Centre for Legal Research

cancel

Just showing posts from December 2015

New EU Wide cyber security laws in the year of the cyber attack 

Posted by Lauren Rees | 0 comments
10Dec2015

New EU Wide cyber security laws in the year of the cyber attack

Late in the evening of the 7th December 2015 the European Parliament and the Luxemburgish Presidency of the Council reached a highly critical agreement on the way forward for Europe in relation to cybersecurity.  The agreement they reached was to implement a European Wide Cyber Security Directive, The Network and Information Security Directive. This “hugely complex”[1] piece of legislation is a milestone in the work towards a Single Digital Market. Previously there have been no agreements as to how EU Member States should deal with a cyber security attack.[2]

Currently it is estimated by the European Agency for Network and Information Security (ENISA) that breaches result in annual losses of between 260bn Euro’s to 340bn Euro’s.[3]

Cyber-attacks are becoming a frequent occurrence in everyday life. They are occurring in businesses, government offices, university systems as well as within Children’s Toys (VTech China). Also on the date that the EU agreement was disused Universities in the UK came under attach which bought down the university submission system thereby not allowing student to submit coursework for assessments.[4] In this instance a Distributed denial of service (DDoS) attached the university wide computer systems.

Vodafone was also targeted on the 8th December as their service was disrupted for a few hours following a cyber-attack.[5] Again the attack was a DDoS and the core servers were not part of the attack.  Vodafone has been the target of several cyber-attacks over the last few years.[6]

Government agencies are also not immune to cyber-attacks with the US Government blaming China on carrying out a cyber –attack on the Bureau of Metrology computer system compromising several sensitive systems.[7]

Similarly on the 10th December the Japanese PM’s website came under cyber-attack taking it off line for serval hours.[8] These attacks are growing and increasing in severity. 2015 is known as the year of the cyber-hack.[9]  There are other high profile cyber hacks which have also occurred during 2015. Hacks such as VTech, where hackers could have accessed children’s tablets and online toys, allowing hackers to record voices and images of children over the internet. Ashley Maddison was another major hack this year. IN this instance the database of an online dating website was hacked and the details of those who has signed up to the site was released. The website was for those in a relationship to meet someone to have an affair with. 

The largest political hack came in the form of the Office of Personnel Management which was hacked by a group of Chinese hackers. The attack was massive and effected up to 18 million employees and effected 21.5 million records.[10]

The EU Wide agreement can therefore only be welcomed as it proposes three levels of actions which will create a more harmonised approach to tackling, reporting and managing cyber-attacks. These are:

1.       Each Member State will be required to improve their national cyber-security regime. This will include having a national strategy in which to deal with attacks and also to have a Computer Security Incident Response Team which deal with any attacks.

2.       The Computer Security Incident Response Teams will have to cooperate with other Member States teams to ensure that there is parity in the way in which attacks are dealt with.

3.       To ensure that vital services such as power companies, financial institutions, transport providers, health care and digital infrastructure, as well as, online market places, search engines, and cloud computer services, must ensure they have appropriate security measures and inform the authorities when an attack happens.[11]

In order to achieve the Single Digital Market[12] there needs to be a coordinated approach towards combating cyber-attacks and consumers need to have the trust and faith in the online market place for it to grow into a reality. This is achievable as long as there is cooperation among international governments and legislators. 2015 really has been the year of the cyber-attack.

 

By Dr Clare Jones



[1] BBC News. (2015a) Europe agrees response to cyber-attacks. 8 December 2015. http://www.bbc.co.uk/news/technology-35038424 date accessed 9 December 2015.

[2] Oettinger, G.  (2015) First EU Wide legislation on Cybersecurity agreed. Europa. 8 December 2015 http://ec.europa.eu/commission/2014-2019/oettinger/blog/first-eu-wide-legislation-cybersecurity-agreed_en date accessed 9 December 2015.

[3] For current information of statistics see ENISA website located https://www.enisa.europa.eu/about-enisa.

[4] BBC News (2015b) Universities suffer cyber-attack. http://www.bbc.co.uk/news/education-35043243 accessed 10 December 2015.

[5] Fontaine, P. (2015) Vodafone Falls Prey to Cyber Attack. http://grapevine.is/news/2015/12/09/vodafone-falls-prey-to-cyber-attack/ date accessed 10 December 2015.

[6] Fontaine, P. (2015) Vodafone Falls Prey to Cyber Attack. http://grapevine.is/news/2015/12/09/vodafone-falls-prey-to-cyber-attack/ date accessed 10 December 2015.

[7] Uhlmann, C. (2015) China blamed for ‘massive’ cyber attach on Bureau of Metrology Computer. http://www.abc.net.au/news/2015-12-02/china-blamed-for-cyber-attack-on-bureau-of-meteorology/6993278 date accessed 10 December 2015.

[8] ZeeNews. Japanese PM’s website under possible cyber-attack. http://zeenews.india.com/news/world/japanese-pms-website-under-possible-cyber-attack_1832776.html  Date accessed 10 December 2015.

[9] Kean. J. (2015) Hacked in 2015: The year in cyberattacks. http://www.pastemagazine.com/articles/2015/12/hacked-in-2015-the-worst-cyber-attacks-of-the-year.html date accessed 10 December 2015.

[10] Kean. J. (2015) Hacked in 2015: The year in cyberattacks. http://www.pastemagazine.com/articles/2015/12/hacked-in-2015-the-worst-cyber-attacks-of-the-year.html date accessed 10 December 2015.

[11] Oettinger, G.  (2015) First EU Wide legislation on Cybersecurity agreed. Europa. 8 December 2015 http://ec.europa.eu/commission/2014-2019/oettinger/blog/first-eu-wide-legislation-cybersecurity-agreed_en date accessed 9 December 2015.

[12] For more information, see: Europa. (2015) Single Digital Market. http://ec.europa.eu/priorities/digital-single-market/  date accessed 10 December 2015.

tags: none