Different Directorate Generals (DGs) from the European Commission are now addressing cybercrime: the lead DGs are Information Society and Media (DG INFSO) and Justice, Freedom and Security (DG JLS). Cyber crime became a priority of DG JLS when Commissioner Jacques Barrot succeeded Commissioner Franco Frattini in May 2008.

Following a strong belief that action needs to be taken at EU level to combat international threats (especially following the cyber attacks in Estonia in 2007), The European Commission has recently developed comprehensive policies to strengthen security of and trust in the information society. On 27 April 2009, Commissioner Reding, responsible for Information Society and Media,declared  that

“Europe must do more for the security of its communication networks. Europe needs a 'Mr Cyber Security' as we have a 'Mr Foreign Affairs', a security tsar with authority to act immediately if a cyber attack is underway." 

ENISA , European Network and Information Security Agency, is the EU agency dealing with Network and Information Security within the European Union. ENISA has been the subject of criticism that it has limited competencies and does not ensure an appropriate level of exchange of information.

On 30 March 2009, the European Commission published a Communication on “Critical Information Infrastructure Protection”. The suggested approach in this Communication includes five pillars to tackle EU vulnerability to its critical information infrastructure :

• Preparedness and prevention: to ensure preparedness at all levels;
• Detection and response: to provide adequate early warning mechanisms;
• Mitigation and recovery: to reinforce EU defence mechanisms for critical information infrastructure;
• International cooperation: to promote EU priorities internationally;
• Criteria for the ICT sector: to support the implementation of the Directive on the Identification and Designation of European Critical Infrastructures.

The complementary European Programme for Critical Infrastructure Protection (EPCIP)  and Directive on the Identification and Designation of European Critical Infrastructures identify the ICT sector as a priority sector. Another important element of EPCIP is the Critical Infrastructure Warning Information Network (CIWIN).

The EU telecoms package addresses different aspects of cyber-crime (including the question of processing IP addresses under the review of the ePrivacy Directive). The review of the Regulatory Framework for electronic communications networks and services contains new provisions on security and integrity. Some provisions aim to strengthen telecoms operators’ obligations to ensure that appropriate measures are taken to meet identified risks, guarantee the continuity of supply of services and notify security breaches.

In addition the DG JLS is developing a broad range of EU initiatives which address criminal attacks against networks and information systems. DG JLS has a broad definition of cyber crime as it also includes more traditional crimes such as fraud or the dissemination of illegal material such as those relating to child sexual abuse.

By taking part in lobbying actions on EU parliament European organisations can have a say on European cybercrime laws regarding offensive and defensive capabilities.

So anyone for the role of Mr Cyber Security?

For Further Reading
2008 News on European Union Cybercrime Agenda
Comment Directly on Policies Being Made in the EU
EU Critical Information Infrastructure Protection Strategy
Corporate Lobbying via an Agency
Cabinet Office UK National Security Strategy