EU carbon trading system limps back to life three weeks after fraud revelations

The European Union carbon trading IT system is staggering back into action, three weeks after it was taken offline in a major security scare.

Share

The European Union carbon trading IT system is staggering back into action, three weeks after it was taken offline in a major security scare.

Only six countries, including the UK, are currently trading on the system, with Spain due to connect its networks again tomorrow. The remaining 23 countries have so far been unable to prove they have stringent enough security to trade.

The EU said that in order to trade on the ETS system, countries had to provide “reasonable assurances” that “minimum security requirements” were in place.

As of tomorrow (Wednesday), the countries trading on ETS will be the UK, France, Germany, the Netherlands, Portugal, Spain and Slovakia.

The EU had taken action in mid-January after it discovered that emissions allowances worth €7 million (£5.9 million) had been stolen from an account based in the Czech Republic. It is understood that the cybercriminals have also hacked into accounts in Austria, Greece, Poland and Estonia.

Part of the security problem is said to be that some member states have declined to pay for changes mandated by the commission, that they see as expensive. Nevertheless, those changes were ordered after the EU discovered in 2010 that hackers were accessing carbon allowance lists.

“The incidents over the last weeks have underlined the urgent need for all registries to ensure that these [security] measures are speedily implemented,” the EU said when it first encountered the problem. Three weeks on, over two thirds of member states have not implemented the changes.

The EU said today that it expected “several more reports” to be submitted in the coming days, because talks with member states was “constructive”.

In spite of the delays, observers in the IT security industry said it was right that the commission was insisting member states took action on security.

“It’s simply not enough for the European Commission to ensure that its own trading platform is protected with the highest levels of security," said Mark Darvill, a director at security firm AEP Networks. “There needs to be a united effort to protect each and every registry.”

Find your next job with computerworld UK jobs