Recently the European Commission, the executive arm of the EU, presented its plan for a formal cybersecurity unit.
With ransomware attacks continuing to rise across the globe, the European Union is attempting to turn challenge into opportunity with a joint cyber security unit lavishly supported in part by Covid-19 recovery funds.
Recently the European Commission, the executive arm of the EU, presented its plan for a formal cybersecurity unit. When implemented it will enable national governments of member countries hit by cyberattacks to ask for help from other countries and the EU, including through rapid response teams that can swoop in and fight off hackers in real time.
Clearly a new day is dawning as countries emerge from a once-in-a-century pandemic. With it is the new reality of heightened cyber awareness — and the money and institutions to back it up.
The world moved even more online due to the Covid-19 pandemic and with that came an even greater number of cyberattacks. Today literally hundreds of ransomware attacks are ongoing as hackers hold businesses and institutions hostage, often demanding untraceable digital currency to supply codes to stop the destruction. Many of the attacks might be undisclosed as compromised companies avoid publicity.
One recent attack with global reach also hit companies in Europe. Swedish grocery chain Coop kept most of its 800 stores closed for several days last week because their cash register software supplier was crippled in the attack. In Germany, an unnamed IT services company told authorities several thousand of its customers were compromised. Two big Dutch IT services companies were also among reported victims.
In a separate, rather perplexing incident, the district of Anhalt-Bitterfeld in the eastern German state of Saxony-Anhalt says it was the victim of a cyberattack and formally declared a disaster after hackers infiltrated its computer systems.
Officials in the relatively small district wondered why hackers would be interested in such an obscure target — but it was newsworthy for the precedent it set. The district was able to declare a formal emergency and receive federal funds for recovery, a mechanism normally used in natural disasters.
Even before the pandemic, as more work and business went online, the European Commission had already identified cybersecurity along with climate change as crucial in the coming years. President Ursula von der Leyen placed an emphasis on Internet security, privacy and policy when she took office in 2019.
And as the world moved even further online, ransomware and other cyberattacks surged. At the recent meeting to formally adopt the EU Joint Cyber Unit, European Commission vice-president Margaritis Schinas said a recent hack on US fuel supplies was the “nightmare scenario that we have to prepare against”.
With incidents in Europe rising from 432 in 2019 to 756 in 2020, the commission says cyberattacks already pose national security threats to member countries.
The European Union Agency for Cybersecurity (Enisa) will oversee the formation of the special cyber unit. It plans to have assessment and organisational plans in place by the end of this year and be operational at the end of 2022.
Apostolos Malatras, a team leader at Enisa, told the Press that with the pandemic “a lot of services were provided online and that happened in a kind of rush, so security was an afterthought”. At the same time people stayed indoors and had time to explore vulnerabilities in systems and critical infrastructure, he added.
Based on surveys of businesses by the British security firm Sophos, the average cost of a ransomware attack has doubled to about $1.85 million this year, including insurance, business lost, cleanup and any ransomware payments.
But the cost is immeasurable when it comes to human health and lives. An ongoing ransomware attack on Ireland’s health service will reportedly take months and 100 million euros to clean up. It will also have “large human costs”, said health service chief Paul Reid.
Encouragingly, the EU is awash in cash to help fund recovery from the pandemic and a lot is readily available for cyber security and other digital challenges. The EU’s long-term budget, coupled with the ‘Next Generation EU’ temporary fund designed to boost recovery, will be the largest stimulus package ever financed in Europe, valued at 2.02 trillion euros in current prices. Money for cyber security will come from the existing Digital Europe and European Defense administrations.
Along with governments, European businesses are also evolving to meet the challenge. The EU cybersecurity market is estimated to be worth more than 130 billion euros at present and growing at 17 per cent a year. It has more than 60,000 cybersecurity companies and over 660 centres of cybersecurity expertise.
An example of how it can be done has been set by Denmark, which was victimised by serious attacks in 2016. By one measure today it is the most cyber safe country in the world. The Danish Ministry of Foreign Affairs recently announced that the country ranked first among countries rated by British security research firm Comparitech.
The improvement followed a cyberattack on the Danish Defense Department by the same group that targeted US Democratic Party servers. Even though the leaked data was described as non-classified, it could still be used “to blackmail staff into becoming agents”, said the Danes.
The improvement is partly due to the widespread use of two-factor authentication. It successfully helps block some attack vectors because personal digital signatures are used as a login for all governmental online services and in the financial sector. Another big improvement came in well-developed banking apps.
Also contributing is an online-savvy populace that can practice quality “digital hygiene”.
And the issue can only get bigger. As the world also moves to the Internet of Things with all imaginable devices potentially controlled or affected by the Internet, security becomes paramount.
One lasting impact of Covid-19 will likely be the habit of more remote work and online services to deliver basic daily supplies such as food and even water. Clearly now is the time to get things tightened up.
Jon Van Housen and Mariella Radaelli are journalists based in Milan