EU, US and NATO to work together on cyber defense

A range of new plans to tackle cyber-crime has been approved by the European Union, the U.S and NATO over the past three days.

The European Commission announced on Monday its proposals to develop three systems to raise the level of security for citizens and businesses in cyberspace.

An E.U. cybercrime centre to be established by 2013 will coordinate cooperation between member states, E.U. institutions and international partners, while an European information sharing and alert system, also planned for 2013, will facilitate communication between rapid-response teams and law-enforcement authorities. The Commission also wants to create a network of Computer Emergency Response Teams (CERTs) by 2012, with a CERT in every E.U. country.

However, Home Affairs Commissioner Cecilia Malmström was keen to play down concerns that these systems would lead to the creation of yet another citizens’ information database, saying that no such database would be set up and that the aim of the new bodies is to manage the flow of information to prevent cyber-attacks, not to store it.

Meanwhile, following a meeting between U.S. President Barack Obama, European Commission President Jose Manuel Barroso and European Council President Herman Van Rompuy at the weekend, the E.U. and U.S. leaders announced the setting up of a working group on cybersecurity, which will report back in a year’s time. This group will focus on the commercial side and potential threats to the regular consumer, said U.S. envoy to the E.U. institutions William Kennard.

E.U. leaders on Sunday also made reference to data protection issues, saying that a speedy compromise on an overarching E.U.-U.S. data protection agreement may facilitate the conclusion of other data transfer deals — for instance on passenger name records.

Elsewhere, NATO adopted its Strategic Concept charter at a summit in Lisbon, Portugal. The document includes plans to develop new capabilities to combat cyber attacks on military networks, but stops short of the ‘active cyberdefense’ plans that would have included the pre-emptive cyber-strikes favored by the Pentagon. Following attacks in 2008 on its classified military network the Pentagon established a new cyber-command, making ‘active cyberdefense’ one of its policy pillars.

The new Strategic Concept replaces a 10-year-old strategy paper and seeks to update plans for the Internet age.

Awareness and planning are the cornerstones of the new NATO strategy. Terrorist groups and organized criminals are increasingly using cyber attacks on government administrations, and potentially also transportation and other critical infrastructure.

NATO members are keen to avoid a repeat of an incident affecting Estonia in 2007, when cyber-strikes paralyzed bank and government websites there. Increasingly large-scale attacks have threatened security in recent years. Two years ago Lithuania was subject to large-scale cyber-attack; the botnet ‘Conficker’ has affected millions of computers worldwide, including in France, the U.K. and Germany; and the ‘Stuxnet’ worm, possibly the first targeted cyber weapon, infected industrial control systems.