Nieuw instituut voor cyberveiligheid (en) - Hoofdinhoud

Met dank overgenomen van EUobserver (EUOBSERVER) i, gepubliceerd op vrijdag 20 mei 2011, 18:16.

EUOBSERVER / BRUSSELS - EU institutions are setting up a joint team of internet security experts some three months after the European Commission was hacked in a bid to get sensitive data on external relations and monetary issues.

The attack in March - just a few days ahead of an EU summit on military strikes in Libya and on the eurozone debt crisis - saw commission systems attacked "in a very well-organised and targeted way, focusing on three or four keywords on external relations and monetary issues," according to a senior EU official.

"It was probably espionage, but this is very difficult to prove. We don't expect to ever know if it was the case or not," the source added.

The contact did not reveal if any data was actually stolen. The commission has not launched a criminal investigation at this stage and is still assessing the level of damage.

It has in the past three months beefed-up its email security.

Up until the attacks email accounts could be accessed remotely by typing in a password. But now users have a special "security token" - a small device which generates a seconadry password reuqred to log on.

Brussels is also setting up a new Computer Emergency Response Team (CERT) to stave off future attacks.

The unit will pull together existing IT security departments from the commission, the EU parliament and the EU Council to handle cyber attacks on all EU institituions and to share intelligence in real time with CERTs in EU membr states. The new body is to run tests in June and to be fully operational by 1 October.

Otmar Lendl - the head of the Austrian CERT - told EUobserver the new measure will not make EU systems impregnable.

"Prevention is very difficult. It's like fire - even if you have a good firebrigade which sets up the best firewalls, you will still have fires. But CERTs certainly will help you deal with anything that happens and get a clearer response, as well as putting sensors in place and tools to monitor networks, so that you detect an attack early on."

Detecting the fact that an attack is taking place is in itself not an easy thing. The next step is to find out how the hacker got into the system, what documents have been accessed or changed and if any "timebombs" or "backdoors" have been left behind to allow future access.

"At EU level, there are a lot of own little kingdoms, it's not centralised like in a company - so it will be a difficult task," Lendl explained.

National CERTs dealing with governments (GovCERTs) "also have to deal with various ministries, cities, local administrations and other stakeholders. So it's not unusual," he added.

origineel bericht: 'EU institutions to create new cyber defence unit'

Tip. Klik hier om u te abonneren op de RSS-feed van EUobserver

Meer over ...

Eurocommissaris voor Digitale agenda (opgeheven)