Europe tries to block the "spillover" of cyber attacks from the war in Ukraine

Europe tries to block the spillover of cyber attacks from the war in Ukraine

Athens - Three weeks ago, as Russia unleashed its invasion of Ukraine, US satellite connection company Viasat reported a partial blackout of its services for Ukrainian and other European customers. A block to broadband services guaranteed by the Ka-Sat satellite, which the company immediately attributed to one of the many cyber attacks that occurred close to the attack in Moscow. And of which Viasat still suffers the aftermath. On Twitter Netblocks, an organization that oversees the freedom of access to the network, has published data showing that, 18 days after the accident, Viasat was unable to fully restore connectivity to the Ka-Sat network.

"About 27 thousand users across the EU states were affected by the incident," notes the executive director of the European Cybersecurity Agency (Enisa), Juhan Lepassaar. The Viasat case, for the number one in authority, is an example of the spillover of the cyber conflict between Russia and Ukraine that Brussels wants to avoid at all costs. Nobody wants to relive the script of NotPetya again, a ransomware attack directed against Ukraine that then spread like wildfire all over the world and of which cyber technicians employed by the Russian secret services are accused. It was the year 2017.

Twitter content This content can also be viewed on the site it originates from.

The risk is there. European companies with offices or subsidiaries in Ukraine, Russia or Belarus have been hit by cyber incidents that most likely originate from clashes in what in NATO jargon is called the "fifth domain", or cyberspace. At the moment, however, the spillover cases have been contained.

As Lepassaar explains in an interview with on the occasion of the inauguration of the new headquarters in Athens (even if the move dates back to July 2021), “in the last two months we have seen an important escalation in the threat landscape and since the beginning of Russia's aggression on Ukraine, we have seen a large increase in cyber attacks against Ukraine, Russia and Belarus. However, what we have not seen is a large spillover of these events in the cyber space of the Union. This does not mean that there have not been, on the contrary. But if you look at the overall level and average of cyber incidents within the Union last year and in 2020, the increase was not significant ".

At the inauguration of the Enisa headquarters: from left, the agency's executive director, Juhan Lepassaar; the Greek Minister of Digital, Kyriakos Pierrakakis and the Vice President of the European Commission, Margaritis Schinas Luca Zorloni / Wired Russian Technologies in the crosshairs Enisa, headquarters in Athens in a former palace used during the Second World War by the archbishop for intelligence purposes against the 'German occupation, is coordinating the cyber defenses of the Union, networking between national agencies, local cybersecurity incident response teams and operators who manage essential services or critical infrastructures, from health to energy, from finance to telecommunications. Those who cannot be stopped, at the cost of blocking the daily lives of thousands of people.

“We are not waiting and hoping that the situation will pass - assures Lepassaar -. We are actively working with the community to raise our resilience and the capacity to act. "

One of the hot spots on the political agenda of these weeks concerns Russian technologies in force in companies or public offices in Europe. One above all the antivirus produced by Kaspersky, among the best on the market, however, which ended up in the crosshairs due to the risk that it could be manipulated to carry out attacks on the orders of the Kremlin, as highlighted by some cybersecurity experts.

At the inauguration of the Enisa headquarters: from left, the vice president of the European Commission, Margaritis Schinas; the agency's executive director, Juhan Lepassaar, and the Greek digital minister, Kyriakos Pierrakakis Luca Zorloni / Wired The German cyber security authority, Bsi, has urged their removal, to the point of pushing company founder Eugene Kaspersky, to take a pen and paper and write a message stating that "no trace of the use or abuse of Kaspersky for harmful purposes has ever been discovered or proven in the company's twenty-five-year history" and that "the decision of the Bsi was taken only for political reasons ".

In Italy the homologous Agency for National Cybersecurity (Acn), without directly mentioning the company, has issued a communication, viewed by, in which it invites to analyze the evolution "of the international situation and the geopolitical framework ”, which makes it“ in particular, appropriate to consider the security implications deriving from the use of information technologies provided by companies linked to the Russian Federation ”. "Among these, information security is of particular importance due to the high level of invasiveness with respect to the systems on which they operate - specifies the Acn -. Given the need to have such technological solutions, it is not excluded that the effects of the conflict may compromise their reliability and effectiveness, for example being able to affect the ability of supplier companies linked to the Russian Federation to ensure adequate support for their products. and services ".

Should we delete Kaspersky's antivirus? The Russian company targeted by the European cybersecurity authorities. For Germany it is to be removed. Italy, without mentioning it, pays attention to it for its high circulation in public offices. A question of the international situation, due to the Russian invasion of Ukraine, rather than the quality of the software Read the article A question of state "It is essential and urgent that each national authority proceed with its own risk assessment on the supply chain and that it includes all the risks that come from cybersecurity suppliers, up to the top players who are connected to the warring parties - observes the director of Enisa -. And specifically in the case of Russian service providers, national authorities must assess the risks and take appropriate measures. We see that a number of states have already issued recommendations and warnings and we believe it is appropriate that they have done so and it is important that they continue to do so ”. "We are in contact with the national authorities to coordinate some of these steps", continues Lepassaar.

At the moment, however, Enisa will not be dictating a common line. First, because, if desired, a rule that acts as a compass it already exists: it is the toolbox launched by the Commission on 5G, when the problem was to screen telecommunications providers, especially from China.

Secondly because, says Lepassaar, "it is an urgent matter" , on which states can move faster if they act directly. And very practical: you can't give up a supplier before you have found a replacement. Least of all when it comes to cyber security. A hasty exit could be just as dangerous. It is. the issue that the Italian Acn has to face after recommending that Russian technologies be reviewed. According to, the authority led by director Roberto Baldoni is also coordinating with the central ac quisti of the public administration, Consip, to identify alternatives to Kaspersky and speed up boarding, before unplugging the Russian antivirus, which is now used in over 2,800 contracts of Italian public bodies.

WiredLeaks, how to send us an anonymous report Read the article The price of investing little The emergency dictated by the war in Ukraine highlights one of the structural problems of Europe even more: between public bodies and companies, the investments destined for cybersecurity have not yet reached the level necessary to face the threat scenario. “We must invest in the resilience of companies, hospitals, transport service providers and energy operators - points out Lepassaar -. What we have seen is that the level of investment among what we consider essential or critical service providers is not high. In our 2020 study it emerged that on average European organizations invest 40% less than their US counterparts in IT security ".

Enisa's new headquarters in Athens Luca Zorloni / WiredE the perimeter to be monitored is destined to increase. Parliament and the European Council are in the negotiation phase of the revision of the NIS directive on network security, the first version of which was approved in 2016 and entered into force in 2018. If it goes through as it is emerging from the drafts under discussion, it will extend the cyber security obligations to new sectors, such as commerce, universities, research centers and public bodies. “It is estimated that with the NIS2 proposal, 160,000 new entities will have to deal with IT security as they have never done before”, says the director, in addition to those already covered. And he adds: "I think that states and organizations need to review their investment policies, their ability to direct resources and, since the situation is not rosy, we need to make this a priority for frontline entities" .

Another aspect that could determine Nis2 is a minimum threshold of entities that must abide by its rules. Today it is up to the States to register the operators they deem essential, a system that leads some countries, such as Finland, to place thousands of companies under the NIS shield and other chancelleries to be under a hundred. Tomorrow, however, if the current proposal passes, the procedure should be harmonized to ensure a minimum level of common safety.

The war in Ukraine isolates Russia in the world of telecommunications Moscow's candidates cut off from the direction of the working groups of the International Telecommunications Union, after a vote that isolates the Kremlin but also opens up future counts on network governance standards Read the article Europe seeks a place in the sun According to Lepassaar, “in terms of policies, the Union is widening the debate” on cybersecurity. From cloud initiatives to the new cyber resilience bill, to establishing common security rules for digital products and associated services placed on the market in the Union, Brussels is pushing on the rules to catch up in a critical and low-suffering sector. investments and few technological champions.

“The age of innocence is over - the comment of Margaritis Schinas, Vice-President of the European Commission with responsibility for the promotion of the European lifestyle (which also includes internal security -. We are building a system of regulatory responses to threats ". To Schinas explains that Enisa, which now has 120 people," received a doubling of its budget in 2019 "(currently the annual one is around 24 million euros) and" other funds will arrive from the Digital Eu program, to develop and deploy its intervention capacities ".

One of the fields in which Brussels wants to invest are joint cyber units (which President Ursula von der Leyen had already spoken about in July 2021), that is, says Schinas, "a network of computer experts from the various states in constant contact, who can act together in a European dimension." In the meantime, after sending "computer experts to Ukraine" in tandem with the i external action of the Commission (a sort of Union Foreign Ministry), Schinas explains that Brussels "is ready to do more, based on the situation on the ground".

Powered by Blogger.