EU technology chief Andrus Ansip predicted that member states will ask for money from a planned European emergency fund if they suffer major hacking attacks, despite wariness over the EU stepping up its cyber security plans.
“No deep analysis is needed to understand that in some situations, there can really be a need [for emergency funding] in case of a hurricane or an earthquake. It’s the same story with large-scale cyber attacks,” Commission Vice-President Ansip said in an interview.
The European Commission published a new EU cyber security strategy on Wednesday (13 September), which includes plans to help EU countries respond when they’re targeted by hackers.
“It’s up to member states to deal with these disasters but if it’s not enough to use their own funds, outside funds will be needed,” Ansip said.
Some member states are wary of the Commission’s plans to encourage more cooperation between countries and government authorities on cyber security because they do not want to be required to share sensitive information widely.
In addition to the strategy, the Commission proposed a law to give more power to the EU cyber security agency, ENISA, to coordinate responses to major security breaches.
The Commission’s strategy did not specify how much money it wants to set aside for the cybersecurity emergency fund. For now, the EU executive is still investigating the possibility of creating the fund—and Ansip is in favour.
Countries that apply an EU cyber security law set to go into effect next year and prove they have thorough security checks set up could ask for the emergency funds, according to the new strategy.
Member states that suffer major cyber security breaches could trigger the fund quickly and use it to pay for “replacing compromised equipment or deploying mitigation or response tools”.
The Commission suggested the cyber security fund could pool together national experts “along the lines of the EU civil protection mechanism”, a voluntary emergency relief programme that has sent out staff to assist in natural disasters like earthquakes and in the refugee crisis.
Ansip said member states need to start trusting each other more to share information about cybersecurity incidents and help when other countries are affected.
“It’s impossible to protect cyberspace just in one country. If the neighbourhood is weak, you will get their problems in your backyard anyway. If it’s not possible to create that kind of environment where we can trust each other on cyber security in the European Union, then where is it possible?” he asked.
Commission President Jean-Claude Juncker announced the new cyber security strategy and overhaul of ENISA during his annual state of the European Union address on Wednesday (13 September).
“Europe is still not well equipped when it comes to cyber attacks,” which “know no borders,” Juncker said in his speech.
Ansip stated that he was “very happy” that Juncker gave cyber security a prominent spot in the marquee address. But he said that it was necessary to draw attention to the issue because of recent hacking attacks and member states’ wariness to cooperate more on cyber security.
“I’m unhappy that there was a need to put those questions in such a prominent place,” he said.