The EU must invest more in cybersecurity to prevent attacks aimed at critical infrastructure and destabilising societies. Given the cross-border nature of cybercrime, stepping up information exchange among police and judicial authorities and cybercrime experts is vital to effective investigation and electronic evidence gathering, says Parliament in a resolution voted on Tuesday.
MEPs regret that preventive measures taken by individual users, public institutions and businesses remain wholly inadequate, primarily due to a lack of knowledge and resources. They point out that the EU, its institutions, national governments and parliaments, companies and networks are acutely vulnerable to sophisticated attacks engineered by large criminal organisations or terrorist groups, or groups sponsored by states. They also condemn any system interference undertaken or directed by a foreign nation or its agents to disrupt the democratic process of another country; Parliament advocates, inter alia:
· improving information exchanges through Eurojust, Europol and ENISA,
· give Europol and Eurojust “appropriate resources” to accelerate the detection, analysis and referral of child abuse material and improve the identification of victims,
· ensuring that illegal online content be removed immediately by due legal process or that access is blocked from EU territory when removal is not feasible,
· investing in education to solve the lack of qualified IT professionals working in cybersecurity,
· promoting the use of encryption and other anonymisation tools,
· using EU funds for free and open-source software-based research into IT security,
· launching awareness campaigns to ensure that children, but also public administrations, vital operators and companies learn how to be safe on line,
· setting up teams to which businesses and consumers can report cybersecurity, incidents and establish databases to record all types of cybercrime,
· ensuring that law enforcement authorities have access to relevant information, such as who is the user of a certain IP address in the context of criminal investigations,
· encouraging the ICT security community to engage in “white hat” hacking and the reporting of illegal content, such as child sex abuse material, and
· updating the EU legal framework on cybercrime, including harmonised rules for determining the status of an online provider as domestic or foreign,
The non-legislative resolution was approved by 603 votes to 27, with 39 abstentions.