Connect with us


#EUCybersecurity - A newly formed stakeholders group will work on the cybersecurity certification framework



The Commission and the European Agency for Cybersecurity (ENISA) announced today the creation of the Stakeholders Cybersecurity Certification Group (SCCG), which will advise themon strategic issues regarding cybersecurity certification, while at the same time it will assist the Commission in the preparation of the Union rolling work programme.

Furthermore, its aim, as foreseen by the EU Cybersecurity Act that was adopted a year ago, is to create market driven certification schemes and help reduce fragmentation between various existing schemes in the EU member states.  The first meeting of the Group is taking place today. Internal Market Commissioner Thierry Breton said: “Not only will certification play a crucial role in increasing trust and security in ICT products, but it will also provide European companies with the necessary tools to demonstrate that their products and services have state of the art cybersecurity features. This will in turn allow them to better compete in the global market. The Stakeholder Cybersecurity Certification Group will help by bringing about the needed expertise and advice for the creation of a tailored and risk-based EU certification system.”

ENISA Executive Director Juhan Lepassaar added: “Cybersecurity certification aims to promote trust in ICT products, processes and services while at the same time tackling the fragmentation of the internal market, thus reducing the costs for those operating in the Digital Single Market. The Stakeholder Cybersecurity Certification Group will form part of the community that helps build and raise awareness of the EU schemes.”

The group consists of representatives from an array of organisations that include academic institutions, consumer organisations, conformity assessment bodies, standard developing organisations, companies, trade associations and many others. The EU is working in building the necessary cybersecurity capabilities to prevent and counter the ever-changing cyber threats and attacks.

More information on the EU's actions to strengthen cybersecurity capacities, including for 5G networks, is available in this brochure. The list of members of the Stakeholders Cybersecurity Certification Group can be found here and updated information on its work is in this webpage


German cyber security chief fears hackers could target hospitals




German hospitals may be at increased risk from hackers, the head of the country's cyber security agency has said, following two high-profile digital attacks this month on the Irish health service and a US fuel pipeline.

Ireland's health service operator shut down its IT systems last Friday to protect them from a "significant" ransomware attack, crippling diagnostic services, disrupting COVID-19 testing and forcing the cancellation of many appointments. Read more

German clinics have been targeted by a series of cyber attacks over the last five years, and Arne Schoenbohm (pictured), president of the BSI federal cyber security agency, told Zeit Online newspaper he saw "a greater danger at hospitals".

Earlier in May, the 5,500-mile (8,850-km) US Colonial Pipeline Co system closed after one of the most disruptive cyber attacks on record, preventing millions of barrels of gasoline, diesel and jet fuel from flowing to the East Coast from the Gulf Coast. Read more

Schoenbohm said many German businesses were at increased risk of being targeted by hackers due to remote working during the COVID-19 pandemic.

"Many companies had to enable home offices within a short time," he said, adding that as a result, many of their IT systems were vulnerable to attack.

"Companies often close known security gaps too slowly."

Continue Reading


Computer hacking poses problems for Irish government



The Irish government has found itself facing a delicate dilemma as it prepares to open up its economy after the costly coronavirus pandemic. The recent hacking of computers that run its health service, by Russian criminals, has not only left it exposed to ransom demands but potential legal actions from irate Irish people as Ken Murray reports from Dublin.

On the morning of Friday 14 May last, Irish people switched on their radio devices to learn that the IT system of the Health Service Executive (HSE), the body that runs the country’s hospital system, had been hacked over night!

Cyber criminals, believed to be the Wizard Spider gang in St. Petersburg Russia, had hacked in to personal files on the entire national computer system and were issuing a ransom demand of €20 million to unlock codes!

At first the HSE played down the hack insisting that all files were copied in cloud computing storage, nothing had been stolen or compromised and that everything would be ok by Monday 17 May.

By Tuesday18 May, the crisis showed no signed of improving with the Government coming under attack from opposition politicians who themselves, were bombarded by worried constituents in the preceding days.

“This is escalating into a pretty serious national security crisis and I am not sure it is on the radar to the level it should be,” Labour Party Leader Alan Kelly told the Irish Parliament that day.

As the days rolled on, angry callers to radio phone-in programmes, some in tears, have been telling stories of cancelled radiotherapy and chemotherapy sessions for stage 4 cancer treatment with some calling on the Government, in desperation, to pay the ransom and get the service back to normal as quick as possible.

The Irish Government has stood firm in the passing days since the hack emerged insisting it will not pay the ransom for fear it could leave itself exposed to future hacks and demands.

However, the hackers sent a decryption computer key or code to the Irish Government prior to the weekend beginning 21 May prompting concerns that a ransom had been paid.

“No payment has been paid in relation to it at all. Security personnel don’t know the exact reason why the key was offered back,” the Taoiseach Micheál Martin insisted when he spoke to reporters on Friday 21 May.

With time moving on, there are now growing expectations in Irish government circles that the hackers will publish sensitive personal details on the so-called dark web in the coming days.

These details could include information on individuals who may have HIV/AIDS, advanced cancer, child abuse cases where individuals have not been named in the courts or for example, sexually transmitted infections but have opted to retain such information between themselves and their respective doctors.

Vulnerable people with medical conditions that could affect their jobs, reputations, personal lives, longevity and life insurance policies, remain at risk!

With the Government facing possible legal actions if such confidential information is allowed to be published, it moved in the Dublin High Court last week to secure legal injunctions prohibiting Irish media outlets, websites and digital platforms from making such information known to the wider public!

Junior Finance Minister Micheal McGrath pleaded with people at the weekend not to co-operate with any individuals or correspondence seeking payments in return for online confidential medical information.

Speaking to This Week on RTE Radio, he said, "The threat that we're facing here is real and the release of personal, confidential and sensitive data would be a despicable act but it is not one that we can rule out and the Gardaí [Irish police], working with our international law enforcement partners, are doing all that they can now to be in a position to respond to this.”

Ireland’s failure to honour its GDPR (General Data Protection Regulations) commitments could also see it facing serious fines in the European Court depending on how this all pans out!

Meanwhile with numerous health procedures in hospitals delayed by the hacking attack, questions are being asked as to how secure all Irish State computers systems are?

Paul Reid, the CEO of the HSE which is already working 24/7 to deal with the COVID pandemic, moved at the weekend to assure the public that his team are doing all they can to address the problem.

He told the This Week radio programme that the cost of fixing the problems could run in to tens of millions of euro.

He said work is now under way on "assessing each of those national [IT] systems we want to restore, which ones we have to rebuild, which ones we may have to remove and certainly the decryption process helps us in that."

He said good progress has been made "particularly in some of the national systems, like the imaging system which would support scans, MRIs and X-rays".

The hacking issue in Ireland is likely to see the entire State IT system overhauled in the coming weeks and months to ensure no such penetration by eastern European criminals ever happens again.

However, the crisis in Ireland serves as a reminder to the other 26 countries in the European Union that as long as Russian criminals continue to be a menace to western democracies, any one of those States could be next, particularly those with nuclear capabilities or sensitive military plans!

In the meantime, government officials in Dublin are keeping their fingers crossed that the threat of published sensitive material appearing on the dark web in the coming days remains just that, namely a threat!

Continue Reading


EU member states test rapid cyber crisis management



CySOPEx 2021 is testing for the first time today (19 May) the procedures for prompt and effective cyber crisis management in the EU to face large-scale, cross border cyber-attacks.

Tagged with:

CySOPEx 2021 is the first EU exercise for the recently established EU CyCLONe - Cyber Crises Liaison Organisation Network. The Network’s liaisons link the technical level (ie. The CSIRTs Network) to the political one when a large-scale cross-border cyber crisis takes place. This is in order to support the coordinated management of such cybersecurity incidents and crises at operational level and to ensure the regular exchange of information among Member States and Union institutions, bodies and agencies.

The CySOPexexercise aims to test Member States procedures for fast cyber crisis management in the EU when facing large-scale, cross-border cyber incidents and crisis. All Member States and the European Commission are taking part in the exercise organised by Portugal as Presidency of the Council of the European Union and CyCLONe Chair and by the EU Agency for Cybersecurity (ENISA) that acts as the secretariat of the CyCLONe.

The procedures which are tested aim to enable swift information exchange and effective cooperation among the Cyber Crises Liaison Organisations (CyCLO) – i.e. the Member States  competent authorities – within the CyCLONe along the lines described as the operational level of the Blueprint recommendation.

CyCLONe Chairman and representative of the Portuguese Presidency of the Council of the EU João Alves said: “CySOPex 2021 is an important milestone for the CyCLONe network, bringing together Member States, ENISA and European Commission to better prepare and coordinate rapid response procedures in case of a large-scale cross-border cyber incident or crisis. Recent events have shown the importance of such co-operation and aligned response. CySOPex reflects everyone’s engagement in the present and, foremost, in the future.”

EU Agency for Cybersecurity Executive Director Juhan Lepassaar said: “Enabling the coordination of all the actors involved at operational, technical and political levels is an important element of efficient response to cross-border cybersecurity incidents. Testing these capabilities is a sine qua non to prepare for the future cyber-attacks."

Specifically, the CySOPex exercise is tailored for the CyCLONe officers who are specialised in crisis management and/or international relations supporting the decision-makers, prior to and during, large-scale incident or crisis situations. They provide guidance on situational awareness, crisis management coordination and political decision-making.  

The goals of the exercise are to increase the overall competences of the CyCLONe officers specifically to:

  • Train on situational awareness and information sharing processes;
  • improve understanding of roles and responsibilities in the context of the CyCLONe;
  • identify improvements and/or potential gaps in the standardised way of responding to incidents and crises (i.e. Standard Operating Procedures), and;
  • test the CyCLONe cooperation tools and exercise infrastructures provided by ENISA.

This exercise follows the BlueOlex 2020, where the CyCLONe was launched. BlueOlex is a table-top Blueprint Operational Level Exercise (Blue OLEx) for high-level executives of national cybersecurity authorities.

Upcoming Events

This year, the CySOPEx 2021 will be followed by the CyberSOPex 2021, the exercise for the technical level embodied by the CSIRTs Network and the BlueOlex 2021 that will take place in Q4.

About CyCLONe – the EU Cyber Crises Liaison Organization Network

EU CyCLONe aims at enabling rapid cyber crisis management coordination in case of a large-scale cross-border cyber incident or crisis in the EU by providing timely information sharing and situational awareness amongst competent authorities and is supported by ENISA, which provides the secretariat and tools.

EU CyCLONe operates at the “operational level”, which is the intermediate in between technical and strategic/political levels.

The goals of EU CyCLONe are to:

  • Establish a network to enabling the cooperation of the appointed national agencies and authorities in charge of cyber crisis management, and;
  • provide the missing link between the EU CSIRTs Network (technical level) and the EU political level.  

Due to its importance in the EU cybersecurity landscape, the European Commission proposal for the revised NIS Directive envisions in Article 14 the formal establishment of the European Cyber Crises Liaison Organisation Network (EU – CyCLONe).

About ENISA role in operational co-operation

By co-ordinating both the secretariat of the EU CyCLONe and the CSIRTs Network, ENISA aims at synchronising the technical and operational levels and all actors involved in the EU to collaborate and respond to large-scale incidents and crises by providing the best tools and support by:

  • Enabling operation and information exchange with infrastructure, tools and expertise;   
  • Acting as facilitator (switchboard) between the different networks, the technical and operational communities as well as decision makers responsible for crisis management, and;
  • Providing the infrastructure and support for the exercise and training.

Continue Reading