Der Präsident. − Als nächster Punkt folgt der Bericht von Ivailo Kalfin im Namen des Ausschusses für Industrie, Forschung und Energie über den Schutz kritischer Informationsinfrastrukturen – Ergebnisse und nächste Schritte: der Weg zur globalen Netzsicherheit (2011/2284(INI)) (A7-0167/2012).

  Ivailo Kalfin, rapporteur. − Mr President, the European Union relies very heavily on the development of the new technologies economy, which is based on the internet. But we have to be absolutely clear that neither the digital agenda goals nor new developments like cloud computing can be developed without having a trustworthy and resilient internet environment. Therefore, the issues relating to internet security and cyber-security are of the utmost importance if we want to develop the whole infrastructure.

I would like to congratulate the Commission and Commissioner Kroes personally for the fact that in the last few months there has been very intensive work in preparing the cyber-security or internet security strategy and in creating a European critical emergency response team and a European information-sharing and alert system, to be active by 2013.

The European Commission has already proposed a Cybercrime Centre within Europol, which has now been created and which is an important element, but has not done everything that needs to be done. So there are developments, but what is very much missing is a framework at European level.

We have excellent examples of cyber-security activities and very good results at national level, but things are very uneven. In the various Member States we have very different practices, and what is very much lacking is European-level action. In terms of the internet, we can be absolutely sure that no robust and resilient system at national level can be enough without devising and developing European capabilities.

In the report – and I would like to very much thank my colleagues and the shadow rapporteurs and everybody who was involved in this report – we give several recommendations for the further work of the European Commission.

First, and most important, is to include information and communication technologies in the critical infrastructures, together with all the mechanisms that are related to that; the Commission has to propose the inclusion of ICT as a critical infrastructure.

Second, we are calling for the creation of common minimum standards and minimum protocols for the reaction and resilience of the internet system.

Third, something which is very important is cooperation with the private sector and public-private partnerships, but this also has to go in the direction of data breach notification. Whoever is attacked has to be informed; the public has the right to know what is happening in that respect.

Of course, we are calling for the elaboration of contingency plans at national level, contact points at national and also at European level, and the development of awareness and education activities, which are very important for cyber-security.

Something which is very important is international cooperation, and I would like to finish with that. There are many things that could be done at European level in terms of international cooperation on cyber-security and I really hope that they are going to be done by the European Commission and by the High Representative. These include: contacts with like-minded countries; having an active Europe-wide position on cyber-security; raising issues at international fora including the G8, G20, OECD, etc.; including cyber-security issues when we discuss development aid and our cooperation with developing countries, and including these issues where appropriate in signing trade agreements.

All these are files for the European Commission's in-tray, so that Europe has a very active international position relating to its cyber-security. We have already started very good cooperation with the United States. This has to be continued with other countries, and Europe has to have a single voice on cyber-security.

„Catch the eye“-Verfahren

  Lambert van Nistelrooij (PPE). - Commissaris, dank voor het verslag, juist op een goed moment denk ik, en dank ook voor de samenwerking in dezen. Het gaat echt over grote bedragen aan schade, als je ziet wat er in de wereld gebeurt: 388 miljard USD, zo hoorde ik onlangs op vragen van de Commissie. In Nederland alleen al beliep de schade door fraude bij het internetbankieren 93 miljoen euro in 2011. Wereldwijd is de schade groter dan bij de handel in soft- en harddrugs. Kortom: belangrijk dus om dit naar voren te brengen en samen daaraan te werken.

Mag ik er één ding uitlichten in mijn minuut. Het Centrum voor cybercrime in Den Haag, dat bij Europol wordt ondergebracht; dit centrum gaat zich inzetten voor de bestrijding van de georganiseerde misdaad, van criminaliteit bij kredietkaartgegevens, voor samenwerking met identiteitsdiefstal, ook met de sociale netwerken, voor het tegengaan van de productie van kinderporno en de bescherming tegen aanvallen op kritische infrastructuur. Dat zijn de dingen waar de burger op let.

  Rui Tavares (Verts/ALE). - Senhor Presidente, a fortificação de sistemas de informação críticos de infraestrutura em relação a ciberataques e a outros tipos de crimes cibernéticos é certamente uma questão muito importante. Os sistemas de informação que contenham dados sensíveis devem ser protegidos daqueles que querem semear o terror e causar estragos, mas também devem ser protegidos de Estados pouco cuidadosos, que têm vindo a desenvolver cada vez mais alguns tipos de ciberataques, às vezes por razões oportunistas e que, semeando ventos agora, podem colher tempestades no futuro. Esta é uma área na qual todo o cuidado é pouco e o princípio da precaução se aplica.

Nunca devemos esquecer que a proteção da privacidade pessoal é igualmente importante, nunca poderemos sacrificar a privacidade dos nossos cidadãos quando desenvolvemos esforços para fortalecer a segurança cibernética e não podemos permitir que os nossos direitos fundamentais sejam preteridos e caiam no esquecimento, ou seja, não podemos ceder à União Europeia, à Comissão, poderes que possam ser desproporcionados nesta altura. Algumas experiências recentes, como as do PNR, convidam-nos a ser cautelosos neste domínio, não são só os criminosos cibernéticos que podem causar graves problemas, as instituições e os Estados, se não forem cautelosos, podem às vezes causar problemas piores ainda.

  Zuzana Roithová (PPE). - Pane předsedající, počítačové technologie jsou páteří naší společnosti, ale zároveň ji dělají zranitelnou v nových oblastech. Kybernetická bezpečnost dnes vyžaduje koordinované akce a globální přístup. Domnívám se, že je potřeba posílit pravomoci Europolu a obranu proti kybernetickým útokům mít také zapracovanou ve strategiích unijní i vnitrostátní vnitřní a vnější bezpečnosti. Podobně jako kolegové mám také výhrady k fungování evropské agentury ENISA. Evropa má nejvyšší standardy na světě na ochranu osobních údajů a letos je budeme dále modernizovat, což má snížit možnosti internetových krádeží identity, ale slabinou zůstává spolupráce bezpečnostních sil a dalších úřadů odpovědných za všeobecnou informační bezpečnost. Naopak Estonsko je dobrým příkladem. Má za sebou masivní kybernetický útok a vybudovalo velmi solidní instituční rámec. Bohužel velké rezervy lze najít i v evropském finančním sektoru. Jsem ráda, že si to Komise uvědomuje a bude v rámci digitální agendy investovat hodně peněz do této věci.

  Inês Cristina Zuber (GUE/NGL). - Senhor Presidente, reconhecemos a importância de assegurar às populações as condições seguras e de proteção necessárias na utilização da rede de Internet, assim como das infraestruturas que garantem o serviço. Contudo, discordamos profundamente que este enunciado esteja inserido num conjunto de estratégias e políticas de cariz securitário e profundamente lesivo em termos laborais e da liberdade de expressão para estas mesmas populações. É notória uma forte ligação a estas medidas à atuação dos serviços europeus de ação externa, através dos quais se pretende, e cito, incluir de forma permanente as questões de segurança da Internet nas suas relações externas, nomeadamente aquando da concessão dos seus vários instrumentos de financiamento, alinhando a orientação política e a ação em matéria legislativa com os homólogos norte-americanos. Orquestram-se posições coordenadas em fóruns internacionais, nos quais participam a NATO, a ONU, o Banco Mundial, entre outros. A cibersegurança não pode ser utilizada para legitimar propósitos intervencionistas e de ingerência, que nada têm que ver com a liberdade dos cidadãos.

  Petru Constantin Luhan (PPE). - Se impune elaborarea unor măsuri care să permită dezvoltarea de sisteme de securitate cibernetică, pentru reducerea riscurilor de perturbare a internetului, care reprezintă o infrastructură critică, dar şi pentru creşterea nivelului de siguranţă informaţională la nivel global, în cât mai multe sectoare de activitate, iar acest lucru poate fi obţinut doar prin cooperare internaţională. Aşadar, consider că este necesară armonizarea, la nivelul tuturor statelor membre, a legislaţiei privind măsurile de coerciţie, privind infracţionalitatea asupra infrastructurilor critice. Acest lucru nu poate fi realizat decât prin stabilirea, la nivelul întregii Uniuni Europene, a unor măsuri unitare de sancţionare drastică a iniţiatorilor de atacuri şi perturbări cibernetice, ceea ce ar reduce riscul apariţiei acestora.

(Ende des Catch-the-eye-Verfahrens)

  Neelie Kroes, Vice-President of the Commission. − Mr President, I really appreciate this opportunity for reflection on a very important issue.

Let me just start by mentioning that the Commission congratulates Mr Kalfin on his important and – by the way – timely report. That needs to be underlined, for it is timely and it also opens the floor for a debate. I appreciate highly all that has been said here by Members of this Parliament for this is not only an issue that is heavy with facts and figures, but it is also a kind of trust and security for people who use the internet. As we say that every European should be connected and should be digital, then it is our responsibility – of Parliament, the Council and the Commission – to provide trust and security, so to speak.

As rightly acknowledged in this report, every day, the internet and the digital ecosystem boost productivity, drive innovation, and stimulate growth and high-quality jobs. At the same time, threats are growing and so is the vulnerability of our networks.

Since 2001, the Commission has adopted a number of policy initiatives on network and information security to boost cooperation at EU level, with the involvement of Member States and relevant stakeholders and with the support of ENISA. This includes the Action Plan on Critical Information Infrastructure Protection (CIIP) adopted by the Commission in 2009 and revised in 2011.

As you may know, the Commission is aware that capabilities and preparedness across the EU vary considerably. I have been constantly monitoring the state of progress in the Member States on the adoption of national cyber-security strategies and cyber-incident contingency plans, the organisation of national cyber exercises and the establishment of well functioning national/governmental CERTs, which as you are aware stands for ‘Computer Emergency Response Teams’. All those points are addressed in the report and, once again, great work has been done.

This stocktaking exercise has demonstrated that, despite the efforts undertaken so far, we need to do more. We need to act strategically and give attention to cyber-security at the highest political level. Parliament and relevant stakeholders have long called for the Commission to adopt a strategic and comprehensive vision. Your support will be crucial in the adoption and implementation of such a vision.

In the coming months, I will present, together with High Representative Catherine Ashton and my colleague Commissioner Cecilia Malmström, a comprehensive European strategy for cyber-security. That cyber-security strategy will provide for both policy and regulatory measures.

Reaching a high level of network and information security across the EU is vital to ensure the smooth functioning of the internal market. The measures that we will propose will aim at raising levels of security nationally as well as at EU level, by establishing appropriate mechanisms for cross-border cooperation as well as for public-private cooperation and information exchange. We need to make sure that there are no weak links across the EU.

From the policy side, the vision should hinge on the need to improve the overall resilience of network and information systems, stepping up the fight against cybercrime, and developing an external EU cyber-security policy.

We will ensure continuity with our policies and make steps forward on key areas such as fighting botnets, cyber-security of industrial control systems, smart grids and security standards, as well as on research and development, awareness-raising and international cooperation.

The strategy will include actions to stimulate the competitiveness of the European ICT industry and stimulate user demand to provide security functionalities in ICT products and services. Horizon 2020 will support the goals of the strategy.

Overall, the strategy will help Europe put its own house in order. That will strongly contribute to better positioning the EU at international level also. I hope that you will agree that the strategy adequately responds to the recommendations provided in Parliament’s CIIP report.

PRZEWODNICZY: JACEK PROTASIEWICZ
Wiceprzewodniczący

  Przewodniczący. − Zamykam dyskusję nad tym punktem.

Głosowanie odbędzie się we wtorek, 12 czerwca 2012 r. o godz. 12.00.

Oświadczenia pisemne (art. 149)

  Ágnes Hankiss (PPE), írásban. – A jelentéshez fűzött LIBE bizottsági véleménytervezet előterjesztőjeként szeretnék gratulálni Kalfin úrnak a szakmai megközelítéshez és a kiegyensúlyozott állásfoglaláshoz. Mint ismeretes, a kiberbiztonság az unió belbiztonságának egyik fontos pillére. Korábban a belbiztonsági stratégia néppárti véleményezőjeként többször kifejtettem, hogy elengedhetetlen a közös fenyegetettség-értékelési rendszer kidolgozása, valamint a kritikus informatikai infrastruktúrák hatékony védelméhez szükséges tagállami gyakorlatok jobb összehangolása. Az EU kiberbiztonságának szavatolásához nélkülözhetetlen az unión belüli állami és magánszektor, valamint a polgári és katonai szereplők közötti együttműködés. Ezt a célt szolgálja a megalakuló kibervédelmi központ is. Sürgető feladat tovább az európai kritikus infrastruktúrák meghatározásának befejezése. A közelmúltban elfogadott belbiztonsági stratégiában foglalt célok eléréséhez megkerülhetetlen, hogy arányos költségvetési forrásokat rendeljünk hozzájuk, törekedni kell arra, hogy a 2014–2020-as költségvetésben megfelelően szerepeljenek a belbiztonsági stratégiában foglalt intézkedések.