EU institutions not well prepared for cyberattacks

The level of cybersecurity preparedness within the EU varies greatly from one agency to the next. Because the various governing bodies are closely intertwined, the shortcomings at one agency pose a security risk to the other. To do something about this, generally applicable and binding rules are needed.

The European Court of Auditors concludes this on the basis of its own investigation.

These problems have been identified by the European Court of Auditors

The Court of Auditors examined whether European bodies such as the European Commission and European Central Bank are able to withstand cyber attacks. The researchers say that the number of cyber incidents at European institutions has more than increased tenfold between 2018 and 2021. Due to the corona crisis and the fact that we are increasingly working from home or hybrid, the number of potential entry points for attackers – also known as the attack surface – has increased significantly. In the past two years, 22 institutions have been the target of a cyberattack, including the European Medicines Agency EMA.

That in itself is a dangerous observation, but it is not the main conclusion of the European Court of Auditors. This is because the European institutions do not have a joint approach to stand up against hackers and cybercriminals. Because one agency pays less care and attention to cybersecurity, it can cause problems for another. This is because the institutions work closely together. The weakest link then poses a threat to the rest of the chain.

A third problem identified by the European Court of Auditors is that not all bodies communicate information about vulnerabilities and other cyber threats to each other in a timely manner. As a result, other agencies run the unnecessary risk of becoming the next victim.

EU must step up efforts

The European Court of Auditors emphasizes that it can often take “weeks, if not months” for an EU institution to fully recover from a cyber-attack. The EU institutions, bodies and agencies are attractive targets for potential attackers, in particular groups that can carry out covert, highly sophisticated cyber-attacks for cyber-espionage and other malicious purposes,” said Bettina Jakobsen of the Court of Auditors.

She continues her story: “Such attacks could have significant political implications, damage the EU’s overall reputation, and undermine confidence in its institutions. To protect its own organizations, the EU must step up its efforts.”

The European Court of Auditors believes that the EU institutions should adopt a joint approach. If everyone takes cyber-attacks seriously and faces them in the same way, the chances of falling victim to a hacker are reduced. The Court of Audit also believes that the European Agency for Cybersecurity ENISA and the crisis team CERT-EU should provide more assistance to organizations that have less experience in this area.

European Commission adopts recommendations

The European Commission states in a response (PDF) that it supports the recommendations of the European Court of Auditors. The day-to-day management of the EU emphasizes that each institution is responsible for its own cybersecurity and digital resilience.

Catch up on more articles here

Follow us on Twitter here


Must read


Related Posts