Threat Intelligence Expert On EU Joint Cyber Unit


The European Commission is today laying out a vision to build a new Joint Cyber Unit to tackle the rising number of serious cyber incidents impacting public services, businesses and citizens across the European Union.
The Unit will allow national capitals hit by cyberattacks to ask for help from other countries and the EU, including through rapid response teams that can swoop in and fight off hackers in real time. The plan would also set up a platform for cybercrime police, cyber agencies, diplomats, military services and cybersecurity firms to coordinate responses and share resources. 

Notify of

3 Expert Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Kurt Glazemakers
InfoSec Expert
June 23, 2021 1:26 pm

<p>I do think this initiative is a good idea. Cyberattacks are getting more and more sophisticated, and some of them are organised on a nation state level, and by well built-out organisations. It is key to share the knowledge and lesson’s learned to better protect governments and enterprises. Most governments and enterprises don’t have the knowledge to properly investigate cyberattacks and their root cause. The SolarWinds’ attack was an eyeopener for many organisations, where they realized they would have been compromised as well if they had the SolarWinds product installed in their network.</p>
<p> </p>
<p>The initiative will not stop or deter the cyberattacks, but it could reduce impact and will help to build better defense against those threads by sharing expertise.</p>
<p> </p>
<p>Europe has not been the fastest to make decisions like this and hand over controls and regulations from the nation to the European level has always been difficult, unless there is a sense of urgency or real benefit for the individual nations. The sense of urgency has definitely been raised with the SolarWinds hack and Colonial pipeline attack as one of the latest addition, where the first was an eye opener in the sophistication of the attack, while the Colonial pipeline was an eye opener on the economic impact. It is just a matter of time until the next one will hit.</p>

Last edited 1 year ago by Kurt Glazemakers
Andrey Yakovlev
Andrey Yakovlev , Security Researcher
InfoSec Expert
June 23, 2021 1:17 pm

<p>It is always good to have international agencies cooperate to solve crime, in my opinion. Cybercrime is typically a multi-state operation. For example, a server may be located in one country\’s data center, whereas the domain may be registered by a registrar from another country and the attacker sits in a third. Having a reliable framework that can help minimize bureaucracy and act faster on subpoenas? Sounds like a great initiative.</p>
<p><strong> </strong></p>
<p>This initiative might deter some cyber criminals, but it likely won’t make much of a dent overall. We might see more news about European criminals getting arrested, we may hear more news about successful dismantlers of cybercrime infrastructure. But at the end of the day, what does it do to a cyber criminal who’s sitting in Russian Saratov or in Chinese Shanghai? </p>
<p> </p>
<p>The net is that they will scramble, shift their tactics, and continue. Serious money makers are not likely to stop; they make some serious money, so they view their efforts as well worth the risks.</p>
<p><strong> </strong></p>
<p>There are already alliances and frameworks that aid cooperation throughout different states in the fight against cybercrime. Take the Five Eyes intelligence alliance, for example. Although created in the 1940s, the agreement allows for cooperation in cyberspace. Personally, I think this new EU initiative is a response to the cyber-offensive that goes on in the world, but it\’s not only about the attacks themselves, it is also about the way attackers behave. Let\’s take ransomware gangs for example, whose attacks I\’m sure were part of the reasoning for the creation of this organisation.</p>
<p> </p>
<p>Apart from targeting governmental agencies and critical infrastructure, ransomware gangs began to behave like LLC or LTD companies – over time, they started doing marketing, inviting media outlets, competing with each other – all to attract the right kind of attention. This is one of the reasons ransomware affiliates were removed from cybercriminal forums. Too much noise.</p>

Last edited 1 year ago by Andrey Yakovlev
Jens Monrad
Jens Monrad , Head of Intelligence, EMEA
InfoSec Expert
June 23, 2021 1:07 pm

<div><span style=\"font-family: Arial;\">When considering today\’s threat landscape, especially ransomware which impacts both government and private organisations, the political attention cyber attacks are getting today is most welcomed. However, it remains to be seen how effective it will be when it comes to a joint task force deploying response teams across the EU. Today, many EU countries still control their national security, and even within agreed EU treaties, there are exempts on law enforcement collaboration. <u></u><u></u></span></div>
<div> </div>
<div><span style=\"font-family: Arial;\"> <u></u><u></u></span></div>
<div><span style=\"font-family: Arial;\">There should be an even stronger focus on private-government collaboration, similar to what we have observed in the United States. The rapidly evolving cyber threats and the future threat landscape calls for a more vital private-government partnership where information on threats can be shared and communicated effectively across EU member states.<u></u><u></u></span></div>
<div> </div>
<div><span style=\"font-family: Arial;\"> <u></u><u></u></span></div>
<div><span style=\"font-family: Arial;\">When we look at the current cyber threat landscape, it is genuinely borderless and a global challenge. There is certainly a need for more political involvement to address the fact that some of the most impactful cyber threats like ransomware still seem to operate with impunity from countries that appear to offer a degree of safe harbouring as long as the cybercriminals do not target their own country or region.</span></div>

Last edited 1 year ago by Jens Monrad
Information Security Buzz
Would love your thoughts, please comment.x