Europe must protect itself against 'digital 9/11'
LEIGH PHILLIPS
28.05.2008 @ 09:15 CET
In the wake of last year's cyber-attacks that incapacitated Estonian government websites, the EU must invest more in internet and network security if it is to avoid a "digital 9/11," the bloc's internet security chief has warned, as the danger of such attacks will only increase in the coming years.
"Europe must take security threats more seriously and invest more resources in network and information security," said Andrea Pirotti, the director of the ENISA, the European Network and Information Security Agency – the bloc's internet security watchdog – on Tuesday (27 May).
The tiny agency, with its €8 million budget and 50 staff, warns that EU member states have a long way to go in safeguarding their networks and the bloc's digital economy.
"Europe should not wait for digital 9/11, but instead reduce imbalances in EU member states' security approaches," said Mr Pirotti.
He warned that spam and other cyber-crime is increasingly the domain of organised crime, rather than the youthful, annoying hackers of the early internet. There are now some 6 million "botnets" or hijacked computers worldwide that are used by organised criminals to send spam and commit online fraud.
He highlighted last May's attack on Estonia - also known on the internet as the "Estonian Cyberwar" - as a harbinger of what is likely to come, but refused to be drawn on whether Russia was responsible for the attacks.
Although those responsible for the attacks have yet to be found, Estonia accused Moscow of responsibility after the removal of a Soviet war memorial in Talinn provoked ethnic Russian demonstrations in the city.
At the time, Estonia appealed for help from the EU and NATO to defend it against the hackers.
Rather, argued the ENISA chief, member states should be ensuring they have Computer Emergency Response Teams (CERT) – a sort of "digital fire brigade," as he called them – up and running.
Some 14 member states have established governmental CERTs, with another 10 in the works over the next 18 months.
He also called for the EU to introduce mandatory reporting by banks and other businesses on security breaches and similar incidents, as is the case in the United States.
In addition, spam, far from dying off - as many now believe - is ready for a come-back, and was up 10 percent in Europe in the last year.
"As only six percent of spam reaches mailboxes, the problem is perceived to be under control," he said. "However, it is growing in quantity, size and bandwidth and remains a costly problem."
The internet detective also highlighted risks arising from popular social networking sites such as Facebook and MySpace and recommended that the EU regulate these popular internet destinations in order to tackle the problem of data theft.
"Users should be more aware of the fact that they don't really control who has access to their profiles," on such sites, said Ronald de Bruin, the head of ENISA's co-operation and support department, according to the DPA news agency.