The EU is preparing to tackle its cyber security failures in the wake of breaches including a massive leak of diplomatic cables and the suspected hacking of its mission in Moscow.
Bloc leaders are expected to start talks at a summit in Brussels this week aimed at countering problems ranging from eavesdropping to communication breakdowns that meant the Russia incident was little-known internally for weeks, diplomats said.
It highlights growing fears that EU institutions have failed to keep pace with growing threats to information security, especially given the bloc’s extensive vulnerabilities as a network of 28 sovereign states.
One senior diplomat said the emergence this month of the alleged Moscow breach raised “serious questions” about the bloc’s electronic “security culture”.
“In a world where the EU and its member states are under constant attack in cyber space . . . we need to be a bit more savvy and a bit more secure,” the official said.
The EU leaders’ meeting starting on Thursday is expected to call for a tougher approach to protecting the bloc’s information and communication networks, diplomats said.
The proposals are likely to build on plans floated by countries including Latvia and big member states such as France and the UK, diplomats said. A summary of Riga’s ideas seen by the Financial Times points to how the EU’s efforts to assert itself internationally have triggered other powers to launch “increased intelligence-gathering or even influence operations against EU decision-shaping and decision-making processes”.
Hostile intelligence operations against EU institutions, agencies and delegations worldwide are “becoming more frequent”, the document warns.
It outlines possible countermeasures including improved counter-intelligence and “state of the art secure infrastructure, meeting rooms and means of communication inside and between EU institutions”, according to a summary seen by the FT.
Media reports this month of the suspected breach of the EU mission in Moscow surprised and alarmed some officials in Brussels and national capitals, especially as it emerged the EU’s diplomatic service uncovered the problems in April.
Diplomatic service officials insist it promptly shared information about the incident — which is still under investigation — with relevant cyber security officials in fellow EU institutions and member states.
The disclosure followed news in December of a huge hack of EU diplomatic cables, allegedly by a Chinese group linked to the People’s Liberation Army. The hackers penetrated the Cypriot foreign ministry and were able to carry out years of cyber espionage before they were detected, according to the US digital security company that exposed the breach.
China has denied any involvement.