Britain has pressed the European Commission to introduce tighter and uniform security features for national emissions registries to prevent fraud after almost 3.4 million carbon permits were stolen.
Emissions registries administer and transfer EU carbon permits under the bloc's emissions trading scheme. A coordinated cyber attack on some registries last month resulted in the theft of 50 million euros' worth of permits.
“The registries are in many ways akin to bank accounts, and we believe that similar security features should be standard across EU registries,” Greg Barker, the UK's minister for climate change, wrote in a letter to EU Climate Commissioner Connie Hedegaard.
“These include universal adoption of 'two-factor authentication', where access to the registry needs more than just a password, but also an additional confirmation of identity similar to the card-readers increasingly used by banks.
“We would like to see more regular and frequent testing of the vulnerabilities of registries and updating of the software used to protect these registries,” Barker added.
The European Commission shut down registries for over two weeks while they increased security measures. So far, seven national registries have reopened; they include Spain, France, Germany, the Netherlands, Slovakia, the UK and Portugal.
A spokesperson for the commission, said it could not comment on the content of the letter at this stage.
“What I can tell you is that the minimum security requirements are confidential. They are similar to those applied for other sensitive IT systems, like electronic banking systems.
“The requirements are designed to ensure that every company holding allowances in a national registry enjoys an adequate level of security to protect the allowances against online fraud.”
The commission was in the process of reviewing security reports submitted by member states and the adequacy of their security measures put in place, the spokesperson said.