Cyber-attacks now the most feared EU energy threat


In the wake of last week's cyber-fraud on the world's carbon market, a senior EU official has told EURACTIV that of all threats to Europe's energy supply, cyber-attacks are "probably the most to be feared".

"That is where the vulnerability is," the official said. "That's why [the European Commission's climate action DG] is looking at ICT [information and communications technology] systems, and how they work."

The official, who spoke on condition of anonymity, said other Commission departments were also looking at potential cyber-disruptions to electricity and gas trading.

One proposal on integrated markets integrity and the Internet from the Commission's energy directorate is currently being discussed in the run-up to the next meeting of energy ministers, EURACTIV has learned.

Cyber-attacks on the electric grid appear to be one of the biggest worries. In 2009, cyber-spies from Russia and China allegedly broke into the US electrical grid and left behind software programmes that could be used to disrupt the system. 

US intelligence officials said they were worried about cyber-attackers taking control of electrical facilities, a nuclear power plant or financial networks via the Internet. 

Emerging threat

But the dangers of cyber-attacks are not limited to organised crime, according to Fernando Sanchez-Gomez, director of the Spanish Interior Ministry's National Centre for the Protection of Critical Infrastructure.

He warned a Security and Defence Agenda conference against under-estimating the threat that emerging cyber-attacks pose to essential services.

"The Internet is a terrorist instrument," he said. "We have email communication, chat channels, PGP encryption, steganography, tapestry."

The Internet was also a means of terror, he cautioned, citing psychological war, disinformation, recruitment and propaganda as examples – and there was a growing possibility that it could become a terrorist goal.

"The moment that hacker environments and terrorist groups cross paths, we will stop speaking about terrorist threats and start speaking about realities."

Another conference participant, Jean-Arnold Vinois, head of the European Commission's energy policy unit, said that the modernisation of electricity networks would reveal new challenges in protecting infrastructure.

"Cyber-terrorism is clearly one of the key elements to appear in the field," he said.

While the scale of online theft has been estimated at $1 trillion a year (€0.73 trillion), there have been few documented cases of cyber-terrorism as yet.

Wikilieaks: A terrorist organisation?

There is also a wider problem of how to define "cyber-terrorism". Some analysts argue that it should strictly apply to attacks which threaten lives or property, for political purposes.

Others aver that motivations, targets, and inflammatory content should be taken into account.

Last year, the president of the US Congress Homeland Security Committee, Peter King, called for the WikiLeaks website to be deemed a terrorist organisation for publishing information that could lead to the harm of Americans abroad.

Yet in the 1970s and 1980s, King himself was banned by the BBC after reportedly championing the IRA, who he called "the legitimate voice of occupied Ireland". He travelled to Northern Ireland several times to meet with senior republicans.

The EU has for the most part targeted cyber-attacks which illegally access or interfere with computers, servers and data.

Towards an EU cyber-crime agency

Last April, EU ministers asked the European Commission to assess whether it should set up a centralised agency to tackle cyber-crime.

A package of EU proposals was then published in September 2010, focused on targeting malware or botnets and strengthening and prolonging the mandate of ENISA, the EU agency tasked with network security.



EU and NATO authorities started to rethink their common approach to telecommunications network protection after a massive cyber attack carried out against Estonian public and private strategic infrastructure in May 2007.

The massive denial-of-service bombardment occurred shortly after a Russian World War II memorial was removed from downtown Tannin. All government ministry networks and two banks were knocked offline.

Russia described speculation that it had mounted the attack as "unfounded".

In March 2009, the European Commission published a new communication aimed at "protecting Europe from large scale cyber-attacks".

Earlier, in April 2008, NATO leaders assembled at a summit in Bucharest agreed upon a common policy for cyber defence. They committed themselves to establishing a new authority with the primary task of coordinating NATO's "political and technical" reactions to cyber attacks.


Further Reading