Brussels, 30 March 2009
Electronic communication services and networks provide the backbone of European economy. 93% of EU companies and 51% of Europeans actively used the internet in 2007. However natural disasters, terrorist attacks, malicious human action and hardware failure can pose serious risks to Europe's critical information infrastructures. Recent large scale attacks on Estonia, Lithuania and Georgia proved that essential electronic communication services and networks are under constant threat. Preparing Europe to act in case of major disruptions or attacks is the goal of a new strategy proposed today by the European Commission.
"The Information Society brings us countless new opportunities and it is our duty to ensure that it develops on a solid and sustainable base. Europe must be at the forefront in engaging citizens, businesses and public administrations to tackle the challenges of improving the security and resilience of Europe's critical information infrastructures. There must be no weak links in Europe's cyber security," said Viviane Reding, Commissioner for Information Society and Media.
In 2007, after large-scale cyber attacks, the Estonian Parliament had to shut down its email system for 12 hours and two major Estonian banks had to stop their online services. There is a 10% to 20% probability that telecom networks will be hit by a major breakdown in the next 10 years, with a potential global economic cost of around €193 billion ($250 billion). This could be caused by natural disasters, hardware failures, rupture of submarine cables (there were 50 incidents recorded in the Atlantic Ocean in 2007 alone), as well as from human actions such as terrorism or cyber attacks, which are becoming more and more sophisticated.
Smooth functioning of communications infrastructures is vital for European economy and society. Communications networks also underpin most of our activities in daily life. Purchases and sales over electronic networks amounted to 11% of total turnover of EU companies in 2007. 77% of businesses accessed banking services via internet and 65% of companies used online public services. In 2008, the number of mobile phone lines was equivalent to 119% of the EU population. Communications infrastructure also underpins the functioning of key areas from energy distribution and water supply to transport, finance and other critical services.
The Commission today called for action to protect these critical information infrastructures by making the EU more prepared for and resistant to cyber attacks and disruptions. At the moment Member States' approaches and capacities differ widely. A low level of preparedness in one country can make others more vulnerable, while a lack of coordination reduces the effectiveness of countermeasures.
The European Commission wants all stakeholders, in particular businesses, public administrations and citizens to focus on the following issues:
The Commission today invited the European Network and Information Security Agency (ENISA) to support this initiative by fostering a dialogue between all actors and the cooperation necessary at the European level.
In 2005 the Commission highlighted the urgent need to coordinate efforts to build trust and confidence of private and public bodies involved in electronic communications and services and adopted a strategy for secure information society in 2006 (IP/06/701). Today's initiative further develops European policy to strengthen the security of and the trust in the information society.
The full text of the Communication on Critical Information Infrastructure protection can be found at: