EU leaders agreed at a summit on Thursday (18 October) to impose sanctions to stiffen their response to cyber attacks and to rush through new curbs on online campaigning by political parties to protect next year’s European election from interference.
In the conclusions of the European Council meeting, EU leaders agreed that the new measures to tackle cybersecurity, disinformation and data manipulation “deserve rapid examination and operational follow-up”.
They called for “measures to combat cyber and cyber-enabled illegal and malicious activities” and to “work on the capacity to respond to and deter cyber-attacks through EU restrictive measures should be taken forward, further to the 19 June 2017 Council conclusions.”
Negotiations on running proposals are meant to be concluded by the end of the legislative term next year.
The will to consider sanctions against cybercrime perpetrators has emerged after a report from the Dutch intelligence services in partnership with the UK that a range of cyberattacks was carried out by the GRU, the Russian military intelligence service, on various sectors ranging from sport to transport and the 2016 US presidential election.
On Wednesday (17 October), a report by researchers at Slovakia-based ESET uncovered the latest interference, with hackers infecting three energy and transport companies in Ukraine and Poland, using sophisticated malware.
The threat of a special EU economic sanctions regime against computer hackers, including hostile governments and individuals, as well as fines for political parties, will act as a deterrent, European Council President Donald Tusk told reporters after a summit of EU leaders.
“Such a regime should help to protect our citizens, companies and institutions from all kinds of cybersecurity threats,” Tusk said, referring to proposals pushed forward by seven EU countries including Britain.
Russia has made cyber and electronic warfare part of its military operations, Western officials say, and Britain, the Netherlands and the United States have accused Moscow of conducting a global campaign of computer hacks against the West.
A ‘robust sanctions regime’
“We should accelerate work on EU restrictive measures to respond to and deter cyberattacks, including a robust sanctions regime,” urged British Prime Minister Theresa May in her summit statements.
But EU officials are equally concerned about the misuse of voter data by domestic actors to sway elections.
In summit conclusions on Thursday, EU leaders agreed to combat disinformation in the context of the upcoming European elections. They expressed support for recent proposals by the Commission on election cooperation networks, online transparency, protection against cybersecurity incidents, unlawful data manipulation and fighting disinformation campaigns and tightening the rules on European political party funding.
The EU executive recently proposed new rules to guard against a repeat of the Facebook Cambridge Analytica scandal.
The Commission will assess the implementation of the Code of Practice on disinformation by the end of the year, while in line with the June summit conclusions an Action Plan for a coordinated EU response is due to be presented by December 2018.
German Chancellor Angela Merkel became the latest leader this week to warn against the risk of disinformation and voter manipulation. At the EU summit, she called for sanctions for European political parties that receive EU party funding and spread disinformation in their campaigns.
In an EU-Asia summit from Thursday evening, the 28 EU leaders will meet Russian Prime Minister Dmitry Medvedev and China’s Premier Li Keqiang.
Cybersecurity is expected to be discussed, with a final statement focusing on action to combat hackers. Russia and China deny responsibility for cyber attacks.