From organised crime to technical failures, Europe’s cyber-defender sees no shortage of challenges.
Udo Helmbrecht, director of the European Union’s Agency for Network and Information Security, explains how Europe can do a better job of getting ready.
TECHNOLOGIST What’s the biggest challenge today?
UDO HELMBRECHT Organised crime. It’s definitely on the rise, and it causes the most damage. Unfortunately, it’s still very easy for criminals to conduct phishing attacks and credit-card fraud: they can buy the necessary software over the Internet.
It doesn’t help that attacks on computers in Europe often originate in countries that don’t have law enforcement agreements with us. You may be able to track cybercriminals to Russia or regions of Asia, but it’s very difficult to actually catch them.
TECHNOLOGIST What are you doing about these threats?
UDO HELMBRECHT Every two years we run a CyberEurope exercise to test the resilience of IT systems and measure our capacity to respond to threats. This involves more than 200 organisations – including telecommunications companies and banks – and more than 400 people representing every EU member state. Working from a command centre in Essen, Germany, they deal with a series of simulated cybersecurity incidents.
TECHNOLOGIST Such as?
UDO HELMBRECHT Denial-of-service attacks or technical failures. A few years ago, an undersea cable at Alexandria, in Egypt, was cut during construction work, interrupting 20-40 per cent of the Internet traffic to Asia. If a key exchange point becomes damaged, the Internet could be shut down in large parts of Europe.
TECHNOLOGIST What can Europe do better?
UDO HELMBRECHT We’re missing a vertical approach to escalating decision-making – taking the problem from a technical level up to a political level. If Ebola is spreading or a financial collapse is looming, you know that every government has a minister responsible for planning a responsive strategy. But if we have a major incident in the IT sector there’s just a big question mark because we don’t have a well-established escalation procedure. IT issues are handled by many different ministers, departments and agencies across Europe, and every member state has different priorities.
TECHNOLOGIST What are the emerging threats?
UDO HELMBRECHT One is the fact that more and more appliances are linked to the Internet. The first smart electricity meters, for example, didn’t have IT security designed into them, so we’ve encouraged utility companies to invest in that area. Automobile companies are beginning to build cars that are connected to networks, and now they need to think about IT security. The key lesson is: don’t connect your critical infrastructure to the Internet.
Interview by Mark Peplow
More on cybercrime: Seven ways to hack for profit