A range of new plans to tackle cyber-crime has been approved by the European Union, the US and NATO over the past three days. The European Commission announced on Monday its proposals to develop three systems to raise the level of security for citizens and businesses in cyberspace.
An EU cybercrime centre to be established by 2013 will coordinate cooperation between member states, EU institutions and international partners, while an European information sharing and alert system, also planned for 2013, will facilitate communication between rapid response teams and law enforcement authorities. The Commission also wants to create a network of Computer Emergency Response Teams (CERTs) by 2012, with a CERT in every EU country.
However, Home Affairs Commissioner Cecilia Malmström was keen to play down concerns that these systems would lead to the creation of yet another citizens' information database, saying that no such database would be set up and that the aim of the new bodies is to manage the flow of information to prevent cyber-attacks, not to store it.
Meanwhile, following a meeting between US President Barack Obama, European Commission President Jose Manuel Barroso and European Council President Herman Van Rompuy at the weekend, the EU and US leaders announced the setting up of a working group on cybersecurity, which will report back in a year's time. This group will focus on the commercial side and potential threats to the regular consumer, said US envoy to the EU institutions William Kennard.
EU leaders on Sunday also made reference to data protection issues, saying that a speedy compromise on an overarching EU-US data protection agreement may facilitate the conclusion of other data transfer deals, for instance on passenger name records.
Elsewhere, NATO adopted its Strategic Concept charter at a summit in Lisbon, Portugal. The document includes plans to develop new capabilities to combat cyber attacks on military networks, but stops short of the 'active cyberdefence' plans that would have included the pre-emptive cyber strikes favoured by the Pentagon. Following attacks in 2008 on its classified military network the Pentagon established a new cyber command, making 'active cyberdefence' one of its policy pillars.
The new Strategic Concept replaces a 10-year-old strategy paper and seeks to update plans for the Internet age.
Awareness and planning are the cornerstones of the new NATO strategy. Terrorist groups and organised criminals are increasingly using cyber attacks on government administrations, and potentially also transportation and other critical infrastructure.
NATO members are keen to avoid a repeat of an incident affecting Estonia in 2007, when cyber-strikes paralysed bank and government websites there. Increasingly large scale attacks have threatened security in recent years. Two years ago Lithuania was subject to large-scale cyber-attack; the botnet 'Conficker' has affected millions of computers worldwide, including in France, the UK and Germany; and the 'Stuxnet' worm, possibly the first targeted cyber weapon, infected industrial control systems.