As the military conflict on the territory of Ukraine accelerates the defense cooperation of the European Union, the EU institutions have faced problems in the field of cybersecurity. The situation affects a wide range of EU bodies — from the executive body based in Brussels to specialized agencies located throughout Europe.
According to the Luxembourg-based European Court of Auditors (ECA), the number of cyber attacks on EU authorities may increase dramatically in the future. The number of major cyber incidents has already increased more than tenfold between 2018 and 2021.
According to European auditors, EU organizations are unable to adopt some “basic” cybersecurity controls and spend insufficient funds in this area. The auditors also said there was a lack of “systematic” cybersecurity training and information sharing.
EU organizations deal with political, diplomatic, financial, economic and regulatory issues. Confidential information processed by EU authorities makes them attractive targets for hackers, and the risks of cyber attacks have increased as a result of the transition to remote operation due to the coronavirus pandemic (COVID-19). Because EU organizations are highly interconnected, vulnerability anywhere can have a cascading effect.
The ECA recommended that the EU develop legislation establishing common mandatory cybersecurity rules for all institutions of the bloc. The auditors also called for more resources to be allocated to support the Computer Emergency Response Team of EU Authorities (CERT-EU). According to the ECA, the network of EU institutions “has not reached the level of cyber training corresponding to cyber threats.”