According to the report, there is no consistent approach to cybersecurity within the EU bodies, they do not have key controls in place to better protect themselves against it and training in this area is not systematically organised. In addition, the amount that the institutions spend on cybersecurity varies widely from institution to institution. But due to their close interdependence, a cyber attack can cause major problems in the chain.
“The EU institutions, bodies and agencies are attractive targets for potential attackers, in particular groups that can carry out covert, highly sophisticated cyber-attacks for cyber-espionage and other malicious purposes,” said Bettina Jakobsen, the Member of the Court of Auditors responsible for the control led. “To protect its own organisations, the EU must step up its efforts.”
According to the researchers, this can be done first by creating joint cybersecurity rules for the EU and related institutions. In addition, the European Commission should be given a greater role in strengthening cybersecurity cooperation between the individual institutions. In addition, the Court proposed to significantly boost the resources of the Computer Crisis Response Team (CERT-EU).