EU Announces New Major Cyberattack Response Protocol

The EU is continually exposed to potential crises, from climate change to terrorist attacks. Currently, each EU state manages its own emergencies and infrastructure, ultimately deciding if and when they require any external assistance. Today, many significant threats, including cyberattacks, are cross-border and need a well planned and multilateral approach.

In 2017, two separate malware attacks, NotPetya and WannaCry, affected global systems and many organizations suffered heavy losses as a result. Both cyberattacks caused chaos across Europe and political tension with North Korea and Russia who were blamed for the attacks. Due to the consistent growth of connected devices, it is expected that the frequency and sheer diversity of these cyber-threats will also increase.

A Coordinated Response

Ahead of the EU parliamentary elections scheduled for May 2019, the EU Council has recently agreed to a new protocol covering cybersecurity. The creation of these new rules will allow them to effectively control how each member state reacts and assess and coordinate their response to any large-scale attack.

Increasing their resilience with this protocol, it also envisages creating a framework for ICT services and products. ENISA, the EU cybersecurity agency is expected to take on a much wider role and a permanent mandate. This will include providing expert advice, coordination, best practise and European cybersecurity schemes.


The Core Principles

As a complement to the existing crisis management arrangements, the protocol enables Europol’s European Cybercrime Centre (EC3) to implement rapid assessment and response to any potential threats. They can also share sensitive information and investigations between key agencies internationally. In a situation of criminal cyberattack, it is also critical that first responders preserve any electronic evidence which is essential for any criminal or judicial procedures.

For now, this new protocol is designed to cover only criminal or malicious incidents and not those caused by human error, system failure or natural disasters. The Emergency Response Protocol involves a controlled method of responding to cybersecurity events using a blueprint of seven main core stages:

  • early detection and identification of a major cyberattack
  • classification of the threat
  • establishing a coordination center for emergency response
  • early warning notifications
  • an operational action plan for law enforcement
  • investigation of the incident
  • emergency response protocol closure

Timing Is Of The Essence

As well as being concerned about the future risk of ransomware attacks, Europe is currently poised on the brink of an important election. It is extremely keen to prevent any outside interference or the ensuing turmoil that followed the 2016 US Presidential election.

Microsoft has warned only recently that hacker activity is “targeting democratic institutions in Europe” and not just relating to the elections. Non-profit and other organizations working in democracy-related fields are also being affected. FireEye security company also reported that Russian hacking groups have been seen targeting media, governments and political parties and that a cyber-espionage campaign is well underway.

Consolidation protocols like this will make it much easier for the European states to increase their resilience and protect themselves from the risk of a massive future cyberattack. Tackling the root cause and identifying the areas of vulnerability is the next step. Spending money on cybersecurity to provide an adequate defense for an attack that may never happen is a crucial ongoing debate between member states.