EU announces Joint Cyber Unit to tackle escalating online crime

Following the start of lockdowns imposed by the Covid-19 pandemic, hacking activity against corporations more than doubled as cyber criminals exploited security weakened by work-from-home policies. The Commission said that a more coordinated response is now required from countries as cyberattacks grow in number, scale and consequence.

First announced by Commission President Ursula von der Leyen, the Joint Cyber Unit aims to bring together the resources from all the EU member states to bolster their response to cyber incidents. The Unit will act as a platform to ensure an EU coordinated response to large-scale cyber incidents and crises, as well as to offer assistance in recovering from these attacks.

The participants will be asked to provide operational resources for mutual assistance within the Unit, especially information in real-time on threats that could emerge in their respective areas. The Commission hopes to get the Unit operational by the end of June 2022 and fully established the following year.

The EU has also imposed a new code on suppliers of 5G equipment designed to ensure secure networks across the continent. In particular, this follows the controversy around Huawei’s involvement in setting up the next-generation networks after allegations were made that it had strong links to the Chinese Government.

Margrethe Vestager, the Commission’s digital tsar, said: “Cyber security is a cornerstone of a digital and connected Europe. In today’s society, responding to threats in a coordinated manner is paramount. The Joint Cyber Unit will contribute to that goal. Together we can really make a difference.”

Thierry Breton, Commissioner for the Internal Market, said: “The Joint Cyber Unit is a building block to protect ourselves from growing and increasingly complex cyber threats. We have set clear milestones and timelines that will allow us - together with Member states- to concretely improve crisis management cooperation in the EU, detect threats and react faster.”

Members of the unit will come from the EU Agency for Cybersecurity; experts from EU countries; Europol’s European Cybercrime Centre; the EU foreign service EEAS, and the European Defence Agency.

Commenting on the EU's plans, Peter Grimmond, international CTO at Veritas Technologies, said: "The signal from the EC that it could make military defence budget from the EDF available to combat cyberattacks, such as ransomware, as part of its new Joint Cyber Unit initiative, makes it clear how seriously it is taking the growing threat that hackers present. Recent attacks on critical infrastructure, such as the Colonial Pipeline in the USA, have highlighted the real-world consequences of ransomware.

"This has cemented the importance of the issue in the global consciousness and spurred on the creation of international response mechanisms. Every business, and every worker, has their role to play in keeping their data safe. This responsibility will be especially important for firms in the EU in the years until the Joint Cyber Unit is fully established."

Last month, Ireland’s health service was hit by a “very significant” ransomware attack that forced it to shut down its IT systems, causing serious disruption.

This followed the 2017 attack on the UK’s NHS by the Wannacry worm, suspected to be from North Korea, that severely disrupted patient care across the service for several days.