The upcoming European Parliament elections present a “particularly tempting target” for malicious cyber attacks which, if successful, could deadlock the EU's law-making capabilities for up to five years, the EU's security supremo has warned.
Julian King said that although Facebook, Twitter and Google had signed up to a code of practice with the EU on combating election disinformation that the internet giants had “fallen further behind” in meeting commitments they had made.
The security commissioner also said that the return of both foreign terrorist fighters and non-combatant women and children from ISIS territory in Syria and Iraq posed a “security and societal challenge” for all EU states.
Mr King, a former British ambassador to Ireland, said cyber threats have “grown significantly” in recent years.
These threats have the potential to “subvert civilian infrastructure and democratic processes”, with the power to “generate chaos, dissent and destruction”.
He said action taken by the European Commission included developing a Cyber Security Strategy in 2017 and setting up an EU Cyber Security Agency.
In addition, they are developing a network of centres across member states. This is supported by two EU directives on protecting information systems as well as the GDPR directive on personal data.
He said there has been a “continued growth” in cyber-enabled attacks aimed at manipulating democratic processes.
“There has been a pattern of interference in elections on both sides of the Atlantic,” he said. “We have documented 30 different examples of attempted or, in some cases successful, interference in democratic processes over recent years.”
He said the commission is conscious that the upcoming European Parliament elections in May “presents a particularly tempting target with the potential, if successful, to deadlock EU's legislative capacity up to the next five years”.
He said they are developing a “rapid alert system” with member states to identify and address coordinated disinformation campaigns.
Mr King said that perhaps, more importantly, they needed “big internet firms to step up and play their role”.
He said that, in an international first, the EU had agreed a code of practice with Facebook, Google and Twitter.
This deals with how political adverts are placed online, greater transparency around sponsored content, rapid identification and deletion of fake accounts, clearer rules around 'bots', clarity as to how information algorithms worked and greater openness to independent scrutiny.
He said his officials had completed two monthly reports on the code's operation and that “unfortunately” a lot more needed to be done.
He said in the latest report that, despite some progress, “rather than improve overall, the platforms have fallen further behind than they need to be” and that the companies had to meet the commitments “they signed up to”.
He said the commission is working with governments on developing a “Cyber Tool Box” on diplomatic responses to malicious cyber attacks, which could include actions all the way up to economic sanctions on third countries.