Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...
By George Lynch
The European Union was able for the first time to present a coordinated cyberattack response when it faced the recent WannaCry ransomware hack, the head of the bloc’s network security agency told Bloomberg BNA in an interview.
The scope of the attack, which ultimately affected over 300,000 computers in some 153 countries, provided a real test of new systems put in place under an EU cybersecurity law, European Union Agency for Network and Information Security (ENISA) Executive Director Udo Helmbrecht said.
Helmbrecht has served as ENISA’s executive director since 2009. Prior to his appointment, he served as president of the German Federal Office for Information Security.
Businesses benefited from an improved information sharing and coordination system that allowed them to receive intelligence from companies in other countries that were first hit by the attack. In the WannaCry attack, cybercriminals unleashed a virus that locked user access to data unless a ransom was paid.
The EU Network Information Security (NIS) Directive that took effect in August 2016 allowed an EU-level intervention by creating a structure that the 28 member countries could use to share incident information with each other to combat the serious cyberattack, Helmbrecht said. The NIS Directive tasked ENISA with aggregating information about cybersecurity incidents at the EU level to accommodate businesses that increasingly operate across European country borders.
Helmbrecht said that the information sharing and cooperation among EU member countries, ENISA, and the EU’s central law enforcement agency, Europol, softened the spread of WannaCry throughout the EU and may prove important to law enforcement.
Information sharing about ransom paid via bitcoin to unencrypt the locked data could be posted to ENISA’s website and shared among Europol and national law enforcement agencies to help them in the effort to trace payments to cybercriminals, he said.
Unlike previous cyberattacks, WannaCry affected a variety of critical infrastructure industries, such as hospitals in the U.K. and railway companies in Germany, causing European-level law enforcement and information security organizations to deploy significant resources, Helmbrecht said.
Even the Mirai botnet, which used tens of millions of internet of things devices, such as wireless routers, to conduct a distributed denial-of-service (DDoS) attack in October 2016, was “more business as usual” than WannaCry, Helmbrecht said. “WannaCry was another dimension.”
ENISA set up a taskforce and invoked the EU Standard Operating Procedures allowed by the NIS Directive to manage the WannaCry attack. The directive requires each EU country to designate a Computer Security Incident Response Team (CSIRT); the teams come together in an EU-wide network, with ENISA providing leadership to oversee cooperation among the response teams.
“The principle is you have a national crises management, then when it becomes pan-national crisis management,” then information starts being exchanged, Helmbrecht said. Having Europol as a partner made for faster coordination and quicker information sharing, he said.
“Ransomware is currently the top cyberthreat,” Helmbrecht said. ENISA named ransomware one of the top threats in its Threat Landscape Report 2016.
New cyberattack response protocols and information sharing help mitigate the spread of malware but don’t prevent cyberattacks, Helmbrecht said.
Companies, he said, can be “lazy” in failing to patch their systems, leaving the door open for cybercriminals. To thwart cyberattacks, they must practice better cybersecurity hygiene by updating and patching their systems, he said.
Individual computer users also need to be educated to avoid the temptation to click on email attachments, Helmbrecht said.
Lax data security standards employed by manufacturers of internet-connected devices is also a problem, he said. There is “an obligation on industry to have certain minimum standards.”
Setting stricter liability for industry and mandating security patches may be one solution, Helmbrecht said. Industry also needs to be better at incorporating security by design at the earliest stages of creating new services and products, he said.
ENISA is discussing what sort of cybersecurity labeling, standardization, and certification may be helpful, Hemlbrecht said.
To contact the reporter on this story: George Lynch in Washington at gLynch@bna.com
To contact the editor responsible for this story: Donald Aplin at firstname.lastname@example.org
Copyright © 2017 The Bureau of National Affairs, Inc. All Rights Reserved.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to email@example.com.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to firstname.lastname@example.org.
Put me on standing order
Notify me when new releases are available (no standing order will be created)