With war on the side, EU warned of cybersecurity gaps

BRUSSELS (AP) — As Russia’s invasion of Ukraine accelerates European Union defense cooperation, a watchdog said on Tuesday that EU institutions face vulnerabilities in another front: cybersecurity.

The warning from the European Court of Auditors covers the wide range of EU bodies – from the executive arm based in Brussels to specialized agencies located across Europe – that manage the day-to-day activities of the 27-nation bloc.

“The EU must step up its efforts to protect its own organisations,” ECA member Bettina Jakobsen said in a statement accompanying a special report on cyber threats. “Such attacks can have significant political implications.”

Cyberattacks on EU bodies are increasing “sharply”, with major incidents increasing more than tenfold between 2018 and 2021, according to the Luxembourg-based ECA.

Cybersecurity has jumped up the political agenda in Europe following attacks in recent years that have targeted EU countries such as Germany and other industrialized countries including the United States. , Great Britain and Australia.

In 2020, the EU imposed cyber sanctions for the first time, blacklisting a number of Russian, Chinese and North Korean hackers.

Nevertheless, European auditors said on Tuesday that EU organizations were failing to put in place some “essential” cybersecurity controls and were underspending in this area. Auditors also alleged a lack of “systematic” training in cybersecurity and information sharing.

EU entities as a whole deal with political, diplomatic, financial, economic and regulatory issues. The range of activities underpins the bloc’s status as a geopolitical force, a global player in industrial rules and the world’s most lucrative single market.

Sensitive information handled by EU bodies makes them attractive targets for hackers, according to the report, which says risks have increased due to remote working caused by the COVID-19 pandemic.

“This has dramatically increased the number of potential access points for attackers,” the ECA said.

He said a “particularly worrying trend is the dramatic increase in significant incidents”, which are described as attacks involving the use of new methods and technologies and which can take weeks or even months to investigate and resolve. to resolve.

One example cited is a high-profile cyberattack on the European Medicines Agency in late 2020, when the EU was pushing to authorize the first COVID-19 vaccines.

“Sensitive data has been leaked and manipulated in a way designed to undermine confidence in vaccines,” the ECA said.

Because EU organizations are highly interconnected, a vulnerability anywhere could have a cascading effect, he said.

“A weakness in one can expose others to security threats,” the ECA said.

He recommended that the EU draft legislation that would establish binding common cybersecurity rules for all institutions in the bloc.

The auditors also urged more resources to support the EU bodies’ Computer Emergency Response Team, or CERT-EU, saying “its effectiveness is compromised by an increasing workload, a unstable funding and staffing and insufficient cooperation from some” of the bloc’s organizations.

In summary, according to the European Court of Auditors, the network of EU institutions “has not reached a level of cyber-preparedness commensurate with the threats”.

___

Follow all AP stories on developments related to the war in Ukraine at https://apnews.com/hub/russia-ukraine.

Copyright © 2022 . All rights reserved. This website is not intended for users located in the European Economic Area.

Comments are closed.