EU agencies must ramp up cybersecurity measures, auditors say

FILE PHOTO: An illustration picture shows projection of binary code on man holding laptop computer
FILE PHOTO: An illustration picture shows a projection of binary code on a man holding a laptop computer, in an office in Warsaw June 24, 2013. REUTERS/Kacper Pempel

March 29, 2022

By Foo Yun Chee

BRUSSELS (Reuters) – EU institutions must do more to protect themselves from cyber attacks as their interconnected networks put them at greater risk, the European Court of Auditors (ECA) said on Tuesday, the latest agency to sound the alarm on a sharp rise in stealth attacks.

A spate of cyber attacks by some governments against political opponents and recent high-profile ransomware attacks have prompted countries around the world to strengthen their defences.

The ECA said the varying level of cybersecurity preparedness at EU agencies posed a problem for their overall security. It pointed to the more than tenfold increase in cybersecurity incidents at EU bodies between 2018 and 2021.

Shortcomings at EU agencies include an inconsistent approach towards cybersecurity, the lack of cybersecurity good practices and inadequate funds and resources, it said.

“Since EU bodies are strongly interconnected, a weakness in one can expose others to security threats,” the ECA said in a report.

“Binding cybersecurity rules should be introduced and the amount available to the Computer Emergency Response Team should be increased,” it said.

The ECA urged the European Commission to promote more cooperation among EU bodies and the EU Agency for Cybersecurity to focus more on EU agencies with less experience in this area.

(Reporting by Foo Yun Chee; Editing by Bernadette Baum)