Full text 
Procedure : 2011/2284(INI)
Document stages in plenary
Document selected : A7-0167/2012

Texts tabled :


Debates :

PV 11/06/2012 - 24
CRE 11/06/2012 - 24

Votes :

PV 12/06/2012 - 6.7
Explanations of votes
Explanations of votes

Texts adopted :


Monday, 11 June 2012 - Strasbourg OJ edition

24. Critical information infrastructure protection: towards global cybersecurity (short presentation)
Video of the speeches

  President. – The next item is the report by Ivailo Kalfin, on behalf of the Committee on Industry, Research and Energy, on critical information infrastructure protection – achievements and next steps: towards global cybersecurity (2011/2284(INI)) (A7-0167/2012).


  Ivailo Kalfin, rapporteur. – Mr President, the European Union relies very heavily on the development of the new technologies economy, which is based on the Internet. But we have to be absolutely clear that neither the digital agenda goals nor new developments like cloud computing can be developed without having a trustworthy and resilient Internet environment. Therefore, the issues relating to Internet security and cybersecurity are of the utmost importance if we want to develop the whole infrastructure.

I would like to congratulate the Commission and Commissioner Kroes personally for the fact that in the last few months, there has been very intensive work in preparing the cybersecurity or Internet security strategy and in creating a European critical emergency response team and a European information sharing and alert system, to be active by 2013.

The European Commission has already proposed a Cybercrime Centre within Europol, which has now been created and which is an important element, but has not done everything that needs to be done. So there are developments, but what is very much missing is a framework at European level.

We have excellent examples of cybersecurity activities and very good results at national level, but things are very uneven. In the various Member States, we have very different practices, and what is very much lacking is European-level action. In terms of the Internet, we can be absolutely sure that no robust and resilient system at national level can be enough without devising and developing European capabilities.

In the report – and I would like to very much thank my colleagues and the shadow rapporteurs and everybody who was involved in this report – we give several recommendations for the further work of the European Commission.

First, and most important, is to include information and communication technologies in the critical infrastructures, together with all the mechanisms that are related to that; the Commission has to propose the inclusion of ICT as a critical infrastructure.

Second, we are calling for the creation of common minimum standards and minimum protocols for the reaction and resilience of the Internet system.

Third, something which is very important is cooperation with the private sector and public-private partnerships, but this also has to go in the direction of data breach notification. Whoever is attacked has to be informed; the public has the right to know what is happening in that respect.

Of course, we are calling for the elaboration of contingency plans at national level, contact points at national and also at European level, and the development of awareness and education activities, which are very important for cybersecurity.

Something which is very important is international cooperation, and I would like to finish with that. There are many things that could be done at European level in terms of international cooperation on cybersecurity and I really hope that they are going to be done by the European Commission and by the High Representative. These include: contacts with like-minded countries; having an active Europe-wide position on cybersecurity; raising issues at international fora including the G8, G20, OECD, etc.; including cybersecurity issues when we discuss development aid and our cooperation with developing countries, and including these issues where appropriate in signing trade agreements.

All these are files for the European Commission’s in-tray, so that Europe has a very active international position relating to its cybersecurity. We have already started very good cooperation with the United States. This has to be continued with other countries, and Europe has to have a single voice on cybersecurity.


Catch-the-eye procedure


  Lambert van Nistelrooij (PPE).(NL) Mr President, Commissioner, thank you for this report, at an opportune moment, it seems to me, and thank you for your cooperation on this matter. We are talking, here, about really large amounts of losses if you look at what is going on in this world: USD 388 billion, according to what I heard recently in Commission questions. In the Netherlands alone, losses through fraud in Internet banking amounted to EUR 93 million in 2011. Globally, the losses are greater than in the trade in soft and hard drugs. To sum up, it is important to put this problem high on the agenda and work on it together.

There is just one thing I would like to highlight in my one minute of talking time. It concerns the European Cybercrime Centre in the Hague, to be brought under the umbrella of Europol. The centre will work to counter organised crime and credit card data fraud, for collaboration on identity theft, including with the social networks, to counteract the production of child pornography and to protect against attacks on critical infrastructure. These are things to which the citizens pay attention.


  Rui Tavares (Verts/ALE). (PT) Mr President, the strengthening of cyber attacks and other types of cybercrimes is certainly a very important issue. Information systems containing sensitive data must be protected from those who want to spread terror and cause destruction, but must also be protected from careless governments, which have been increasingly developing certain types of cyber attacks, sometimes for opportunistic reasons and which, by sowing the wind now, could reap the whirlwind in the future. This is an issue where great care is required and the precautionary principle applies.

We must never forget that protecting individual privacy is equally important. We must never sacrifice the privacy of our citizens as we develop plans to strengthen Internet security and we cannot allow our fundamental rights to be sacrificed or forgotten. That is, we must not transfer to the European Union, to the Commission, powers that could be disproportionate at this time. Some recent experiences, such as Passenger Name Records (PNR), invite us to be cautious in this area. Not only cybercriminals can cause serious problems; institutions and governments, if they are not careful, can sometimes cause problems that are even worse.


  Zuzana Roithová (PPE). (CS) Mr President, computer technologies form the backbone of our society, while, at the same time, making society vulnerable in new areas. Cybersecurity now requires coordinated action and a global approach. I believe we must strengthen the powers of Europol and also incorporate defence against cyber attacks into EU and national domestic and external security strategies. Just like other Members, I have concerns over the functioning of ENISA. Europe has the highest standards in the world for personal data protection, and this year we will further modernise them, which should reduce the possibility of Internet identity theft, but cooperation between security forces and other bodies responsible for general information security remains a weak point. On the other hand, Estonia is good example. It experienced a massive cyber attack in the past and has developed a very solid institutional framework. Unfortunately, there is much room for improvement in the European financial sector. I am pleased the Commission is aware of this and will invest considerable funds on this issue within the framework of the digital agenda.


  Inês Cristina Zuber (GUE/NGL). (PT) Mr President, we recognise the importance of ensuring that our populations have the security and protection they need when using the Internet, as well as the infrastructure that provides the service. However, we profoundly disagree that this proposition should be included in a set of security strategies and policies, which are deeply harmful to the same populations in terms of labour and freedom of expression. There is a notably strong connection between these measures and the activities of the European External Action Service, which intends to use them to ‘include Internet security issues in the scope of its external relations, inter alia, when designing various financing instruments’, aligning political objectives and legislative action with our US counterparts. They orchestrate coordinated positions in international forums involving NATO, the UN, the World Bank and others. Cybersecurity cannot be used to legitimise interventions and interference, which have nothing to do with citizens’ liberty.


  Petru Constantin Luhan (PPE).(RO) Mr President, measures need to be devised enabling cybersecurity systems to be developed, the risks of disruption to the Internet, which is a critical infrastructure, to be reduced, as well as the level of IT security to be increased globally in as many areas of activity as possible. This can only be achieved through international cooperation. Therefore, I think that legislation needs to be harmonised across all EU Member States concerning coercive measures and criminal actions against critical infrastructures. This can only be achieved by defining, across the whole European Union, standard measures for imposing tough sanctions on those initiating cyber attacks and disruption, which would curtail the risk of them occurring.


End of the catch-the-eye procedure


  Neelie Kroes, Vice-President of the Commission. – Mr President, I really appreciate this opportunity for reflection on a very important issue.

Let me just start by mentioning that the Commission congratulates Mr Kalfin on his important and – by the way – timely report. That needs to be underlined, for it is timely and it also opens the floor for a debate. I appreciate highly all that has been said here by Members of this Parliament for this is not only an issue that is heavy with facts and figures, but it is also a kind of trust and security for people who use the Internet. As we say that every European should be connected and should be digital, then it is our responsibility – of Parliament, the Council and the Commission – to provide trust and security, so to speak.

As rightly acknowledged in this report, every day, the Internet and the digital ecosystem boost productivity, drive innovation, and stimulate growth and high-quality jobs. At the same time, threats are growing and so is the vulnerability of our networks.

Since 2001, the Commission has adopted a number of policy initiatives on network and information security to boost cooperation at EU level, with the involvement of Member States and relevant stakeholders and with the support of ENISA. This includes the action plan on critical information infrastructure protection (CIIP), adopted by the Commission in 2009 and revised in 2011.

As you may know, the Commission is aware that capabilities and preparedness across the EU vary considerably. I have been constantly monitoring the state of progress in the Member States on the adoption of national cybersecurity strategies and cyber incident contingency plans, the organisation of national cyber exercises and the establishment of well-functioning national/governmental CERTs, which, as you are aware, stands for ‘Computer Emergency Response Teams’. All those points are addressed in the report and, once again, great work has been done.

This stocktaking exercise has demonstrated that, despite the efforts undertaken so far, we need to do more. We need to act strategically and give attention to cybersecurity at the highest political level. Parliament and relevant stakeholders have long called for the Commission to adopt a strategic and comprehensive vision. Your support will be crucial in the adoption and implementation of such a vision.

In the coming months, I will present, together with High Representative Catherine Ashton and my colleague, Commissioner Cecilia Malmström, a comprehensive European strategy for cybersecurity. That cybersecurity strategy will provide for both policy and regulatory measures.

Reaching a high level of network and information security across the EU is vital to ensure the smooth functioning of the internal market. The measures that we will propose will aim at raising levels of security nationally as well as at EU level, by establishing appropriate mechanisms for cross-border cooperation as well as for public-private cooperation and information exchange. We need to make sure that there are no weak links across the EU.

From the policy side, the vision should hinge on the need to improve the overall resilience of network and information systems, stepping up the fight against cybercrime, and developing an external EU cybersecurity policy.

We will ensure continuity with our policies and make steps forward on key areas such as fighting botnets, cybersecurity of industrial control systems, smart grids and security standards, as well as on research and development, awareness raising and international cooperation.

The strategy will include actions to stimulate the competitiveness of the European ICT industry and stimulate user demand to provide security functionalities in ICT products and services. Horizon 2020 will support the goals of the strategy.

Overall, the strategy will help Europe put its own house in order. That will strongly contribute to better positioning the EU at international level also. I hope that you will agree that the strategy adequately responds to the recommendations provided in Parliament’s CIIP report.




  President. – The debate is closed.

The vote will take place on Tuesday, 12 June 2012, at 12.00.

Written statements (Rule 149)


  Ágnes Hankiss (PPE), in writing.(HU) As rapporteur for the draft opinion of the Committee on Civil Liberties, Justice and Home Affairs attached to the report, I would like to congratulate Mr Kalfin on his professional approach and for drafting a balanced resolution. As you are aware, cybersecurity is an important pillar of EU internal security. In my earlier comments on behalf of the Group of the European People’s Party on the Internal Security Strategy, I expressed on several occasions the view that it is vital to set up a common threat assessment system and to better coordinate the Member State practices necessary for the protection of critical information infrastructure. Guaranteeing EU cybersecurity necessitates cooperation between state and private sector participants, as well as civilian and military actors in the EU. The cybersecurity centre to be established will also serve this purpose. Moreover, one of our urgent tasks is to complete the identification of European critical infrastructures. In order to achieve the goals set out in the recently adopted Internal Security Strategy, it is unavoidable to allocate proportionate budgetary resources to them, and we must seek to ensure that the measures included in the Internal Security Strategy are appropriately represented in the budget for 2014-2020.

Legal notice - Privacy policy