Estonia, which recently suffered what appeared to be the largest political cyber-attack ever seen on EU soil, is organising an EU ministerial meeting on the protection of vital infrastructure against cyber-crime, the European Commission has announced.

The continuation of the current status quo in Critical Information Infrastructure protection (CIIP) is not an option, the website of the ministerial meeting to be held in Talinn on 27-28 April states. 

As protection against cyber-attacks becomes more and more of a priority for the EU, Information Society Commissioner Viviane Reding, who has introduced the practice of streaming weekly messages on her Commission homepage, will address the issue of cyber-attacks in her next communication, a Commission spokesperson told EurActiv. 

Cyber-attacks on the electric grid appear to be one of the biggest worries. Following the January Russia-Ukraine gas crisis, EU experts recently expressed concern that a collapse in any of the South East European countries would have triggered a long-lasting regional blackout (EurActiv 19/03/09). 

The Wall Street Journal published an article, widely picked up on by other media, claiming that cyber-spies from Russia and China had broken into the US electrical grid and left behind software programs that could be used to disrupt the system. 

According to unnamed current and former national security officials, the intruders had not sought to damage the power grid or other key infrastructure, but officials warned they could try to do so during a crisis or war. 

Many of the intrusions were detected not by the companies in charge of the infrastructure, but by US intelligence agencies, officials said. Intelligence officials worry about cyber-attackers taking control of electrical facilities, a nuclear power plant or financial networks via the Internet. 

Recently, the Commission proposed to ensure the resilience of critical information infrastructure in the private sector through voluntary rather than binding measures. But a binding approach could also be used, the EU executive said. 

What is first needed appears to be a Europe-wide debate on the threat. Next, the Commission and EU member states must define appropriate guidelines, and finally, the Union must promote those principles at global level by building partnerships with third countries. 

An impact assessment will be made before further measures are envisaged, the document says.