European Commission sets up new agency to fight cyber-crime

Beefed-up EU Cybersecurity Agency will share threat knowledge to prevent cyber attacks

An engineer monitors a cyber threat map.  “Businesses are divided in two. Those who believe they have been attacked. And those who don’t know they have been attacked.” Photograph: Erdem Sahin/EPA
An engineer monitors a cyber threat map. “Businesses are divided in two. Those who believe they have been attacked. And those who don’t know they have been attacked.” Photograph: Erdem Sahin/EPA

The European Commission has joined the war on cyber-crime, creating a new EU Cybersecurity Agency to co-ordinate responses to and prevent cyber attacks.

The agency, a substantial beefing up and changing of the remit of a Crete-based European agency, will organise pan-European cybersecurity exercises annually and ensure better sharing of threat intelligence and knowledge.

It will also prepare plans for rapid co-ordinated responses to large-scale cross-border cyber attacks.

The EU will also establish a Cybersecurity Competence Network and centre to monitor developments in the digital world, and a commission directive is helping to beef up criminal law responses by suggesting definitions and common standards of penalties for cyber attacks to member states.

READ MORE

Member states are encouraged to make cyberwarfare a key element of a new Permanent Structured Co-operation (Pesco) programme of defence co-operation.

Ransomware attacks

The threat is real and increasing. Ransomware attacks have increased by 300 per cent since 2015 and the economic impact of cybercrime is estimated to have risen five-fold from 2013 to 2017 and could rise another four-fold by 2019. Some 80 per cent of businesses report having been victims of an attack.

Commission vice-president for the digital single market Andrus Ansip warned journalists wryly: “Businesses are divided in two. Those who believe they have been attacked. And those who don’t know they have been attacked.”

Among measures being proposed in the context of the digital single market is also a system of EU-wide certification to guarantee that billions of products from the “Internet of Things”, ranging from energy and transport networks to consumer items like connected cars, are cyber-secure.

The commission also announced its intention to free up flows of non-personal data throughout the EU. The move, which will end data storage duplication, cut costs, and allow businesses in smaller member states access to commercial data across the EU, will generate an increase of €9 billion in EU GDP, the commission claims.

Member states will no longer be allowed to require organisations to locate storage or processing of data within their borders.

Patrick Smyth

Patrick Smyth

Patrick Smyth is former Europe editor of The Irish Times