With digital crimes that know no borders and terrorism fuelled by bits and bytes, the world is grappling with matters that are poised to disrupt the very way we live. And 2017 is already on course to cement all things cyber security-related as the defining concerns of our times. Looking at the EU’s current security climate, some cyber security trends emerge as future key players, potentially shaping our safety, economy and basic rights.
- Concerns over nation-state attacks
Following the cyber attack on the Bundestag in 2015, the lower house of Parliament saw their internal network sent off line for days while Germany tried to put the pieces of the attack together. In May 2016, the Federal Office for the Protection of the Constitution (BfV) announced that the Russian state-sponsored APT group Sofacy was behind the attack.
In a statement after the attack, BfV’s Hans-Georg Maassen said “Cyberspace is a theater for hybrid warfare. It offers new room for espionage and sabotage…Russian intelligence agencies are also showing readiness (to carry out) sabotage.” The repercussions of nation-state attacks like this and the attack carried out by the Russian-backed APT Group 28 against France’s TV5 in 2015 reach far deeper than merely stealing national secrets. They can devastate a country’s national stability and economy.
- Attacks on critical infrastructure
After a massive damage was caused by a breach at a German steel mill in 2014, the notion that hacks carried out in the digital realm could cause destruction in the physical world became a reality. The unnamed facility was compromised by emails laden with malicious code that stole logins, granting the hacker access to the control systems.
Attacks on critical infrastructure (SCADA) exploit industrial control systems (ICS), putting industries that society depends at risk. This elite group comprises manufacturing, logistics, transportation, energy, utilities such as water, oil and electricity, telecom, agriculture, and food production and distribution services. Security breaches to these systems can have devastating effects, and this reality isn’t lost on hackers looking to cause as much damage as they can at once. These are also systems that tend to be much older, relying on legacy platforms and many factory employees aren’t even aware that their services are connected to the internet. The staggering lack of awareness of the dangers that SCADA carries are enough to make it an area to stay cognizant of in 2017.
- Privacy Concerns
Privacy is a cornerstone of our rights, so many in the EU were delighted when the The European Parliament voted to adopt tougher rules regarding data protection in the landmark General Data Protection Regulation (GDPR) laws earlier this year, overturning the Safe Harbour framework. Starting in 2018, companies failing to properly protect citizens’ data will face fines of up to 4 percent per company and even companies outside of the EU will be subject to the same penalties. This single set of rules will streamline data regulation within the EU, giving citizens back control of their data.
But the balance of privacy and surveillance are never so simple. In August, France and Germany called on the EU to enforce laws making encrypted messages fair game for law enforcement agencies. Privacy advocates argue that weakening encryption is a violation of privacy and to deny one’s privacy is denying a basic human right. If the Interior Ministers who proposed the law have their way, SMS services like WhatsApp, iMessage and Telegram may be forced to decrypt messages when used as part of investigations, whether or not they are based in Europe. For now, the laws have not been passed so look for privacy to be a key issue in the coming months.
- Cyber terror
As terror around the world grows, a new breed of terrorism has arisen – cyber terror. Over the last few years Europe has been home to some of the worst terror attacks, whose perpetrators organized their horrendous actions via the aforementioned SMS platforms, while rallying support via social media. Platforms like Facebook, Twitter and Instagram have all played key roles in recruiting impressionable teens to terror cells across Europe, with devastating effects. And as young people join ranks, they bring along their intense knowledge of all things digital.
Though their true capabilities remain unclear, these groups attract a breed of hacker unfazed by risks or danger. Currently, little is being done to stay on top of cyber terrorism, short of attempting to place restrictions on encryption. The benefit here is obviously limited.
These are just some of the cyber security trends set to affect the EU and its neighbors in 2017. Challenges fill the road ahead but it’s nothing we can’t tackle by working together to create a digitally-fortified Europe.
Yochai Corem is Regional VP EMEA at Cyberbit