Cybersecurity: too “heavy” and “bureaucratic”, European incident reporting system “not working”

Johan Lepassar, executive director of the European Union’s Cyber ​​Security Agency (Enisa), believes the lack of information exchange in the EU undermines his organization’s ability to respond to cyber attacks.

The European Union must review its copy quickly. This is what Johan Lepassar, Executive Director of the European Union Agency for Cyber ​​Security (Enisa), said about the EU Cyber ​​Threat Alert and Response Mechanism. “Our incident notification system is down”he said during a roundtable on cybersecurity, reports Euroactive.

The head of Enisa believes that this device, which is crucial for protection against cyber attacks, “too heavy” and “bureaucratic”, which does not promote cooperation between different Member States. gold, “The problem is that we depend on the information we receive from Member States”said Johan Lepassar. According to him, such a lack of information exchange in the EU undermines his agency’s ability to respond in the event of a cyber attack. In support of his remarks, CEO Enisa cited the example of the Trojan horse SharkBot, which attacked several banks in 2021. However, no cross-border incident was reported to the agency.

New European directive to facilitate the exchange of information

In this context, demands Johan Lepassar “something that is flexible, that works, and where you can securely share information”. This should be done with the update of the Network and Information Security Directive (NIS), introduced in 2016, which was one of the main EU legislative measures to strengthen cooperation between Member States in the field of cybersecurity. . In particular, it sets out obligations for basic service operators in critical sectors such as energy, transport, health and finance. In 2018, the latter were required to immediately report any cybersecurity incidents affecting their services.

Advertising, your content continues below

The new version of this directive should make it possible to correct holes in the racket identified by experts, such as the CEO of Enisa. Bart Grutuis, Member of the European Parliament responsible for revising the directive, acknowledged, in particular, that the activities of the Computer Security Incident Response Teams (CSIRTs) need to be improved and that the lack of information is currently lacking.

Strengthen public-private cooperation

According to Luukas Ilves, Estonia’s Chief Information Officer, cooperation outside the public sector will be key. “It is just as important for the private sector to report incidents”, he believes. And this is to bring together companies, government agencies, European authorities and players who share information “Discuss technical and organizational vulnerabilities and how to overcome threats”. An approach also supported by the National Information Systems Security Agency (Anssi), which has decided to be located in the heart of a cyber campus built as “Cybersecurity totem in France”at the gates of Paris.

This European cooperation is all the more important in the current geopolitical context against the background of the war in Ukraine. And for good reason: since the beginning of the Russian invasion of Ukrainian territory in February, cyber attacks have become more frequent. And Ukraine is far from the only target of Russian hackers. According to the Federal Bureau of Investigation (FBI), the latter has scanned the systems of energy companies and other United States infrastructure, raising fears of large-scale computer attacks that could undermine the economic, political and social functioning of the United States. country.