Eugene Kaspersky, the anti virus entrepreneur, did not mince his words at a recent conference. He warned that the new Flame Virus aimed at the Middle East was 20 times larger and more complex than the Stuxnet worm discovered in 2010 targeted at disrupting Iran's nuclear facilities.

Another example: Two years ago cyber thieves stole 30 million euros' worth of carbon allowances from the European carbon trading exchange, forcing trading to cease for some days on order of the European Commission. A third recent incident: the social and business networking website LinkedIn had six million user passwords leaked online after users were targeted by fake emails asking them to confirm their login details in a so called "phishing attack" by hackers.

Cyber crime is a broad church, including denial of service attacks, attacks on critical infrastructures (like the Stuxnet worm), botnets which marshal thousands of innocent owners' computers to do cyber criminals' work, malware, online frauds, and child pornography picture trading. It is a costly problem - £27bn a year just in the UK, according to a 2011 Home Office study and it is growing threat as more and more services like taxes and benefits payments migrate online.

It is also under reported. A lot of scams affect millions of individuals but only small sums per individual, so many feel it's not worth going to the police about. And companies have their own reasons. Their incentives are misaligned. They are unwilling to disclose problems for fear of losing customers as their reputations would take a hit for being insecure. Many do short term fixes on their systems and price fraud into their business model. And keep very quiet about breaches.

Law enforcement agencies are arguably understaffed, though the situation is getting better. Europol, the EU policing agency, has just 7 out of 457 staff dealing with cybercrime from its shiny new offices in the Hague, according to a Commission-funded report. CEPOL, the UK based European police college, does not have cybercrime experts among its 42 staff.

Law enforcement agencies are put off by jurisdictional failures from covering crimes of an essentially global and dispersed nature. Communicating by instant messenger or through bulletin boards websites, malware writers, malware distributors, and credit card abusers are all different people who may never meet and are located in different countries. Clear up rates are low.

A dozen EU countries have separately adopted national cybercrime strategies, among them the UK. The cybercrime unit will be an important part of the new National Crime Agency launching next year, according to the UK's "Mr Cyber", cabinet office minister Francis Maude. But cybercrime is one of those areas crying out for international coordination and several initiatives are afoot. NATO is developing its own strategy, and has its own cyber warfare centre in Tallinn, Estonia. The EU itself at the end of May agreed to set up a cybercrime centre (ECCC) at Europol, consisting of 55 persons that will help coordinate national efforts. The European Commission will also be proposing new legislation in the third quarter of 2012 making notification of security breaches compulsory for companies in the energy, transport, banking and financial sectors. The requirement to report could worsen the reputational damage to companies that have experienced security breaches. So rather than do that they will spend more on security to lower their vulnerability, officials say. Telecoms and internet firms are already subject to reporting obligations.

You have to ask whether the ECCC is an effective solution, though. According to the Commission's own estimates, 8 trillion dollars a year changes hands through e-commerce. The Commission-funded feasibility study* proposes a three million euro budget for the ECCC for its first year of operation. That is not a lot when you look at the science prizes of up to one billion the EU is handing out for basic research projects - or compared to the $57bn budget for the US Department of Homeland Security.

* http://tinyurl.com/cp9hjl7

-------------------------
Pelle Neroth -- EU correspondent