Transport networks across Europe, such as flights, trains and ferries, are becoming increasingly vulnerable to “devastating” cyberattacks, a high-level European Commission document has warned.
A paper prepared for the commission, the European Union’s executive arm, says cyberattacks, when timed with physical threats such as terrorist incidents, “can have a devastating impact, destabilising a country or challenging its political institutions”.
While it does not specifically mention any potential sources of such attacks, it was prepared against a backdrop of increasing concern that Russia could attempt to interfere in upcoming elections in France and Germany and controversy over alleged Russian hacking in the run-up to the US presidential election.
War game-type exercise
Plans are now under way for an EU-wide war game-type exercise later this year to prepare for a potential cyberattack on multiple member states simultaneously.
The paper, seen by The Irish Times, was presented to the commission last month by Sir Julian King, the EU security commissioner who previously served as British ambassador to Ireland.
It outlines work that has already been done to defend against attacks, identifies gaps in existing defences and proposes further action.
It emerged earlier this week there were 110 separate attempts to hack the commission’s servers in 2016, a 20 per cent rise on the year before.
“As we increasingly rely on online technologies, our critical infrastructure such as energy grids, satellite communications and healthcare systems become ever more vulnerable,” the report says.
“Every day, cybersecurities cause major economic damage to the European economy and businesses. This is a key challenge facing the union.”
A number of “critical sectors” are outlined, including transport networks, which are “a recurrent and privileged target for terrorists, and are increasingly vulnerable to cyberattacks”.
The paper says work has begun in “addressing gaps in the field of aviation security, particularly air cargo, passengers and risks from conflict zones, while looking more in depth to rail and maritime security”.
Of “particular concern” is the cybersecurity of flights coming into the EU, which will require greater measures to be taken in countries outside the EU.
Other areas of concern include “water, healthcare, banking, and financial market infrastructure”.
The paper says the wider use of digital technology in the energy sector brings “new vulnerabilities and an increased exposure to cyber attacks, especially in the contest of critical infrastructure and smart grids”.
An example cited is the December 2015 cyberattack on the Ukrainian power grid, which cut power to 600,000 households. This was linked to Russia.
Meanwhile, James Mattis, Donald Trump’s nominee for defence secretary, yesterday branded Russia a “strategic competitor” with which the US will find little common ground, making him the latest of the president-elect’s cabinet picks to break with him on the wisdom of seeking better ties with President Vladimir Putin.
“I’m all for engagement, but we also have to recognise reality in what Russia is up to, and there’s a decreasing number of areas where we can engage co-operatively,” Mr Mattis told the Senate armed services committee as it considered his nomination. The former marine general’s assessment echoed that of committee chairman John McCain, who said Russia “will never be our partner”.
Separately, Representative Mike Pompeo said in a statement issued before his confirmation hearing for CIA director yesterday that “Russia has reasserted itself aggressively, invading and occupying Ukraine, threatening Europe, and doing nearly nothing to aid in the destruction of Isis”.
On Wednesday, secretary of state nominee Rex Tillerson called Russia a “danger” whose actions run counter to US interests.