What if a European country suddenly lost access to email, online media, government websites and home banking? This isn’t the plot from a Hollywood film, but was the reality for the population of Estonia when their country was hit by a wave of cyber-attacks back in 2007.
I’ve just been in Budapest, where I was a guest of the Hungarian Presidency of the EU at the Ministerial Conference on Critical Information Infrastructure Protection. While I’m regularly involved in discussions on cyber-security, with the European Commission itself coming under cyber-attack only a few weeks ago, I couldn’t help but think our talks had an added significance this time.
In a globally interconnected world where our reliance on networks and information systems to provide crucial services grows day-by-day, the disruptive effects of cyber-crime are potentially huge. An act of cyber-crime in one place could be quickly felt thousands of miles away.
We therefore need global action and that’s why I, alongside EU Home Affairs Commissioner Cecilia Malmstrom, was delighted to meet with US Homeland Security Secretary Janet Napolitano during the Budapest conference, where we reiterated our commitment to deepening co-operation against the increasing threats to global internet and digital networks.
This level of co-operation with one of our most important international partners is welcome, but if we’re truly serious about tackling the growing global threat to our cyber-security, then we also need to look closer to home.
Gaps still exist among European countries, in terms of planning and preparedness for acts of cyber-crime. Only a small number of Member States have adopted national cyber-security strategies or carried out national cyber-incident exercises. National capabilities, such as setting-up Computer Emergency Response Teams, are essential for Europe to be able to co-operate in the event of a serious incident, yet progress in building these capabilities is uneven.
The European Commission is actively supporting Member States in this process, together with the European Network and Information Security Agency (ENISA). We’re also doing our part, for example by building up a Computer Emergency Response Team for the EU institutions from June onwards, and establishing a European Cybercrime Centre by 2013.
It is now ten years since the Council of Europe Convention on Cybercrime was opened for signature in Budapest. It is still not ratified by all European countries. I find this frustrating; if cyber-criminals are not constrained by borders then neither should Europe’s cyber-security defences.