Committee warns of irregularities in defences against cyber-attacks

• Report: Protecting Europe against large-scale cyber-attacks
• House of Lords European Union Sub-Committee on Home Affairs
• YouTube Video: Protecting Europe against large-scale cyber-attacks

The inquiry has looked at how EU Member States and their major organisations can defend themselves and their critical information infrastructures (CIIs) against both criminally or politically motivated cyber attacks and other sorts of major network disruptions.

The global dependence on the Internet means that any significant disruptions to networks pose potentially catastrophic consequences to a State’s security and could have worldwide impact. The report concludes that although the global nature of the internet means that individual States and groups of States cannot be viewed in isolation, some form of intervention at an EU level is appropriate.

Infrastructures of the Member States of the EU are heavily interdependent, but there are wide differences between the levels of reliance on the Internet in different Member States, and even more so between the levels of their defences. The development of defences against cyber-attacks should be a priority for all Member States.

The Committee were shocked by the lack of cooperation between the EU and NATO, and recommends that they urgently develop their thinking on working together. Just as with other aspects of civil protection, there is considerable overlap between the roles of the EU and NATO in relation to cyber-attacks, and cooperation between them should be put on a more formal basis.

Other topics that the report looks into include:

• Resilience exercises such as the UKs Exercise White Noise. The Commission propose that each Member State run at least one national exercise by the end of 2010, with subsequent pan-European exercises to follow. The Report highlights that rushing these exercises will make them less useful, and the Commission’s current timetable for a pan-European exercise by the end of 2010 is unrealistic. The Committee also suggest that a resilience exercise involving the US might be beneficial
• The Commission’s proposals for the development of national and governmental Computer Emergency Response Teams (CERTs). While these will be of great benefit to many less advanced Member States, the Committee found little evidence to suggest any benefit to resilience by creating a national CERT in more advanced Member States such as the UK where sector and company specific CERTs are well developed
• ENISA: The report makes recommendations for extending the mandate of the European Network and Information Security Agency

Commenting on the Report, Chairman of the Sub-Committee on Home Affairs Lord Jopling said:

"We believe strongly that the Government and the EU should be giving greater attention to how cyber-security could be developed on a global basis. The Internet has no borders, and it is important that any proposals from the Commission are considered in a global context.

"A first step must be better cooperation with NATO. The EU and NATO have similar interests in defence against cyber-attacks and work in similar ways, yet there is virtually no communication between them. There must be cooperation rather than duplication.

"Further to this, broadening the dialogue with other major international players, such as the US, Russia and China will be essential if we are to become more robust in our defences against cyber attacks".