EU seeks unified cybersecurity regime

June 16, 2011 at 6:17 AM
share with facebook
share with twitter

BRUSSELS, June 16 (UPI) -- Led by Estonia, which was the target of a full-scale cyberattack in 2007, EU members met this week to bolster a unified approach to cybersecurity.

The European Security Round Table, described as a "neutral platform between the EU Institutions, NATO and other relevant actors to discuss European security and defense issues," took up the topic of cybersecurity Tuesday in Brussels at a conference led by Estonian Defense Minister Mart Laar.

Organizers of the event said its purpose was to persuade participants, who include representatives of the European Parliament, the European Defense Agency, NATO, private security organizations and others, to promote "a comprehensive policy approach to cyber-security among EU institutions."

Laar said that goal is imperative to keeping the continent safe from the kind of cyberattacks that Estonia endured four years ago, Estonian broadcaster ERR reported.

"If we are serious about the possible damage that bombs and bullets can cause, then we should also give serious consideration to the dangers that can be sent through global networks, because they can be used to strike at a country's energy security, and damage its economy and intellectual property," Laar said.

Estonia was hit with a 3-week barrage of cyberattacks in 2007 aimed at disabling Web sites for its government, private companies, political parties, banks and newspapers.

Tallinn, which blamed the attacks on Russian agents, estimated the financial damages from the episode at $27.5 million-$40.5 million.

Laar said the current EU approach to cyberthreats should be overhauled to protect the bloc as a whole.

To do so, however, the member nations need to iron out many questions and grey areas -- such as, what exactly constitutes a "cyberattack" and sabotage? How would a cyberthreat's damage potential to critical infrastructure be quickly assessed and responded to?

As it now stands, it's mainly private companies that respond to such threats. To develop an EU-wide security policy, it may become necessary to at least partially cede those functions to governments. And if so, public private partnerships allowing for knowledge-sharing with cybersecurity companies would need to hammered out, conference organizers said.

Several other knotty problems also need to be overcome. For instance, which country has legal jurisdiction over attacks conducted through stateless "cyberspace" -- the originating country or the target nation?

Although these questions have been discussed many times in recent years, there are still no clear answers, which organizers of the conference -- entitled "Shared Threats, Shared Solutions: Towards a European Cyber Policy" -- sought to address.

One the keynote speakers was Cecilia Malmstrom, member of the European Commission responsible for Home Affairs, who at an April cybercrime conference in Budapest called for new action, declaring, "cyberattacks in the world (are) on the rise and the cost of cybercrime is skyrocketing."

Malmstrom said she is working with European Commission Vice President Neelie Kroes and EU foreign affairs and security chief Catherine Ashton in "coordinating a joint response to the challenges we are facing."

Included in that effort, she said, will be the establishment of a European cybercrime center by 2013, which "will become the focal point in the EU's fight against cybercrime and it will also ensure faster reactions in the event of cyberattacks."

NATO is also seeking to play a role in the formulation of a single European cybersecurity policy. Assistant Secretary-General Gabor Iklody told participants at Tuesday's roundtable that closer cooperation between the alliance and the EU is a key part of NATO's updating of its own computer security systems, Defense News reported.

Related UPI Stories
Latest Headlines
Trending Stories