EU's 'patchy' cybersecurity efforts creating risk of criminal hacks
Ireland ranks 54th in the UN’s International Telecommunications Union’s latest Global Cybersecurity Index.
The European Union’s “fragmented” approach to cybersecurity and the “patchy” capabilities of member states is creating several problems in terms of combating State-level attacks and criminal hacks, according to an international expert.
Ciaran Martin, former head of the UK National Cyber Security Centre, said that a United Nations study, published in 2020, found that more than half of EU states were outside the top 40 countries for cybersecurity, with Ireland one of the worst, ranked 54.
In a new paper, he said that many countries see threats to their cybersecurity as the responsibility of the state attacked, not an EU matter.
"For example, the ever-present threat of espionage against the elected legislatures or diplomatic missions of European countries from the likes of Russia, Iran and China is something that few if any member states will see as something requiring a common approach at an EU-wide level, imposed by the EU’s institutions," he said.
He said more serious attacks on infrastructure, such as the apparent Russian state disruption of broadcasts of France’s TV5 Monde in 2015 – one of the most sophisticated cyberattacks ever carried out – was a matter for Paris.
“Even when criminal activity spills over into national level harm – such as the ransomware attack on Ireland’s healthcare system in 2021 – the response is one for the national government," he said.
In his paper, published by the Institute of International and European Affairs, he said there was a “fragmented” approach in the EU.
“So, responding to cyber threats within the European Union is a mostly unplanned mix of rules, procedures and capabilities divided between Member States and the EU,” he said.
Mr Martin said cyber capabilities across EU member states were very patchy. He said that in the UN’s International Telecommunications Union’s latest Global Cybersecurity Index (2020), three EU countries make the top 10 (Estonia, Spain and Lithuania).
A further four – France, Luxembourg, Germany and Portugal – are in the top 20.
“However, some nine EU Member States rank outside the top 40, and six outside the top 50, with, in general, a pattern that the further south and east one goes, the weaker the capabilities (the exceptions are the Baltic states, with strong rankings, and Ireland, a north-west outlier ranked 54th)," he said.
Last summer, the Government announced a significant expansion in Ireland’s National Cyber Security Centre in terms of funding and, starting this year, in staffing. Legislation is due to be published this year granting it greater powers.
Mr Martin said ENISA – the EU’s cyber security agency – is “significantly smaller” than many national cyber authorities.
He said Europe is way behind both the United States and China in terms of indigenous technological industrial capabilities and therefore dependent on one or both of those technological superpowers.
CONNECT WITH US TODAY
Be the first to know the latest news and updates
