EU telecoms agency to take on cyber terrorists

Viviane Reding, the information society commissioner, plans to take on cyber-terrorists, tasking a future EU telecoms agency with policing the Union’s information networks.

The agency, which was originally envisaged as ensuring compliance with EU telecoms rules and governing Europe’s airwaves, will now be given an additional role, that of bolstering EU defences against cyber attacks. It will supplant the struggling EU security watchdog, the European Network and Information Security Agency (ENISA).

Proposals for the agency, to be called the European Electronic Communications Market Authority, are to be unveiled next month (13 November). "The security and resilience of communication networks and information systems remain a prime concern for society and a key element in the EU regulatory framework for electronic communications networks and services," says the draft proposals, seen by European Voice.

A Commission official said: "A lot of member states want to step up their response to attacks. The agency will be one of the most powerful in the EU."

The Union was caught unawares earlier this year when Russian ‘cyber terrorists’ attacked Estonian websites and computer systems. Estonia alleged that the Russian government was behind the ‘bombing’ of government and corporate websites and that the attacks had been carried out in retaliation for the removal of a Soviet war memorial from Estonia’s capital Tallinn. Attacks were alleged to have been launched from Russian state computer servers.

The beefing-up of the agency’s role could be perceived as Reding’s response to recent criticisms from EU antitrust officials, who said it would create an unnecessary layer of bureaucracy. Co-operation between the Commission’s telecoms and competition departments on regulatory issues was judged to be sufficient. Officials said that the agency could "create confusion and impinge on the Commission’s competences".

A proposal to disband ENISA, set up in 2004 with a five-year mandate to oversee cyber security, is likely to prove controversial. A report commissioned by Reding earlier this year concluded that it was not fulfilling its role properly.

The draft proposals for the new agency state: "The assumption by the authority of the key objectives and tasks of ENISA in a streamlined form, together with a clearer identification of tasks, should ensure that those objectives and tasks can be fulfilled in a more efficient, focused and cost-effective manner."

The Commission official said that it made "sense to give the authority the power of looking at network security and dissolving ENISA".

ENISA, which was allocated €33 million for its five-year mandate, would be sustained for a sixth year to ease the transition.

The new agency will be awarded €40m in the first two years and €27m a year from year three onwards. The official said that a "substantial" proportion of its 134 staff would be dedicated to security issues. A chief network security officer would head up a rapid response team that would be deployed in cases of cyber security alerts. "Some will be of a systematic nature. Others will be passed on to criminal authorities," said the official.

Tunne Kelam, an Estonian centre-right MEP, said that the European Parliament would want to be guaranteed some oversight of the new agency’s workings. "I think that when you establish such a centre, a measure of Parliamentary control is needed to safeguard citizens’ interests," he said.

"How this is going to be regulated is a typical question when addressing terrorist threats, that is to strike a balance between the rights of citizens for freedom and privacy, and the need for common defence."

Kelam said that future cyber threats were likely to come from "authoritarian states" such as China, Iran and Russia.

Experts from NATO, which has developed special expertise in this area to protect its own networks, assisted Estonia in the wake of this year’s attacks. A spokesman hinted that common accords on cyber security could be formed in future under the organisation’s umbrella.

NATO ministers of defence are expected to discuss the issue at an informal meeting in Noordwijk, the Netherlands, next week (24-25 October).

Viviane Reding, the information society commissioner, plans to take on cyber-terrorists, tasking a future EU telecoms agency with policing the Union’s information networks.

• Primary Source