Establishment of Security Operations Centre in Greece: Lack of transparency and ability to audit EU funds
30.9.2022
Question for written answer E-003256/2022
to the Commission
Rule 138
Konstantinos Arvanitis (The Left)
The ECS[1] is an initiative to safeguard the EU from cyber threats and provide the relevant protection to the digital economy and all individuals and legal entities. One of its key priorities is the proposal to create a network of SOCs[2] throughout the Member States. The ‘Greece 2.0’ National Plan[3] contains a project[4] for this purpose with a budget of EUR 40.4 million, which will be funded with resources from the RRF[5]. The beneficiary will be the Greek NIS[6], through a structure supervised by it.[7]
However, there are significant issues regarding accountability, financial transparency and the ability to carry out audits, given that for the procurement and expenditure procedure strict rules of secrecy are observed in accordance with the relevant protocols of the Greek NIS.
In light of this:
- 1.Since it is necessary to have the ability to audit RRF funds, how does the Commission view the verification of eligibility of expenditure, under such restrictions? During the approval of the above-mentioned project were issues examined relating to secrecy and the lack of transparency and accountability? Was it clarified how the goal of the project is served by the mandate being given to an NIS rather than a competent authority (such as the NCA[8])?
- 2.Following the revelations concerning the possible misuse of RRF funds for the purchase of software and/or related monitoring services and the use of spyware, does the Commission intend to exercise its jurisdiction to re-examine the above project?
- 3.Is there a possibility that the national NISs will receive funding under the heading of cybersecurity by means of the direct transfer of EU money through the SOC? What measures have been taken to prevent such a development?
- [1] ECS: European Cybersecurity Strategy.
- [2] SOC: Security Operations Centre.
- [3] Approved by Council Implementing Decision of 13 July 2021 (ST10152/21, ST10152/21 ADD1).
- [4] ‘Cybersecurity strategy and policies for the Public Sector and creation of a National Cybersecurity Operations Centre’ (OPS code TA 5150132), Action 16823, ‘Invest in Improving Public Cybersecurity and Create a National Cybersecurity Centre’.
- [5] RRF: Recovery and Resilience Facility
- [6] NIS: National Intelligence Service
- [7] KETYAK: Centre for Technological Support, Development and Innovation.
- [8] NCA: National Cybersecurity Agency