A leading Dutch member of the European Parliament warned that the European Union isn’t adequately prepared for cyber-attacks – and called for more security research as part of the next EU Framework Programme.
“Let’s be honest, the EU is not ready to deal with a large-scale cyber-attack”, said Mariette Schaake, in a video interview shown at a Science|Business conference 27 June. Schaake, an MEP who co-founded the chamber’s intergroup for the digital agenda, said more research is vital for finding the source of a cyber-attack through a standard tracking methodology. “We often hear that it’s difficult to attribute the source of an attack – but it’s necessary to be able to if you want to hold the malicious actors to account,” she said.
Schaake noted that the Council had previously announced plans for a so-called cyber-security toolbox, which allows the EU to impose economic sanctions against countries as a response to cyber-attacks. But these measures are ineffective if the attack’s source remains unknown.
Having a better system in place would have helped to find out who is behind ‘ransomware’ attacks like the so-called ‘NotPetya’ in late June. Ukraine’s state-owned railways and Oschadbank appear to have been the initial targets, but the virus spread across borders. Ukraine has blamed Russia but that isn’t yet confirmed.
The MEP also urged minimum product standards, or a review of software companies’ legal liability for security flaws in their products.