- EU must do more to prevent attacks on critical infrastructure and interference in democratic processes
- More resources and cooperation needed to fight networks of sexual abusers
- 80% of firms in Europe have experienced at least one cyber security incident
The EU must invest more in cybersecurity to prevent attacks aimed at critical infrastructure and destabilising societies.
Given the cross-border nature of cybercrime, stepping up information exchange among police and judicial authorities and cybercrime experts is vital to effective investigation and electronic evidence gathering, says Parliament in a resolution voted on Tuesday.
MEPs regret that preventive measures taken by individual users, public institutions and businesses remain wholly inadequate, primarily due to a lack of knowledge and resources.
They point out that the EU, its institutions, national governments and parliaments, companies and networks are acutely vulnerable to sophisticated attacks engineered by large criminal organisations or terrorist groups, or groups sponsored by states. They also condemn any system interference undertaken or directed by a foreign nation or its agents to disrupt the democratic process of another country;
Parliament advocates, inter alia:
- improving information exchanges through Eurojust, Europol and ENISA,
- give Europol and Eurojust “appropriate resources” to accelerate the detection, analysis and referral of child abuse material and improve the identification of victims,
- ensuring that illegal online content be removed immediately by due legal process or that access is blocked from EU territory when removal is not feasible,
- investing in education to solve the lack of qualified IT professionals working in cybersecurity,
- promoting the use of encryption and other anonymisation tools,
- using EU funds for free and open-source software-based research into IT security,
- launching awareness campaigns to ensure that children, but also public administrations, vital operators and companies learn how to be safe on line,
- setting up teams to which businesses and consumers can report cybersecurity, incidents and establish databases to record all types of cybercrime,
- ensuring that law enforcement authorities have access to relevant information, such as who is the user of a certain IP address in the context of criminal investigations,
- encouraging the ICT security community to engage in “white hat” hacking and the reporting of illegal content, such as child sex abuse material, and
- updating the EU legal framework on cybercrime, including harmonised rules for determining the status of an online provider as domestic or foreign,
The non-legislative resolution was approved by 603 votes to 27, with 39 abstentions.
Elissavet Vozemberg-Vrionidi (EPP, GR), EP rapporteur, said: “fighting cybercrime is not an easy task. Criminals often get ahead of us. We need to focus on prevention, data exchange, pooling the experience of member states, judicial authorities and police forces and facilitating evidence collection, while respecting human rights”.
About 80% of companies in Europe have experienced at least one cyber security incident, but many of them go undetected or unreported. While malware is still the key focus, attacks on industrial control systems and networks, such as the WannaCry ransomware attack of May 2017, which affected thousands of computers in nearly 100 countries, are becoming more frequent.