Over the past three days, the European Union, the U.S., and NATO have approved new plans to combat cybercrime.
On Monday, the European Commission announced its proposals to develop three systems aimed at enhancing cybersecurity for citizens and businesses.
First, the E.U. plans to establish a cybercrime center by 2013 to coordinate cooperation between member states, E.U. institutions, and international partners. Second, a European information sharing and alert system, also set for 2013, will facilitate communication between rapid-response teams and law enforcement authorities. Third, the Commission aims to create a network of Computer Emergency Response Teams (CERTs) by 2012, with a CERT in every E.U. country.
Home Affairs Commissioner Cecilia Malmström assured that these systems would not lead to the creation of another citizens' information database. She emphasized that the goal is to manage the flow of information to prevent cyber-attacks, not to store data.
Meanwhile, following a meeting between U.S. President Barack Obama, European Commission President Jose Manuel Barroso, and European Council President Herman Van Rompuy, E.U. and U.S. leaders announced the formation of a working group on cybersecurity. This group, which will report back in a year, will focus on commercial aspects and potential threats to regular consumers, according to U.S. envoy to the E.U. institutions, William Kennard.
E.U. leaders also discussed data protection issues, noting that a quick agreement on an overarching E.U.-U.S. data protection deal might facilitate other data transfer agreements, such as those concerning passenger name records.
In addition, NATO adopted its Strategic Concept charter at a summit in Lisbon, Portugal. This document includes plans to develop new capabilities to combat cyber attacks on military networks. However, it stops short of the 'active cyberdefense' plans that would have included pre-emptive cyber-strikes favored by the Pentagon. The Pentagon established a new cyber-command in response to attacks on its classified military network in 2008, making 'active cyberdefense' one of its policy pillars.
The new Strategic Concept replaces a 10-year-old strategy paper, updating plans for the Internet age. Awareness and planning are the cornerstones of NATO's new strategy. Terrorist groups and organized criminals are increasingly using cyber attacks on government administrations and potentially on transportation and other critical infrastructure.
NATO members aim to avoid incidents like the one in Estonia in 2007, where cyber-strikes paralyzed bank and government websites. In recent years, large-scale attacks have threatened security. For instance, Lithuania faced a large-scale cyber-attack two years ago, the botnet 'Conficker' has affected millions of computers worldwide, and the 'Stuxnet' worm, possibly the first targeted cyber weapon, infected industrial control systems.
