Connect with us

Defence

Essential infrastructure: New rules to boost co-operation and resilience

SHARE:

Published

on

We use your sign-up to provide content in ways you've consented to and to improve our understanding of you. You can unsubscribe at any time.

Civil Liberties Committee MEPs endorse new rules to better protect essential services like energy, transport and drinking water.

With 57 votes in favour and six against (no abstentions), the Committee adopted its negotiation position on new rules on EU critical infrastructure entities. MEPs are aiming to better protect essential services (e.g. energy, transport, banking, drinking water and digital infrastructure) by improving member state resilience strategies and risk assessments.

Climate change is included as a potential source of disruption of essential infrastructure, and cyber-security is seen as an important aspect of resilience. As services are increasingly interdependent, the reformed directive requires local authorities to set up a single point of contact responsible for communicating with other jurisdictions. It also creates a new Critical Entities Resilience Group to facilitate communication between stakeholders, with Parliament participating as an observer.

MEPs push for broader scope, more transparency

MEPs want to see more transparency when disruptions happen, requiring critical entities to inform the general public about incidents or serious risks. They also want to make sure that member states can provide financial support to critical entities, where this is in the public interest, without prejudice to state aid rules.

Advertisement

The Civil Liberties Committee proposes to widen the definition of essential services, so that protecting the environment, public health and safety, and the rule of law are also mentioned.

To make cross-border co-operation frictionless, MEPs finally want service providers to be considered “of European significance” if they offer similar services in at least three member states.

After the vote, rapporteur Michal Šimečka (Renew, SK) said: "Critical entities provide essential services across the EU, while facing a growing number of both man-made and natural threats. Our ambition is to strengthen their ability to cope with risks to their operations while improving the functioning of the internal market in essential services. We are expected to deliver on a Europe that protects and that means also bolstering the collective resilience of the critical systems underpinning our way of life."

Advertisement

Background

The European Critical Infrastructure (ECI) directive currently covers only two sectors (transport and energy), whereas the reformed directive would expand this to ten (energy, transport, banking, financial market infrastructures, health, drinking water, waste water, digital infrastructure, public administration and space). At the same time, the new directive introduces an all-hazard risk approach, where the ECI was largely focused on terrorism.

Next steps

Before negotiations with the Council can start, the draft negotiating position will need to be endorsed by the whole house in a future session.

Further information 

Share this article:

coronavirus

Combating cybercrime in the postpandemic era: Taiwan can help

Published

on

In 2020, the COVID-19 pandemic ravaged much of the globe. In mid-May 2021, the Republic of China (Taiwan) saw a sudden rise in case numbers. When Taiwan needed help the most, partners such as the United States, Japan, Lithuania, the Czech Republic, Slovakia, and Poland, as well as the COVAX Facility, global allocation mechanism for COVID-19 vaccines, immediately pledged to donate or provided vaccines to Taiwan, allowing Taiwan to gradually bring the pandemic back under control, writes Huang Chia-lu, commissioner, Criminal Investigation Bureau Republic of China (Taiwan).

This is a testament to the international joint efforts to tackle the serious challenges brought about by the pandemic. The same joint efforts will be needed to address growing international cybercrimes in the postpandemic era, and Taiwan is willing to be part of that effort. Throughout the pandemic, Taiwan government agencies and private companies have closely followed antipandemic policies to prevent cluster infections. People began working from home and schools adopted virtual learning. Consumers turned to e-commerce, and online food ordering and delivery service platforms flourished. The pandemic has led to these changes in our lives, and while it is sure to abate in the foreseeable future, the spread of cybertechnology will not.

It has fundamentally altered the way we work, live, learn, and relax—resulting in an entirely new lifestyle. However, our increased reliance on cybertechnology has also made it easier than ever for criminals to exploit security vulnerabilities to commit crimes. Thus, cybersecurity will be one of the most important issues in the postpandemic era as it is essential to maintaining public safety worldwide. Cybercrime transcends borders; transnational co-operation is the key. As cybercrime transcends borders, victims, perpetrators, and crime scenes may be located in different countries.

The most common cybercrime is telecom fraud, which utilizes the internet and other telecommunications technologies. Transnational cooperation is necessary to bring international crime rings to justice. In 2020, Taiwan police used big data analytics to identify multiple Taiwan nationals who were suspected of establishing telecom fraud operations in Montenegro. Taiwan contacted Montenegro and proposed mutual legal assistance, enabling the Montenegrin Special State Prosecutor’s Office to move forward with the case.

Advertisement

Through joint efforts, Taiwan and the Montenegrin police forces uncovered three telecom fraud operations and arrested 92 suspects accused of impersonating Chinese government officials, police, and prosecutors. It is believed that the suspects scammed more than 2,000 people in China, causing up to US$22.6 million in financial losses. This case highlights the features of transnational crime. The suspects were Taiwan nationals, while the victims were Chinese nationals. The alleged crime occurred in Montenegro and was perpetrated with telecommunications technologies.

Thanks to bilateral police co-operation, the suspects were apprehended, preventing other innocent people from falling victim to the scam. Caption: Montenegrin Special State Prosecutor’s Office transfers proceedings to Taiwan police. Child and youth sexual exploitation is another internationally condemned crime, with countries worldwide making every effort to prevent it and bring perpetrators to justice. In 2019, Taiwan police received information from the US National Center for Missing and Exploited Children’s virtual private network CyberTipline indicating that a South African citizen in Taiwan was suspected of having uploaded large quantities of child pornography to the internet. Following the lead, Taiwan police quickly located the suspect and searched his residence, seizing evidence of child pornography. Police also found photographs and videos of him sexually assaulting Taiwanese children. The illicit images were stored on servers located in the United States, and the alleged crimes were committed in Taiwan.

As the victims in this case were underage, they were too young to adequately explain the situation or seek assistance. If Taiwan police had not received the leads, the suspect would likely have continued to assault more children. This case owes its success to transnational cooperation and criminal intelligence sharing, which can effectively curb crime. Caption: International joint co-operation to combat child pornography Cybercrime involves cross-border investigations. However, jurisdictions and definitions of crimes vary among law enforcement agencies worldwide. Criminal rings understand this all too well and exploit the resulting information barriers, fleeing to other countries to decrease the likelihood of being caught.

Advertisement

Like COVID-19, cybercrime can strike individuals in any country. Therefore, just as the world has joined forces to combat the pandemic, countering cybercrime requires the cooperation of international police forces assisting and sharing information with one another. Only then can more crimes be prevented and more cases be solved efficiently, allowing people worldwide to enjoy a safer life. Taiwan police authorities have long strived to promote international cooperation in combating cross-border crime. In 2020, there were three prominent cases. Through the joint efforts of Taiwan, Vietnam, and the United States, transnational telecom fraud call centers were raided in January; the following month, a US currency counterfeiting ring was discovered; and 12 individuals suspected of involvement in human trafficking and violation of the Child and Youth Sexual Exploitation Prevention Act were arrested in July. Taiwan police authorities have a specialized High Technology Crime Investigation Unit and professional cybercrime investigators.

The Criminal Investigation Bureau (CIB) under the National Police Agency of the Ministry of the Interior, also established a Digital Forensics Lab that meets international standards. The laboratory was issued the world’s first ISO/IEC 17025 accreditation for Windows Program Analysis by the Taiwan Accreditation Foundation. In 2021, the CIB standardized its 4 malware analysis procedures, in addition to establishing file analysis and network analysis mechanisms. Taiwan’s expertise in combatting cybercrime will benefit global efforts to build a safer cyberspace. Taiwan can help create a safer world.

The COVID-19 pandemic has underscored the fact that diseases transcend national borders and it can affect anyone—regardless of skin color, ethnicity, language, or gender. Distrust, disagreements, and a lack of transparency between nations accelerated the spread of the virus. Only when international partners provide mutual assistance and share antipandemic information, expertise, and vaccines can the world overcome the pandemic faster and successfully. The Global Policing Goals were endorsed by INTERPOL member countries in 2017, with the stated purpose of creating a safer and more sustainable world. With this mission in mind, we must work together to combat crime—just as we have joined forces to combat the pandemic. No police agency or country should be excluded.

To fight cybercrime and bolster global cybersecurity effectively, the world needs to co-operate. Taiwan needs the world’s support and Taiwan is willing and able to help the world by sharing its experience. As the entire world teams up to combat the pandemic this year, we urge the international community, in the same spirit, to support Taiwan’s bid to attend the INTERPOL’s General Assembly as an observer this year and participate in INTERPOL meetings, mechanisms, and training activities. Taiwan’s pragmatic and meaningful participation would help make the world a safer place for all.

Share this article:

Continue Reading

Cyber Security

How the Parliament wants to boost cybersecurity in the EU (interview)

Published

on

Parliament want to better protect Europeans and businesses against growing cyber threats. Learn more in this interview with MEP Bart Groothuis (pictured), Society.

As network and information systems become a central feature of everyday life, cybersecurity threats have expanded. They can cause financial damage and go as far as disrupting water and power supplies or hospital operations. Strong cybersecurity is crucial to protect people, to embrace the digital transformation and to fully grasp the economic, social and sustainable benefits of digitalisation.

Learn more about why cybersecurity in the EU should matter to you.

On 11 November Parliament adopted its negotiating position on the revision of the directive on the security of network and information systems. We asked Groothuis (Renew, the Netherlands), the MEP in charge of the file, to explain what the Parliament wants.

Advertisement

What are the most prominent cybersecurity threats?

Ransomware is by far the most significant threat. It tripled worldwide in 2020 and we see another peak coming this year. Ten years ago, ransomware targeted individuals. Someone had to pay €100 or €200 to the hacker. Nowadays, the average payment is €140,000. Not only large companies, but also small enterprises are being attacked and they have to pay because they cannot operate otherwise.

It is also the most significant threat because it is an instrument of foreign policy for rogue states. Ransomware  

Advertisement
  • A type of malware that infects computer systems, preventing the victim from using the system and data stored on it. The victim usually receives a blackmail note by pop-up, asking for the payment of a ransom to regain access. 

How does this ransomware pandemic affect the life of a citizen or company?

We see ransomware targeting nearly everything that offers services to citizens. It might be a local municipality, a hospital, a local manufacturer.

The Parliament and Council are working on cybersecurity legislation. The goal is to better protect these entities against these hackers. EU companies that provide essential or important services will have to take cybersecurity measures and governments need to have the capabilities to help these companies and share information with them and other governments.

What does Parliament want?

Parliament wants the legislation to be ambitious. The scope should be wide, we should cover and help entities that are vital to our way of living. Europe should be a safe place to live and do business. And we should not wait: we need this new legislation fast.

Why is speed important?

In cybersecurity, you need to make sure that you are not the weakest. EU businesses are already investing 41% less than companies in the US. And the US is moving fast; Biden is creating emergency legislation and you do not want to be in a situation where Europe becomes more attractive to ransomware hackers in comparison to other parts of the world. Investments in cybersecurity need to be made now.

The second reason is that there are problems in the cybersecurity community that need to be fixed as soon as possible. Cybersecurity professionals often have GDPR concerns: can they or can they not share cybersecurity data? There should be a solid legal basis to share cybersecurity data to help prevent cyberattacks.

What challenges could the Parliament face in the negotiations?

There will be debate on the scope, on which entities should be included, and we will have to discuss the administrative impact on companies. Parliament believes that the legislation should protect companies, but it should also be practical and doable; what can we reasonably ask? Another issue is the core of the internet, the root level domain name service. The European Commission and the Council want to bring this into the scope of the rules and regulate it. I very much oppose that, because Russia and China will want to do the same and we should keep the core free and open and retain our multi stakeholder model.

Why is it important to have common cybersecurity rules in all EU countries?

The basis of this legislation is the functioning of the internal market. It shouldn’t matter if you do business in Slovakia, Germany or the Netherlands. You want to make sure that there is a common level of cybersecurity requirements and that the country that you are in has cybersecurity infrastructure.

A high common level of cybersecurity in the EU 

Share this article:

Continue Reading

Cyber Security

Security and justice in the digital world: Marking 20 years of international co-operation under the Budapest Convention on Cybercrime

Published

on

Home Affairs Commissioner Ylva Johansson has delivered a video message at the opening of the Council of Europe's ‘Octopus' conference on the fight against cybercrime. The event marks the 20th anniversary of the Budapest Convention, which lies at the heart of a global alliance against Cybercrime. 66 countries are party to the Convention. It has been signed by all EU Member States. The Budapest Convention is the foundation for of anti-cybercrime legislation in 80% of countries worldwide. A Second Additional Protocol to the Convention, concerning enhanced cooperation and disclosure of electronic evidence, is expected to be approved by the Council of Ministers of the Council of Europe tomorrow. Once in place, this protocol will improve access to electronic evidence, enhance mutual legal assistance and help in setting up joint investigations. The Commission negotiated the Protocol on behalf of the European Union. The conference gathers cybercrime experts from public and private sectors as well as international and non-governmental organisations from all over the world, discussing the digital security challenges ahead including child sexual abuse and fight against ransomware. The event will take place online. More information is available here. Commissioner Johansson's video message will be available online here

Share this article:

Continue Reading
Advertisement
Advertisement

Trending