Video: Lords slam 'shocking lack of co-operation' on cyber defences

There is a "shocking lack of co-operation" between the European Union and Nato in defending member states against cyber attacks, a House of Lords committee has found.


There is a "shocking lack of co-operation" between the European Union and Nato in defending member states against cyber attacks, a House of Lords committee has found.

The development of defences against cyber attacks should be a priority for all member states, the House of Lords European Union Committee said, recommending that "they urgently develop their thinking on working together".

"Just as with other aspects of civil protection, there is considerable overlap between the roles of the EU and Nato in relation to cyber attacks, and co-operation between them should be put on a more formal basis," the lords said.

The inquiry looked at how EU member states and companies could defend themselves and their critical information infrastructures against criminal and politically motivated cyber attacks and other major network disruptions.

The investigation follows distributed denial of service attacks on Estonia and Georgia, on-going attacks by Chinese and others on UK and US government departments and private organisations, and White Noise, a UK network failure exercise late last year.

The lords said global dependence on the internet meant that any significant disruption to networks could have potentially catastrophic consequences for a state's security and could have a worldwide impact.

The report said the global nature of the internet meant that no individual states or group of states could be seen in isolation. Some form of intervention at an EU level was appropriate, it said.

But the lords did not support plans for an EU-wide network failure exercise later this year. The internet infrastructure in too many countries was underdeveloped, they said. A resilience exercise involving the US might be beneficial, they added.

The lords also dismissed European Commission proposals to set up national and governmental computer emergency response teams (Certs).

Certs would benefit less advanced member states, it said, but there was little evidence that a national Cert would benefit countries such as the UK, where sector- and company-specific Certs were well developed.

Despite this, the lords recommended extending the mandate of the European Network and Information Security Agency (Enisa), an EU cybersecurity consultancy that proposed both the exercise and the national Certs network.

Lord Jopling, chairman of the sub-committee on home affairs, said the government and the EU should consider how to develop cyber security on a global basis.

"The internet has no borders, and it is important that any proposals from the commission are considered in a global context," he said.

A first step was better cooperation with Nato, followed by dialogue with the US, Russia and China. These would be essential to become more robust against cyber attacks, he said.

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.