Cyber attacks against individuals, businesses and governments present a substantial threat to the economic prosperity and national security of every state. On the one hand, our advanced technologies considerably improved the intercommunication relationship between citizens and governments and led to the hyper-connectivity with a speed inconceivable before.
On the other hand, such a deep penetration of information systems makes everyone vulnerable to cyber incidents and could result in disruptions of the essential services as healthcare and transport.
A seminar on how to tackle cyber threats organised by Antanas Guoga, a Lithuanian MEP and a member of the Internal Market and Consumers Committee at the European Parliament aimed at classifying such crimes according to a scale of disruptions they bring. Panel of speakers, participated in this event also tried to find a way of dealing with this challenge.
“Cyber security is extremely challenging and we do need member states to act responsibly ”, MEP Antanas Guoga underlined. “Everyone has to know where we are going and not to create barriers”, added the politician.
According to Mark Weil, CEO of Marsh UK &Ireland, an insurance broker and risk management company, at present there are three types of cyber crimes and their number will increase because the means of staging an attack become cheaper.
The first sort of cyber-crime is a daily fraud perpetrated by people who try to syphon a relatively modest amount of money or information from an individual’s account or profile. Although this is mostly a low-security event, the situation is aggravated by the fact that criminals often operate from outside territories and law-enforcement agencies often cannot reach them because of the lack of cooperation between EU member states. In order to reduce the risks of potential cyber attacks, Weil recommends to invest in consumers’ IT-education and protective software.
The second type poses substantial threat to businesses as big companies can be attacked and large amount of data information is stolen or websites are frozen. The main concern for IT-specialist whose task is to prevent such crimes is the effect of aggregation.
It means that criminals who get access to one kind of information can subsequently obtain access to tens or even hundreds of files with bank information due to the high interconnections of computer programmes. Therefore, companies understanding such vulnerabilities invest huge money in software and digital development companies.
The last but not least are the cyber crimes whose targets are nation states. They put at risk financial sectors of the economy; whole types of any particular industry or military capabilities. A striking example of such a threat to a national security, which alarmed all NATO allies, occurred in 2007 after a dispute between Russia and Estonia over the removal by the latter of the statue of the Soviet Soldier in central Tallinn. The decision taken by the city’s authorities resulted in a three-week wave of massive cyber-attacks on the Baltic state and disabled the websites of government ministries, political parties, newspapers, banks and companies.
In order to prevent all potential risks coming from information systems, in December 2015, the European Parliament and the Council reached a political compromise on the Network and Information Security Directive, which sets up a number of obligations for operators of essential services and digital service providers.
However, by introducing such measures the EU cannot hope to tackle effectively the threats coming from cyber sector as it needs a more comprehensive approach, including close cooperation between member states.
“At the European level we have to make things as smooth as possible, but at the same time we have to rely on national parliaments”, Antanas Guoga said.
This problem was also stressed by Laure Chapuis, Member of Cabinet, European Commission: “We have internal discussions in terms of vertical or horizontal lines but the main problem comes from member states as sometimes they act in different ways”.
The lack of cooperation among member states in the field of cyber crime prevention also concerns the intelligence sharing.
“The problem is that big states do not share with small ones. It is a common threat and we have to tackle it accordingly by using all available means, including intelligence”, Guoga emphasised.
The Directive on the Network and Information Security Directive if it is implemented, will require operators to take measures to manage cyber risks and report major security incidents.
The document includes a number of critical sectors such as energy, transport, finance and health, where member states should identify the operators providing essential services, based on clear criteria laid down in the directive. Introduction of such requirements at the EU level is doubtless a serious step, as the number of cyber crimes will be only increasing.
However, if member states want to tackle this substantial challenge to their national securities more efficaciously it is a high time to reunite their efforts and battle a common enemy together.