Home / Our news and views / EU charts course for more cooperation in online counterterrorism

EU charts course for more cooperation in online counterterrorism

By MAX METZNER and OKSANA TRIFONOVA, with BROOKS TIGNER

BRUSSELS – The WannaCry ransomware cryptoworm attacks in May raises two fundamental questions regarding the safety of classified information. How do policymakers ensure international cyber-safety in the technological era, and what steps should be taken to deter and prevent cyberattacks before the damage is done?

During a recent talk in Brussels on the EU’s Security Union, a senior European Commission official laid out the priorities and next steps.

“Three critical factors need to be emphasized when dealing with cyber security, especially as it relates to fighting terrorism transparency, traceability, and accountability,” said the official. “On counterterrorism, we are working around two fronts. The first is to close down space around which terrorists can operate. The second is to build our resilience while strengthening communications, critical infrastructure, transport, energy, and cybersecurity.”

In one example, he brought up the ability of an IP address to cover thousands of users, which can make it difficult to trace down one account. And even if authorities do manage to track the account, there’s the issue of accessing the evidence in that account due to legal hurdles and technical complexities.

The Commission hopes to eliminate some of the complexity of investigating online counter-terrorism by promoting cooperation among technological corporations and national and international law enforcement bodies. Between now and September, the EU will implement a number of measures as part of its NIS Directive on network and information system security – a measure to enable the member states to defend themselves against cyber attacks while boosting international cyber-cooperation. Adopted on 6 July 2016, national capitals have until May 2018 to transpose the directive into national law. However, the official said the directive’s implementation so far is patchy, which will “hopefully be fixed” in the near future.

When asked about vulnerability disclosure – policies dealing with publishing information and informing users about a computer security problem – the official admitted it is difficult to force people to act responsibly. Nonetheless, he said the EU will cooperate with the governments of member states to develop a programme of work on encryption.

Before doing so, he said the member states would first need to agree on the legal framework of encryption by outlining the legal parameters for information about encrypted content. If they can agree on a common framework, then additional technical options and possibilities could be discussed, with concrete ideas possibly ready as soon as October 2017.

While stressing the need for such solutions to fight radicalisation online, he said that can only work in conjunction with other solutions. “It’s crucial we don’t lose the civil society element,” he said, pointing out that many in marginalised communities do not trust their local governments, let alone the EU. “There needs to be a good degree of community involvement.”

One example of EU community involvement is the Civil Society Empowerment Programme. Launched by the EU Internet Forum, it seeks to counter radicalisation by promoting alternative points of view in communities that could be susceptible to radicalization.

A similar EU initiative is the EU Internet Referral Unit (EUIRU), launched in 2015 by Europol. The EUIRU serves as an open source monitoring unit for identifying and removing extremist material posted online. All these civilian-based counter-terrorism measures need to be scaled up, said the official, noting that EUIRU “has taken down tens of thousands of postings, but hundreds of thousands remain online.”

Finally, the official acknowledged that governments need the trust of civil society to support work in the field of security, pointing the Commission-funded Radicalisation Awareness Network (RAN), a European Commission initiative that connects local practitioners to disaffected youth to swing them away from radicalization. Through such a network, “policymaking becomes intertwined with real-life experience” said the official, adding that if “sustain and support measures are to really support counter radicalisation, then they must respect the values that we’re seeking to defend”.

     THE UPSHOT: One has the grinding sense of having heard most of this before because most of it has been stated before – again and again, for years and years. The NIS directive’s framing, stakeholder feedback, legislative finalisation and forthcoming implementation at national level: all have stretched on for years while the lightning-fast sector and its concomitant threats that the NIS is supposed to address keep moving on, effectively out-morphing any barriers the NIS might eventually erect.
     And if the NIS is any indication, the EU-national capital dialogue on a common approach to encryption risks doing the same. By the time EU encryption standards fall into place, the sector’s “bad guys” will have moved on to a different set of capabilities or priorities.
     As for RAN, as this publication has repeatedly stated: where is the beef? RAN has received a lot of money from the EU for a lot of years. But aside from some local community how-to “manuals” and such, the concrete examples of what it has actually achieved in quantifiable terms are thin on the ground. For example, the network does not make its annual conferences on boosting community awareness public. Why? The “public” cannot be trusted?
     RAN’s raison d’etre is solid, but it’s time for it to show in detail what it does with the European taxpayers’ money.

     mmetzner823@gmail.com
     trifonov@use.edu
     bt@securityeurope.info

Check Also

The EP pushes for international ban on the use of killer robots

By BROOKS TIGNER, with KYLE ATTAR
BRUSSELS – Members of the European Parliament (MEPs) are demanding a ban on weapons that have no “meaningful human control”.The resolution, passed overwhelmingly on 12 September by a majority of the MEPs (566)  is non-binding, however, on the 28 member states but is supported by Federica Mogherini, the EU’s policy chief for security and defence policy. She has already begun an international dialogue to try and bring the world into consensus as to the direction of autonomous warfare. The resolution notes that lethal autonomous weapons (LAWs) are machines without the ability or capacity to make human decisions and, as such, remote operators must take responsibility for life or death decisions. Much like drones, these weapons bring up strong ethical and moral dilemma regarding...