In an increasingly connected world tackling cybercrime must be a consideration for everyone, says EU Commissioner for the Security Union, Julian King
The first thing that I did this morning was to check if I had any pending updates to install on my smartphone. I recommend to everybody, without apology, this mildly annoying start to the day.
The publication by WikiLeaks, of documents which purport to show that the Central Intelligence Agency (CIA) has been developing its abilities to exploit vulnerabilities in everyday ‘smart’ devices in order to gather information, will inevitably increase our anxiety about the Internet of Things – the interconnection via the internet of computing devices embedded in everyday objects, enabling them to send and receive data.
We appear to be entering a new and darker phase in our relationship with technology – in particular the ‘smart’ variety which is rapidly altering our interactions with everything from our laptops to fridges, cars and, yes, televisions. When machines that we watch for our entertainment become smart enough to watch us back it is time to pause for thought about where this journey from the analogue to the digital world is leading us.
It wasn’t supposed to be like this. Technology’s promise was to make our lives easier but, reading the latest headlines on the capability of intelligence agencies to reach inside our smart devices, you could be forgiven for believing that the utopian future is being transformed into a dystopian present that was predicted with chilling accuracy by George Orwell in his novel ‘1984’.
Exploitation of data by criminals
There is a legitimate debate going on about access to data by national intelligence agencies for specific law enforcement purposes. But, as Europol’s Serious and Organised Crime Threat Assessment 2017 reveals, the activities of national intelligence and law enforcement agencies are being met and matched by highly sophisticated crime syndicates.
For almost all types of organised crime, criminals are deploying and adapting technology with ever greater skill and to ever greater effect. This is now, perhaps, the greatest challenge facing law enforcement authorities around the world.
Cryptoware – ransomware using encryption – has become the leading malware in terms of threat and impact. It encrypts victims’ user-generated files, denying them access unless the victim pays a fee to have their files decrypted.
Europol points out that the online trade in illicit goods and services is an engine of organised crime. Online fraud is now the most common crime in the UK, with almost one in 10 people falling victim. Half of all companies in Europe have experienced at least one cyber security incident. Globally, the cost to society of cyber-attacks and cyber hacking in 2015 was estimated to be around $315 billion.
The dark web, a collection of websites operating on an encrypted network hidden from traditional search engines and browsers, is the criminals’ bazaar where, subject to the right introductions, I am reliably informed that I can rent a botnet for a modest sum which I could use to launch a Distributed Denial of Service attack against anyone I felt like.
As the Internet of Things grows we are inadvertently lowering the threshold both in terms of cost and availability for these attacks. My smart fridge and TV have factory-set security codes, which is insecurity by design. This needs to change.
Working with colleagues across the European Commission, I am determined to implement a plan for reducing our vulnerability to cyber threats by increasing our resilience to attacks, stepping up the fight against cybercrime, investing in cyber security (a public-private partnership launched last year is expected to trigger €1.8 billion of investment by 2020) and strengthening international cooperation.
The NIS Directive (NIS) on the security of networks and critical information aims to ensure that all EU Member States have a national Cyber Security Strategy, a national authority responsible for network and information security, and Computer Security Incident Response Teams (CSIRTs) in place by the time the Directive enters fully into effect next year.
Implementation of this directive by all Member States is the most important step we can take to ensure greater protection of our key infrastructure, and a greater shared understanding and cooperation between all the main actors.
But it’s of course not enough. We also need law enforcement and judicial authorities to have the necessary means to find and punish cyber-criminals. The European Cybercrime Centre at Europol has a key role to play in that respect. Setting up an appropriate legal framework at an EU level is also necessary. We need to continue to work together with the private sector, as a key partner in the fight against cybercrime and cyber security threats.
The interconnected world offers many opportunities for citizens, governments and public and private enterprises to make a positive contribution to society. But it also offers unprecedented opportunities to criminals, terrorists, and hostile states. We must be better prepared for whatever the future holds.
Commissioner for the Security Union