EU plans to create an emergency team to tackle large-scale cyber attacks

The European Commission is planning to build a Joint Cyber Unit to help organisations tackle severe cyber attacks.

It follows a series of high-profile incidents that resulted in widespread disruption for businesses and individuals, including the attacks on Colonial Pipeline and the Irish health service.

Those attacks “focused minds”, according to the commission, which argued that cyber attacks have become a national security threat.

It noted that cyber attacks in Europe increased from 432 in 2019 to 756 in 2020. A large reason for that increase is the proliferation of ransomware, the damage of which can be far more extensive than other forms of attack.

This was the case in the attacks on Colonial Pipeline and the Irish health service, with both organisations locked out of their systems and unable to conduct essential operations.

Even once the systems were back online, a lengthy recovery process awaits. Indeed, HSE (Health Service Executive) chief Paul Reid told the Oireachtas health committee on Wednesday that it will take months to fix the system.

He said it will cost as much as €100m (£85m) to recover, and will also have substantial “human costs”.

Thierry Breton, EU commissioner for the internal market, told reporters that the Joint Cyber Unit’s rapid reaction teams could have helped Ireland recover from the crisis.

He said the unit would help in similar scenarios by “deploying very quickly a dedicated team which we don’t have the capacity to do now. We know that the longer you wait the worse it is, so faster and more solidarity is what you can expect”.

Organisations seek government help

There have been growing calls for government assistance regarding security threats, so the EU commission’s announcement should be a welcome one.

This is particularly true when the damage can have a societal impact, which is increasingly the case as cyber criminals target healthcare facilities, essential services and schools

Launching the proposals, European Commission vice-president Margaritis Schinas said recent attacks were a “nightmare scenario that we have to prepare against”.

Meanwhile, Breton insisted that the new unit will not compete with national cyber entities or duplicate work.

He promised to build a team to provide support virtually and physically, using resources “from one country to another” to deliver operational and technical support.

The EU Commission intends for the Joint Cyber Unit to become operational by June 2022 and be fully established by the following year.

Subscribe to our Weekly Round-up