"The EU is not up to cyber threats"

The European Court of Auditors has prepared a report where it highlights the deficiencies of the community institutions

Jose Antonio Bravo

Between 2018 and 2021, significant cybersecurity incidents in the sphere of European Union bodies have multiplied by ten. In general, they were complex attacks that usually involve the use of new methods and technologies. And they may require weeks or even months of investigation and recovery.

For this reason, the European Court of Auditors has prepared a report where it highlights the deficiencies of the community institutions. Thus, sometimes essential cybersecurity controls are not carried out, expenses are insufficient in some bodies and in many cases there are not even computer security strategies. In addition, training in this area is not systematic and synergies in information are not taken advantage of.

The situation is more worrying considering that the capacity of the European Computer Emergency Response Team (CERT-EU) “is overwhelmed”. Its resources are "unstable and not up to the current level of threat or the needs of the institutions," the auditors warn. In 2020, a strategic proposal was approved to provide him with the additional means he needs, but today the Twenty-seven still do not agree.

There is also no legal framework in the EU for information security and cybersecurity in its institutions. There is a 2016 Directive and a revision proposal, but they are not subject to it. And since 2020 a regulation on cybersecurity standards is pending.

Source link