'We must avoid a digital 9/11', EU experts say
May 27, 2008, 12:52 GMT
Brussels - Six million computers worldwide have already been taken over by remote viruses, and social networks such as Facebook put an ever-increasing number of people at risk from data theft, the heads of the EU's web-security agency warned on Tuesday.
The internet was 'born free,' but that makes it 'good for the good guys and the bad guys: security is a race between the two,' Andrea Pirotti, head of the Crete-based European Network and Information Security Agency (ENISA), told Deutsche Presse-Agentur dpa.
According to ENISA, which was set up in 2004 to provide EU member states with expert advice on internet-security issues, the volume of spam emails hitting European computers has gone up by 10 per cent in the last year, and now costs internet service providers some 64.5 billion euros (102 billion dollars) a year - double the sum in 2005.
The massive popularity of social networks such as Facebook, meanwhile, has made users increasingly vulnerable to data theft.
'Users should be more aware of the fact that they don't really control who has access to their profiles,' Dr Ronald de Bruin, head of ENISA's cooperation and support department, said.
Clients who pay to use the services on such sites can be given a certain number of existing users as 'friends' and access their pictures and profiles without those users' knowledge, he explained.
And the overwhelming shift by governments, banks and businesses to web-based work leaves them potentially vulnerable to coordinated attacks, which could have a catastrophic impact on everything from energy transmission to basic communications.
'We must avoid a digital 9/11 ... Imagine what could happen in a broad-scale attack on the European economy,' Pirotti said.
ENISA's response has been to advise and help EU member states in setting up their own Computer Emergency Response Teams (CERTs) - groups of experts trained in identifying and neutralizing web-based attacks, and often referred to as 'digital fire brigades.'
When ENISA was founded, only nine European governments - Britain, France, Germany, the Netherlands, Hungary, Norway, Sweden, Finland and Denmark - had their own CERTs.
By 2008, and thanks in part to the agency's combination of technical advice and expert contacts in other member states, Italy, Austria, Spain and the Baltic states had set up their own government CERTs.
A further 10 EU members are set to open theirs in the next 18 months, and cooperation between states is improving steadily, ENISA's experts say.
For example, France is helping Luxembourg to set up a CERT, in return for help organizing public-awareness campaigns, de Bruin said.
But there is 'clearly a margin for improvement' in the way EU member states share their information, he added.
Indeed, one of ENISA's goals is to devise at least five different models by which EU member states can work together on internet security. Another is for the centre to become the 'point of reference' on web security for at least 15 EU states, de Bruin said.
But with only 50 staff in a union whose population approaches 500 million, ENISA experts acknowledge that it will be up to EU states and citizens to fight the front-line battles of web security.
'We're a network agency: our organization is not so much about technology as about people. It's about bringing people together to make it work,' de Bruin said.© Deutsche Presse-Agentur