EU starts building cyber-response team

The institutions that run the European Union have begun work on setting up a single security team to co-ordinate their response to cyberattacks.

European bodies are building a central team to respond to cyberattacks.

The organisations have established a preliminary 10-strong group to oversee the effort to set up the EU Computer Emergency Response Team (EU-Cert), the European Commission said on Friday. Once it is established, it will provide an overview of security threats to the Parliament, Commission, Council and other EU agencies.

"These guys are going to be working for over a year putting in place measures to ensure a co-ordinated response for EU institutions," digital agenda spokesman Jonathan Todd told ZDNet UK.

When the Commission adopted the Digital Agenda for Europe in May 2010, it made a commitment to set up EU-Cert. A Cert is a team of security professionals who monitor and deal with attacks on information systems, and collect and disseminate advisories on vulnerabilities and other risks.

Many countries, including the US, have a national Cert. The UK government Cert — GovCert UK — assists public-sector organisations in their response to security incidents.

Cyberattack response

In March and April, information systems at the European Commission and the European Parliament came under attack. To help prevent further attempts, the Commission blocked access to its internal internet and halted web access to employee emails from home. On Friday, Antony Gravili, Commission spokesman for inter-institutional relations and administration, told ZDNet UK that there are still restrictions in place.

"The Commission is gradually opening a number of services — not all services are back to normal yet," said Gravili. "The Commission is strengthening its defences to such attacks."

Gravili added that the Commission did not yet know whether the cyberattacks on the Commission and on the European Parliament were co-ordinated.

The EU Computer Emergency Response pre-configuration Team (EU-Cerpct) that is doing the preliminary EU-Cert work will be drawn from the European Commission, the European Parliament, the Council, the Committee of the Regions and Economic and Social Committee, and Enisa.