US asks EU to up cyber security


The US has urged the EU to make cyber security a larger priority as Washington begins to up the ante on its own defences.

Deputy Defence Secretary William Lynn said this week in Brussels that the transatlantic partners should revive their Cold War alliance in fending off threats to network security in the Western world.

"The alliance has a crucial role to play in extending a blanket of security over our networks," Lynn said.

Lynn urged NATO to build a cybershield to protect the transatlantic alliance from network threats, in particular threats to its military and economic resources.

"NATO has a nuclear shield, it is building a stronger and stronger defence shield, it needs a cyber shield as well," he added.

The Pentagon's second most influential man said the US military services face over 100 threats a day.

The US has recently devised a new strategy to tackle threats which would try to monitor and track down network intruders and retaliate more quickly and effectively.

Threats are usually manifested in malware attached to innocuous-looking files. Malware is software that secretly infiltrates a computer system without the user's consent.

The US secretary named networks as the country's fifth domain of warfare after land, sea, air and space.

The possible outcomes of a cyber attack, say experts, could range from the crashing of an entire country's electricity grids to the infection of high-tech military equipment.

Though cybersecurity has been more of a peripheral issue in the EU, recently policymakers have begun work on beefing up the bloc's resources to fight possible attacks.

An attack in Estonia in 2007, when government, media and web servers broke down after a Soviet-era memorial was moved from the country's capital Talinn, brought the issue to the fore.

In April this year, EU ministers meeting in Luxembourg asked the European Commission to "assess the feasibility" of setting up a single centre on cybercrime to pool member states' efforts and resources to fight Internet crime.

A study by the European Network and Information Security Association (ENISA) concluded that European countries were highly varied in how prepared they were for dealing with cybercrime and cyber attacks.  

In September, ENISA also made the case for a national information-sharing platform to get member states to co-operate on threats.

Though network insecurity is commonly understood as a national security threat, academics and experts have been urging policymakers that cyber warfare does not know national borders.

A leading academic in the field, John Howorth, recently suggested that the EU should establish a European Security Council, a formal Council of Defence Ministers, a European White Book on Security and Defence and an integrated Intelligence Agency.

The European Commission claims that the cost of cybercrime in the EU, at €750 billion annually, vastly exceeds drug trafficking and is equivalent to 1% of global GDP.

On the black market a cybercriminal can buy a full identity profile for €40 and credit card details for much less, according to research carried out by Internet security business Symantec.

The European Network and Information Security Agency (ENISA), based in Heraklion, Greece, classifies threats on the Internet according to when experts think they will materialise, in 'current', 'emerging' and 'future' risks. ENISA describes itself as "a Centre of Excellence for the EU member states and EU institutions in network and information security, giving expert advice and recommendations". 

The agency monitors Spam, botnets, phishing, identity theft, route hijacking, instant messaging, peer-to-peer systems, malware on cell phones, hackers in stock markets, software vulnerabilities and lack of protection (e.g. antivirus software) in some devices.

Action on cybercrime has been slow to come as some EU member states have yet to ratify the Convention on Cybercrime adopted in 2001 by the Council of Europe, the Strasbourg-based human rights organisation.

The Convention was designed so EU countries could adopt a common position on practical issues such as blocking IP addresses and revoking domain names. 

Subscribe to our newsletters