By Ruth Marsden - 21st February 2013
We're pretty well protected as it is, but we must increase our resources
Steve Purser, Enisa
The EU must be better prepared in its response to the global issue of cybercrime, parliament has heard.
The head of the European network and information security agency (Enisa) Steve Purser, warned, "We need a balance between catching the bad guys and making sure [the attack] doesn't happen again."
Speaking at parliament's civil liberties, justice and home affairs (LIBE) meeting on Wednesday, Purser said, "We're pretty well protected as it is, but we must increase our resources."
MEPs in the LIBE committee were discussing the EU's recently adopted cybersecurity strategy, which aims to protect open internet access and online freedom and opportunity.
Purser argued that one of the biggest challenges over the next 10 years will be to make the strategy work "not only at cross-border level, but cross-community level".
"Enisa is a centre of expertise and we play the role of facilitating the exchange of information between the public and private sector. The solution to this problem lies in combining people, process and technology," he said.
Purser went on to explain that cyber threats are "extremely complex", adding, "There are lots of factors involved, such as the motives of the attackers, so it is hard to define and act on trends. There is not a lot of stability within the industry."
"We need to take a look at the current threat landscape and what we are dealing with now, and an emerging threat landscape and what to look out for in the future," he warned.
Purser highlighted current known cyber threats ranging from mobile computing and cloud computing to viruses and social engineering. "In general, attackers use cheap and simple tools," he said, adding, however, "we know little about attackers and their tactics, so we need to go a lot further".
Head of the European cybercrime centre Troels Oerting, told the debate, "Warfare has changed. In today's threat environment, muscles are needed much less, you only need a PC and broadband."
Oerting warned that the problem with cybercrime is that there is no link between the perpetrator and the crime.
"[The criminal] can sit on a computer in one country and conduct crimes in numerous other countries," he said.
However, Oerting added that there are always solutions to problems and European citizens can take measures to protect themselves against cybercrime.
"First, awareness," he said, "We need to increase this in schools. Children are spending hours using social media, but they are not informed on how to protect themselves.
"It is also important to have a strong infrastructure for protection. We don't want to lock up our daughters, so we need to create a society where cybercrime is unattractive, and we need a government system on the internet. Who regulates this?"
Paul Timmers, the director of sustainable and secure society for the commission's DG Connect, argued that cybercrime "originates from negligence and not knowing how to protect yourself".
"We have insufficient preparedness and a lack of cooperation at EU level," he said, highlighting that "many companies aren't prepared and don't have a real plan".
Timmers said that the new strategy will look at "the resilience and robustness of networks and information systems to step up the fight against cybercrime".
He added that the strategy will also leave room to evolve, as it cannot cover everything all at once in "a field such as this that changes so quickly", but warned that, "We need to make sure that we retain the social and economic benefits of this digital world."
Parliament's rapporteur on Personal data protection: processing and free movement of data Jan Albrecht argued that the EU should not continue to just see hackers as criminals. "It was hackers telling us how to secure our security systems," he said.
"Of course there are criminals trying to breach security and infrastructure, but I don't think we should just focus on this, but also where there are vulnerabilities and where security measures aren't taken seriously."
S&D member Claude Moraes questioned whether it is "more important to report on weaknesses in systems, rather than cybercrimes, so we are addressing what people believe to be the big threats".
Fellow Socialist MEP Tanja Fajon said that the cybercrime situation was "very scary" and expressed concern that discussions haven't considered "domestic crime, only cross border", asking why issues such as money laundering weren't afforded more attention.