The Commission and the European Agency for Cybersecurity (ENISA) announced today the creation of the Stakeholders Cybersecurity Certification Group (SCCG), which will advise themon strategic issues regarding cybersecurity certification, while at the same time it will assist the Commission in the preparation of the Union rolling work programme.
Furthermore, its aim, as foreseen by the EU Cybersecurity Act that was adopted a year ago, is to create market driven certification schemes and help reduce fragmentation between various existing schemes in the EU member states. The first meeting of the Group is taking place today. Internal Market Commissioner Thierry Breton said: “Not only will certification play a crucial role in increasing trust and security in ICT products, but it will also provide European companies with the necessary tools to demonstrate that their products and services have state of the art cybersecurity features. This will in turn allow them to better compete in the global market. The Stakeholder Cybersecurity Certification Group will help by bringing about the needed expertise and advice for the creation of a tailored and risk-based EU certification system.”
ENISA Executive Director Juhan Lepassaar added: “Cybersecurity certification aims to promote trust in ICT products, processes and services while at the same time tackling the fragmentation of the internal market, thus reducing the costs for those operating in the Digital Single Market. The Stakeholder Cybersecurity Certification Group will form part of the community that helps build and raise awareness of the EU schemes.”
The group consists of representatives from an array of organisations that include academic institutions, consumer organisations, conformity assessment bodies, standard developing organisations, companies, trade associations and many others. The EU is working in building the necessary cybersecurity capabilities to prevent and counter the ever-changing cyber threats and attacks.
More information on the EU's actions to strengthen cybersecurity capacities, including for 5G networks, is available in this brochure. The list of members of the Stakeholders Cybersecurity Certification Group can be found here and updated information on its work is in this webpage.
European Audit Institutions pool their work on cybersecurity
As the threat level for cybercrime and cyberattacks has been rising over recent years, auditors across the European Union have been paying increasing attention to the resilience of critical information systems and digital infrastructures. The Audit Compendium on cybersecurity, published today by the Contact Committee of EU supreme audit institutions (SAIs), provides an overview of their relevant audit work in this field.
Cyber incidents may be intentional or unintentional and range from the accidental disclosure of information to attacks on businesses and critical infrastructure, the theft of personal data, or even interference in democratic processes, including elections, and general disinformation campaigns to influence public debates. Cybersecurity was already critical for our societies before COVID-19 hit. But the consequences of the pandemic we are facing will further exacerbate cyber threats. Many business activities and public services have moved from physical offices to teleworking, while ‘fake news’ and conspiracy theories have spread more than ever.
Protecting critical information systems and digital infrastructures against cyberattacks has thus become an ever-growing strategic challenge for the EU and its member states. The question is no longer whether cyberattacks will occur, but how and when they will occur. This concerns us all: individuals, businesses and public authorities.
“The COVID-19 crisis has been testing the economic and social fabric of our societies. Given our dependence on information technology, a ‘cyber crisis’ could well turn out to be the next pandemic“, said European Court of Auditors (ECA) President Klaus-Heiner Lehne. “Seeking digital autonomy and facing challenges posed by cyber threats and external disinformation campaigns will undoubtedly continue to be part of our daily lives and will remain on the political agenda in the next decade. It is therefore essential to raise awareness of recent audit findings on cybersecurity across the EU member states.”
European SAIs have therefore geared up their audit work on cybersecurity recently, with a particular focus on data protection, system readiness for cyberattacks, and the protection of essential public utilities systems. This has to be set in a context in which the EU is aiming to become the world’s safest digital environment. The European Commission and the Union’s High Representative for Foreign Affairs and Security Policy, in fact, have just presented a new EU Cybersecurity Strategy, which aims to bolster Europe's collective resilience against cyber threats.
The Compendium published on 17 December provides background information on cybersecurity, main strategic initiatives and relevant legal bases in the EU. It also illustrates the main challenges the EU and its member states are facing, such as threats to individual EU citizens´ rights through misuse of personal data, the risk for institutions of not being able to deliver essential public services or facing limited performance following cyberattacks.
The Compendium draws on the results of audits carried out by the ECA and the SAIs of twelve EU member states: Denmark, Estonia, Ireland, France, Latvia, Lithuania, Hungary, the Netherlands, Poland, Portugal, Finland and Sweden.
This audit Compendium is a product of co-operation between the SAIs of the EU and its member states within the framework of the EU Contact Committee. It is designed to be a source of information for everyone interested in this important policy field. It is currently available in English on the EU Contact Committee website, and will later be available in other EU languages.
This is the third edition of the Contact Committee’s Audit Compendium. The first edition on Youth unemployment and the integration of young people into the labour market was published in June 2018. The second on Public health in the EU was issued in December 2019.
The Contact Committee is an autonomous, independent and non-political assembly of the heads of SAIs of the EU and its member states. It provides a forum for discussing and addressing matters of common interest relating to the EU. By strengthening dialogue and co-operation between its members, the Contact Committee contributes to an effective and independent external audit of EU policies and programmes
Taiwan is crucial to the global fight against cybercrime
Since emerging in late 2019, COVID-19 has evolved into a global pandemic. According to World Health Organization statistics, as of September 30, 2020, there were more than 33.2 million confirmed COVID-19 cases and more than 1 million related deaths worldwide. Having experienced and fought the SARS epidemic in 2003, Taiwan made advance preparations in the face of COVID-19, conducting early onboard screening of inbound travelers, taking stock of antipandemic supply inventories, and forming a national mask production team, writes Criminal Investigation Bureau Ministry of the Interior Republic of China (Taiwan) Commissioner Huang Ming-chao.
The government’s swift response and the Taiwanese people’s cooperation helped effectively contain the spread of the disease. The international community has been putting its resources into fighting COVID-19 in the physical world, yet the cyberworld has also been under attack, and faces major challenges.
The Cyber Attack Trends: 2020 MidYear Report published in August 2020 by Check Point Software Technologies Ltd., a well-known IT security company, pointed out that COVID-19 related phishing and malware attacks increased dramatically from below 5,000 per week in February to over 200,000 in late April. At the same time as COVID-19 has seriously affected people’s lives and safety, cybercrime is undermining national security, business operations, and the security of personal information and property, causing significant damage and losses. Taiwan’s success in containing COVID-19 has won worldwide acclaim.
Faced with cyberthreats and related challenges, Taiwan has actively promoted policies built around the concept that information security is national security. It has bolstered efforts to train IT security specialists and develop the IT security industry and innovative technologies. Taiwan’s national teams are ever present when it comes to disease or cybercrime prevention.
Cybercrime knows no borders; Taiwan seeks cross-border cooperation Nations around the globe are fighting the widely condemned dissemination of child pornography, infringements on intellectual property rights, and the theft of trade secrets. Business email fraud and ransomware have also generated heavy financial losses among enterprises, while cryptocurrencies have become an avenue for criminal transactions and money laundering. Since anyone with online access can connect to any internetenabled device in the world, crime syndicates are exploiting the anonymity and freedom this provides to conceal their identities and engage in illegal activities.
The Taiwanese police force has a special unit for investigating technology crimes comprising professional cybercrime investigators. It has also established a digital forensics laboratory meeting ISO 17025 requirements. Cybercrime knows no borders, so Taiwan hopes to work with the rest of the world in jointly fighting the problem. With state-sponsored hacking rampant, intelligence sharing is essential to Taiwan. In August 2020, the US Department of Homeland Security, Federal Bureau of Investigation, and Department of Defense released the Malware Analysis Report, identifying a state-sponsored hacking organization that has recently been using a 2008 malware variant known as TAIDOOR to launch attacks.
Numerous Taiwanese government agencies and businesses have previously been subject to such attacks. In a 2012 report on this malware, Trend Micro Inc. observed that all of the victims were from Taiwan, and that the majority were government organizations. Every month, Taiwan’s public sector experiences an extremely high number of cyberattacks from beyond Taiwan’s borders—between 20 and 40 million instances. Being the priority target of state-sponsored attacks, Taiwan has been able to track their sources and methods and the malware used. By sharing intelligence, Taiwan could help other countries avert potential threats and facilitate the establishment of a joint security mechanism to counter state cyberthreat actors. Additionally, given that hackers often use command-and-control servers to set breakpoints and thus evade investigation, international cooperation is essential for piecing together a comprehensive picture of chains of attack. In the fight against cybercrime, Taiwan can help.
In July 2016, an unprecedented hacking infringement occurred in Taiwan when NT$83.27 million was illegally withdrawn from First Commercial Bank ATMs. Within a week, the police had recovered NT$77.48 million of the stolen funds and arrested three members of a hacking syndicate— Andrejs Peregudovs, a Latvian; Mihail Colibaba, a Romanian; and Niklae Penkov, a Moldovan—that had until then remained untouched by the law. The incident drew international attention. In September that same year, a similar ATM heist occurred in Romania. A suspect Babii was believed to be involved in both cases, leading investigators to conclude that the thefts had been committed by the same syndicate. At the invitation of the European Union Agency for Law Enforcement Cooperation (Europol), Taiwan’s Criminal Investigation Bureau (CIB) visited its office three times to exchange intelligence and evidence. Subsequently, the two entities established Operation TAIEX.
Under this plan, the CIB provided key evidence retrieved from suspects’ mobile phones to Europol, which sieved through the evidence and identified the suspected mastermind, known as Dennys, who was then based in Spain. This led to his arrest by Europol and the Spanish police, putting an end to the hacking syndicate.
To crack down on hacking syndicates, Europol invited Taiwan’s CIB to jointly form Operation TAIEX. The fight against cybercrime requires international cooperation, and Taiwan must work together with other countries. Taiwan can help these other countries, and is willing to share its experiences so as to make cyberspace safer and realize a truly borderless internet. I ask that you support Taiwan’s participation in the annual INTERPOL General Assembly as an Observer, as well as INTERPOL meetings, mechanisms, and training activities. By voicing your backing for Taiwan in international forums, you can play a critical role in advancing Taiwan’s objective of taking part in international organizations in a pragmatic and meaningful manner. In the fight against cybercrime, Taiwan can help!
EU Threat Landscape Report: Cyber attacks are becoming more sophisticated, targeted and widespread
On 20 October, the European Union Agency for Cybersecurity (ENISA) published its yearly report summarizing the main cyber threats encountered between 2019 and 2020. The report reveals that the attacks are continuously expanding by becoming more sophisticated, targeted, widespread and often undetected, while for the majority of them the motivation is financial. There is also an increase of phishing, spam and targeted attacks in the social media platforms. During the coronavirus pandemic, the cybersecurity of health services was challenged, while the adoption of teleworking regimes, distance learning, interpersonal communication, and teleconferencing also changed the cyberspace.
The EU is taking strong action to strengthen cybersecurity capacities: It will update legislation in the area of cybersecurity, with a new Cybersecurity Strategy coming up by the end of 2020, and is investing in cybersecurity research and capacity building, as well as in raising awareness about new cyber threats and trends, such as through the annual Cybersecurity Month campaign. The ENISA Threat Landscape Report is available here and a press release is available here.
Nigeria4 days ago
Governor Yahaya Bello: Making a difference in Kogi State, Nigeria
Azerbaijan4 days ago
Why 'Khojaly is a genocide'?
Climate change4 days ago
Building a Climate-Resilient Future - A new EU Strategy on Adaptation to Climate Change
EU5 days ago
European politicians condemn upcoming business forum with Iran which ignores Iranian terrorism on European soil
coronavirus4 days ago
Merkel says COVID variants risk third virus wave, must proceed carefully
Estonia1 day ago
Commission proposes to provide €230 million to Estonia under SURE
Data4 days ago
European strategy for data: What MEPs want
EU4 days ago
WHO says working with Commission to manage regional COVID vaccine donations