European Commission - Press release
Cyber security: EU prepares to set up Computer Emergency Response Team for EU Institutions
Brussels, 10 June 2011 - The EU institutions have taken an important step to counter the threat of cyber attacks against the EU institutions, bodies and agencies by setting up a Computer Emergency Response pre-configuration Team (CERT). The team is made up of IT security experts from the EU institutions. At the end of one year's preparatory work by the team, an assessment will be made leading to a decision on the conditions for establishing a full–scale CERT for the EU institutions.
In recent years, CERTs have been developed in both private and public sectors as small teams of cyber-experts connected to the internet that can effectively and efficiently respond to information security incidents and cyber threats, often on a 24 hours a day-7days a week basis.
In the Digital Agenda for Europe adopted in May 2010 (see IP/10/581, MEMO/10/199 and MEMO/10/200), the Commission committed itself to establishing a CERT for the EU institutions, as part of the EU's commitment to a reinforced and high level EU Networking and Information Security Policy in Europe. In August 2010 the Commission requested four cyber-security experts known as the "Rat der IT Weisen" to make recommendations on how to set up such a CERT. Their report was finalised in November 2010.
The Digital Agenda also calls on all Member States to establish their own CERTs, paving the way to an EU-wide network of national and governmental Computer Emergency Response Teams by 2012 (see IP/11/395). The EU's Council of Telecoms Ministers adopted conclusions on 27th May confirming this objective.
Neelie Kroes, Vice-President of the European Commission for the Digital Agenda said; "Cyber-attacks are a very real and ever-increasing threat. Whether against individual countries, companies or most recently against the European Commission, they can paralyse key infrastructure and cause huge long-term damage. Setting up this CERT pre-configuration team is a further demonstration of how seriously the EU Institutions take the cyber-security threat"
Maroš Šefčovič, Vice-President of the European Commission for Inter-Institutional Relations and Administration said "Over recent years, cyber-attacks have risen to an unprecedented level of sophistication. It is essential that the European institutions make a joint effort in order to respond to the threat of massive cyber-attacks. This project is a perfect demonstration of effective inter-institutional cooperation in practice."
As for any other public administration around the world, the level of cyber threat for the European institutions is very high and multiple incidents have already occurred, most recently in March-April when European Commission IT experts detected an intrusion in their systems. An attack against the European Union's Emissions Trading Scheme recently saw at least €30 million of emissions allowances stolen from national registries.
The CERT pre-configuration team established today, which builds on the recommendations of the report of the "Rat der IT Weisen", will operate in close cooperation with the IT security teams in the respective EU Institutions and liaise with the community of CERTs in the Member States and elsewhere, exchanging information on threats and how to handle them.
The CERT Preconfiguration Team will comprise ten members of staff from participating EU institutions, including five from the European Commission and others from the European Parliament, the Council, the Committee of the Regions and Economic and Social Committee and ENISA. The team will operate under the strategic oversight of an inter-institutional Steering Board.
Digital Agenda website:
Neelie Kroes' website: http://ec.europa.eu/commission_2010-2014/kroes/
Follow Neelie Kroes on Twitter: http://twitter.com/neeliekroeseu
Maroš Šefčovič's website: http://ec.europa.eu/commission_2010-2014/sefcovic/