EU pledges to protect cyber infrastructure

Purchases and sales over electronic networks in Europe amounted to 11 per cent of the total turnover of European Union companies in 2007, while over three quarters of businesses accessed banking services via the internet and two thirds used online public services.

Electronic communication services and networks provide the backbone of the European economy, according to the EC, and the risks posed by natural disasters, terrorist attacks, malicious human action and hardware failure could have a devastating impact if they are not dealt with quickly.

"The information society brings us countless new opportunities, and it is our duty to ensure that it develops on a solid and sustainable base," said Viviane Reding, commissioner for Information Society and Media.

"Europe must be at the forefront in engaging citizens, businesses and public administrations to tackle the challenges of improving the security and resilience of Europe's critical information infrastructures. There must be no weak links in Europe's cyber security."

The strategy follows high-profile cyber attacks against Estonia, Lithuania and Georgia last year, and predictions that there is a 10 to 20 per cent chance that telecoms networks will be hit by a major breakdown in the next decade.

Reding warned that, even putting aside the threat of cyber terrorism, damage to submarine data cables could easily be a potential source of disruption, as could other hardware failures or natural disasters.

The EC pointed out that the approaches and capacities of member states differ widely, and that a low level of preparedness in one country can make others more vulnerable, while a lack of co-ordination reduces the effectiveness of any countermeasures.

The new initiative builds on the Strategy for a Secure Information Society (PDF) developed by the Commission in 2006.

The EC wants businesses, public administrations and citizens to focus on being prepared for all eventualities through the exchange of information and transfer of good policy practices between member states via a European forum.

It also aims to set up a European Public-Private Partnership for Resilience, which will help foster co-operation between businesses, and share information with public authorities to ensure that adequate and consistent levels of preventive, detection, emergency and recovery measures are in place in all member states.

The initiative also supports the development of a European information sharing and alert system, as well as regular exercises for large-scale network security incident response and disaster recovery.

Finally, the initiative seeks to drive a Europe-wide debate to set EU priorities for the long-term resilience and stability of the internet.

The EC will propose principles and guidelines to be promoted internationally, and establish criteria for European critical infrastructure in the ICT sector as the approaches currently vary across member states.