Brussels, 4 February 2010
Emissions trading: Commission takes action over cyber attacks on EU ETS account holders
The European Commission intends to prepare revised internet security guidelines following cyber attacks on EU Emissions Trading System (EU ETS) registries last week. Fake emails asked users of the registries to log on to a malicious website and disclose their user identification code and password. Some fraudulent transactions were carried out, but the security of the Community Registry and the Community Independent Transaction Log has not been compromised.
The widespread 'phishing' attack on users of EU ETS registries took place on 28 January. Alerted by The Netherlands and Norway, the Commission informed all Member States and asked them to take appropriate security measures immediately.
Although Member States reacted promptly, a limited number of fraudulent transactions were performed as the fake website appeared genuine by using the Commission's visual identity. The Commission is actively supporting Member States in their investigations of these transactions. The Commission also started immediate investigations of the fake website and is working on closing it definitively.
In the light of the attack, the Commission intends to review the security measures applicable to ETS registries and will prepare revised security guidelines for registries and an action plan aiming at harmonising their approach in case of future such incidents.
The Commission has already proposed a number of elements aimed at achieving high security standards in its legislation to prepare for the inclusion of the aviation sector in the Community Registry in 2012.