Is Europe’s reliance on technology making us more vulnerable? Technology
is changing the world, and Europe is one of the most interconnected
societies on the planet, but with that comes new security threats. Is Europe prepared to deal with them?
In 2015, two power distribution companies in Ukraine had their systems hacked, resulting in the loss of power for 80’000 people. Could such incidents become more common in future? In today’s world, everything from critical power infrastructure to GPS navigation relies on information networks to function. Could large-scale cyber-attacks cause significant economic damage?
To get a response, we spoke to Heli Tiirmaa-Klaar, Cyber Security Policy Advisor for the European External Action Service (EEAS). What would she say to Yvetta?
Does Heli Tiirmaa-Klaar agree?
DebatingEurope
In 2015, two power distribution companies in Ukraine had their systems hacked, resulting in the loss of power for 80’000 people. Could such incidents become more common in future? In today’s world, everything from critical power infrastructure to GPS navigation relies on information networks to function. Could large-scale cyber-attacks cause significant economic damage?
To get a response, we spoke to Heli Tiirmaa-Klaar, Cyber Security Policy Advisor for the European External Action Service (EEAS). What would she say to Yvetta?
Next we had a comment from Nico, who believes the transborder nature of cyber attacks means that tackling cybersecurity at a national level is inadequate. Nico believes that cyber-resilience across Europe is not possible without the top-down “Europeanisation” of cybersecurity.The EU has been dealing with raising preparedness to respond to cyber threats for quite a long time already. In the field of cybercrime, the first political agreements appeared in 2005. Right now we have three Directives – two in place and one almost in place – to tackle cyber threats… Also, there are cooperative networks in place to fight cybercrime, and each EU country has a high-tech crime unit. These units are linked up, they are cooperating and launching joint investigations, and there is the European Cybercrime Centre within Europol which is facilitating this cooperation. So, on cybercrime we are making good progress.
On cybersecurity… we are finalising the Network and Information Security Directive, which has been discussed for almost three years now… Most of Europe’s critical infrastructure belongs to the private sector in democratic countries, and therefore this new EU cyber-legislation sets minimum requirements for IT risk management for those critical companies and also for public administration. Of course, not all Member States need this Directive, since they have developed their own cyber readiness, but there are still gaps here and there and we need to ensure there is even preparedness across the European Union.
Does Heli Tiirmaa-Klaar agree?
The “Europeanisation” of cybersecurity is something which people would think will work, but I’ve also been a cybersecurity practitioner and I know that cyberthreats are closer to forest fires. It’s very difficult for Brussels to put down a forest fire in Madrid, you need to do it locally.
Cyber threats need to be tackled at the national level first. If there is a virus in your networks, it takes a long time before somebody from Madrid can reach somebody in Brussels, so the operational incident response has to happen locally. And people also have understand that each organisation needs to deal with cyber-threats. The top-down approach is justified in terms of awareness raising, or when it is EU-wide legislation that asks individual Member States to do more… But every country has to set up a computer emergency response team or a cyber incident response team, which is like the cyber “fire brigade” that helps to deal with cyber issues at the local level.
DebatingEurope