EU looks to extra spending, diplomacy to bolster cyber security

BRUSSELS/FRANKFURT (Reuters) - The European Commission wants to bolster cyber security in the EU by increasing investment in technology, setting stricter consumer safeguards and stepping up diplomacy to deter attacks by other nations, among other measures.

A hooded man holds a laptop computer as blue screen with an exclamation mark is projected on him in this illustration picture taken on May 13, 2017. REUTERS/Kacper Pempel/Illustration

The Commission is due to announce its proposals in a report later this month, a copy of which was obtained by Reuters on Wednesday. It also argues for greater national and law enforcement cooperation to halt incoming attacks.

The report calls for a short-term injection of additional EU spending to achieve both a critical mass of investment and overcome fragmentation within the region, calling a previous 2016 plan to spend 1.8 billion euros ($2.1 billion) by 2020 a “first step”.

It cited public and private estimates that the impact of cybercrime on the EU rose fivefold between 2013 and 2017 and could rise another four times by 2019. Europol puts these losses at 265 billion euros ($316 billion) per year.

In its report, the European Commission calls for increased technical capacity to investigate cyber attacks, as well as investment to promote a stronger regional cyber industry.

“In order to increase our chances of catching perpetrators, we need to improve our capacity to attribute cyber attacks to those responsible,” it says.

One specific issue it aims to address is to develop a European encryption capability using next generation quantum technologies as a basis for secure digital identification systems, intellectual property protections and safe ecommerce.

The EU is looking to establish a “duty of care” principle for vendor product and software development in this arena and promised early in 2018 to put forward concrete proposals to give law enforcers cross-border access to electronic evidence.

Another proposal calls for the creation of a European Cybersecurity Research and Competence Centre to coordinate proposed solutions, part of plans to strengthen the existing European Union Agency for Network and Information Security.

The review, announced in May, is part of the EU’s mid-term course correction of its digital strategy. Some proposals must first be approved by member states and the European Parliament.

The report aims to develop a policy framework to galvanize all parties - the EU, member states, industry, as well as citizens - to build better resilience and bolster the EU’s response to cyber attacks.

“The framework constitutes a first step in developing signaling and reactive capacities at EU and member-state level with the aim of influencing the behavior of potential aggressors,” it said of response to attacks by other nations.

($1 = 0.8393 euros)

Reporting by Eric Auchard and Julia Fioretti; Editing by Susan Fenton