Euro-View: Cecilia Malmström on Cyber-Threats
Recent figures from Eurostat, the EU’s statistical wing, show that the percentage of households across the EU with a broadband connection has doubled since 2006. More people are going online, and more and more businesses use the Internet as the preferred channel to engage with their clients. At the same time, more government agencies offer their services to the citizens via the web.
The Internet gives us seemingly endless opportunities and is rapidly changing our way of living. But unfortunately it also proffers new opportunities for organised crime. Indeed, cyber crime in general – and sophisticated cyber attacks in particular – are increasing, in terms of both numbers and impact.
This rapid development is hard for policy-makers to adapt to. While we have considerable experience in fighting more “traditional” forms of organised crime, we seem to have more difficulties in adapting efficiently to fighting cyber crime. There are many reasons for this, but let me mention two.
First, the tools for law enforcement authorities to fight cyber crime have to be sharpened. In many EU member states, their resources are limited in light of these challenges.
Second, we suffer from a lack of statistics. Without the numbers, we cannot see the patterns. It is therefore important to discuss how to facilitate the reporting of cyber crime and Internet incidents. Too often companies, but also public institutions, do not report cyber attacks to law enforcement authorities. It is apparently easier to just compensate customers who have been targeted than to report the crime. But if they do not report, others will not be warned and the police will not be able to start investigations.
To address the growing importance of cyber crime and cyber security, I and Neelie Kroes, European Commissioner for the Digital Agenda, put forward two legislative proposals in September last year.
The first proposal, for a draft directive, addresses the mounting threat of so-called “botnets” and is aimed specifically at fighting large-scale attacks on cyber networks. The overall goal of the directive is therefore to deter the occurrence of such attacks.
Its specific objectives include the prosecution and conviction of criminals responsible for large-scale attacks by approximating criminal law across the EU 27. Moreover, by improving cross-border cooperation between law enforcement agencies and promoting effective monitoring and data collection systems, the directive should help boost the prevention of such attacks and increase cyber security.
The second proposal aims to strengthen ENISA, the European Network Information and Security Agency.
These two steps alone, however, will not be enough to address Europe’s growing cyber threat problem. In the new EU Internal Security Strategy, which I unveiled in November, cyber crime and cyber security are identified as one of five priority areas. We propose concrete actions in the strategy to improve prevention and fight cyber crime and cyber attacks.
This will be done in mainly three ways by:
- Building capacity in law enforcement and the judiciary via a new “European Cybercrime Centre” by 2013. This centre will support national and European alert platforms by simplifying the reporting of cyber crimes. Moreover, it will support the development of training and awareness-raising for law enforcement agencies and the judiciary, and will help member states and institutions build operational and analytical capacities to investigate cyber crimes.
- Enhancing cooperation with industry to empower and protect citizens. The aim is to simplify the reporting of cyber crime for citizens and to enhance the resilience of network and information infrastructures via public-private partnerships.
- Improving capabilities to deal with cyber attacks. For example, this would flow from increased cooperation between the EU Member States’ computer emergency response teams and ENISA – and with law enforcement agencies and Europol.
Beyond the Internal Security Strategy, we need to address the cyber threat problem on a global level. The very nature of cyberspace truly constitutes a “world-wide-web”. The European Union and the United States decided during their summit in November 2010 to set up a joint working group on cyber security and cyber crime to tackle these common challenges.
The Internet is amazing and will continue to open new opportunities, making our lives easier and more comfortable in many ways. But in order to benefit from its full potential, we need to make sure it is safe. The European Commission will take this issue seriously, but we need the help of the member states, business and citizens to ensure that we collectively make progress to reach our goal of a safer cyberspace.