads in the fight against cybercrime.”