Assessing Europe’s cyber challenges

At the dawn of 2015, following a year of high profile cyber attacks worldwide[1], a number of questions should be asked with respect to cyber security issues, namely: where is Europe today with respect to combating existing and emerging cyber threats? What progress has been made on European cyber security in recent years?

Europe’s cyber security record

The EU is currently on the cusp of renewing its Internal Security Strategy (ISS) for 2015-2019. Over the last four years, it has succeeded in tackling a number of issues in this field. These include addressing several challenges, such as the adoption of the EU Cybersecurity Strategy; the creation of the European Cybercrime Centre (EC3); the expansion of the Global Alliance against Child Sexual Abuse Online; the funding of the national Cybercrime Centres of Excellence; and the adoption of new legislation to combat cyber attacks, child sexual exploitation and child pornography. In addition, there has been a commitment to increasing cooperation with third countries, in order to increase capacity building and adopt shared legal frameworks for cybercrime legislation, based on the Budapest Convention.

However, even with these accomplishments, one of the biggest concerns for the future for all stakeholders involved is the rapid pace with which cybercrime and new cyber threats are developing, making it hard for policymakers to even attempt to keep up. Within this scenario, establishing veritable cyber security in Europe and tackling the plethora of emerging threats in this field will require the EU to look both inwardly and outwardly, addressing cybercrime as a global phenomenon that requires an understanding of the micro and macro issues affecting the security of cyberspace.

Europe as a player in a larger world

Even if the EU manages to create a flawless culture of cyber security within its borders, an extremely lofty goal, it will by no means be immune to the threat of cyber attack. When discussing Europe’s preparedness in relation to cyber issues, it is vital to keep in mind that the internet, as a borderless environment, provides no protection for solely inward-looking entities. Today, a cyber attack on an EU target is more likely to originate from outside of the EU, than from within it.

As a global economic and political power, the EU should further leverage its strengths and outreach capacity to engage international business leaders, civil society, and additional countries, beyond the signatories of the Budapest Convention, to cooperate on cyber issues. Cybercrime has an enormous impact on the global economy and can affect the public, both in financial and psychological terms. Securing the personal data of consumers and the general public should be of the utmost importance for the international private sector and state institutions, while education on cyber security should be provided across the board, including via civil society institutions. A cyber attack can be carried out via any internet connection, making it important for the EU to cast a wide net when engaging international partners. Criminals often operate from jurisdictions outside of the EU which, combined with outdated legal tools and insufficient response capacities, allows them to operate with minimum risk.

Moreover, while cybercrime is the major threat category taking centre stage with respect to EU cyber security, it is imperative to view this phenomenon as an element within the larger topic of “the misuse of technology”. The accumulation of wealth via cybercrime is not always a means to an end for the perpetrators. Terrorist organisations’ use of the internet, the activities of traditional organised crime groups, cyber warfare and espionage on the part of states, and the proliferation of cryptocurrencies and the cyber underground economy, among other issues, have cybercriminal activity as an integral part of their existence. Promoting awareness among European policymakers and law enforcement agencies with respect to the big picture of cyber malfeasance can assist these stakeholders in developing a more comprehensive view of cybercrime and create linkages between cyber and physical threats to European security. This macro-level approach could prove to be an effective strategy for deriving a multi-faceted vision for EU cyber security, bringing together various, cross-sector actors and forming a knowledge base for information sharing.

Looking inward

Despite the progress made over the last four years, the state of cyber security within the EU is still far from being optimal, and further steps still need to be taken.

For example, even with the opening of Europol’s EC3 Centre[2] in The Hague, in 2013, cooperation among member states at the practical level of law enforcement cooperation and resource sharing needs to be enhanced. While, in the legal domain, the harmonisation of national legislation on cybercrime to reflect EU standards must be achieved across the board. In addition, increased EU public-private partnerships and the willingness for these entities to engage in information sharing are key requirements for gaining a handle on cybercrime.

But overall, and possibly most importantly, awareness of cybercrime and its associated risks need to be conveyed in stronger measure to the European public at-large. Events such as the US Department of Homeland Security’s National Cyber Security Awareness Month are designed to raise awareness, engage and educate public and private sector partners, and their employees, on threats to cyber security. These types of activities could also be more heavily promoted at the EU level for the improvement of cyber awareness amongst the European citizenry.

This type of awareness-raising activity is extremely important as the proliferation in the use of different tools, such as mobile devices and cloud computing, lead to an increased risk for individuals to fall victim to a cyber attack. Efforts at increasing cyber awareness should not stop at the general public, but should also be aimed towards European small and medium enterprises, which are increasingly serving as targets of cybercrime.