EU Announces New Joint Cyber Unit to Protect Against Critical Attacks
Friday, June 25, 2021
Nominet, which is the official registry for UK domain names and has a cyber security branch that operates the NCSC Protective DNS program, is unsurprisingly supportive. “There is a middle ground… where countries can benefit from centralized intelligence, overarching strategies and broad reaching tactics,” says Steve Forbes, a government cyber security expert at Nominet. “With similar threats faced across the European Union – particularly against critical infrastructure – often with the same adversaries, pulling together will allow the bloc to make step changes in its cyber defense. The new cyber unit will set a powerful precedent for international collaboration as central to our future global cyber defense.”
But his phrase ‘international collaboration’ raises another concern. The global nature of cybercrime can hardly be deterred by a limited amount of international cooperation. Ilia Kolochenko, CEO and chief architect at ImmuniWeb, expanded on this to SecurityWeek. “International collaboration is indispensable to curb surging cybercrime,” he said. “Thus, the EU initiative is a very promising project. We should, however, bear in mind that coordinated defense, response and eventual prosecution of cybercrime is virtually impossible without cohesive global cooperation.
“The EU countries may face the well-known challenges of foreign jurisdictions that continually refuse to extradite their citizens charged with cybercrime. Moreover, modern nation-state hacking groups increasingly ‘frame up’ some of their rivals (such as neighboring countries) by hacking their infrastructure and then proxying their attacks through the breached systems.
“Eventually, even the best forensic investigation will be misled and likely misattribute the attack. This uncertainty undermines cyber self-defense, as you risk blaming an innocent party, provoking further escalation, and violating international law.”
There is one further common concern about the JCU evolution plan – the introduction of the private sector at the end rather than the beginning of the process. “What is also not clear,” comments Cyren’s Starr, “is how the Joint Cyber Unit is going to work with private industry. More often than not, it is private sector specialists who identify breaches as they have the cutting-edge skill sets to do so.”
The general feeling is that the EU’s JCU is a good idea, but that it does not, and possibly cannot, go far enough. It has some difficult mountains to scale before it can be effective. In the meantime, the Biden approach may be more productive. This can be paraphrased as, “I don’t trust (the other side), but I do expect them to do what we agree… or else…” Read Full Article
Compliance Week: New tech, legal precedent forcing GDPR to evolve
ComputerWeekly: European Union to set up new cyber response unit