Technological developments, including digital technologies, are changing the way we live. Though these changes bring immense benefits, they also present new threats to businesses, critical infrastructure, the wellbeing of citizens and wider security interests.
Addressing the threats posed by emerging digital technologies is a significant challenge for all disaster risk management bodies. Technology is evolving and changing at an exponential pace, making it difficult to keep track of all the potential social implications and regulations.
According to EUROPOL, cybercrime is becoming bolder with data at the centre of the crime scene. Perpetrators can exploit vulnerabilities in current and emerging technologies.
The fast-paced development of digital technologies is transforming European society, the economy and public administration. Digital technologies are changing our daily life, our way of working and doing business, travel and communication. Although these changes bring great benefits, they do not come without risks that can threaten people’s well-being, businesses, critical infrastructure and wider security interests.
There are multiple vulnerabilities and potential targets. Cost is a major obstacle, as perpetrators need to make a relatively small investment to exploit vulnerabilities and cause large-scale damage, while anticipating threats and designing comprehensive defence strategies is a daunting and resource-intensive job.
Cybersecurity threats are continuously on the rise and becoming more sophisticated. Both state and non-state groups use cyber space to pursue their interests, ranging from financial gain to hacktivism or hybrid influencing. According to EUROPOL, cybercrime is becoming bolder with groups being able to exploit vulnerabilities in existing technologies or make use of opportunities offered by emerging ones.
The growing use of new digital technologies means that Europe is susceptible to malicious intent, and may be exacerbated by factors including:
AI and quantum computing can be used for malicious purposes. AI facilitates automated decision-making that could enable new avenues for manipulation and attack. Experts have detailed the emerging threats, cautioning that sometime in the future, quantum computers might be able to break the encryption methods rendering current cybersecurity virtually powerless.
The roll out of 5G will enable more devices to be connected to the internet, at the same time increasing the volume of data generated. 5G will soon become the backbone of many IT applications, including in critical sectors such as energy, transport, banking and health, as well as control systems that include sensitive information. The threat of growing connectivity stems not only from criminal acts, but also from technical accidents. In an increasingly interconnected world, any disruption is likely to have devastating consequences.
It is not onlynew technologies that are giving rise to new threats. Ageing IT and legacy systems/technologies all contribute to the risk of danger as they are more prone to failure and can be easier targets for cyberattacks. Ageing infrastructure has already been identified as a concern in Europe in terms of preventing industrial accidents and operators of nuclear installations have also recognised the importance of this issue.
New technologies and platforms has contributed to the opportunities for adversarial actors meddling in election debates, and spreading disinformation on topics such as migration and vaccinations.
Directive (EU) 2016/1148 on the Security of Network and Information Systems (the NIS Directive) is the first EU-wide law on cybersecurity, and serves as a basis to ensure a high level of security of network and information systems across the EU.
The European Critical Infrastructure directive introduces a common approach for assessing these infrastructures with the aim of protecting the needs of citizens. The proposal for a directive on the resilience of critical entities intends to create an all-hazards framework to support Member States in ensuring that critical entities are able to prevent, resist, absorb and recover from disruptive incidents.
The roll out of 5G networks will also generate new security risks. To address these concerns, in March 2019 the Commission issued the Recommendation on Cybersecurity of 5G networks, inviting Member States to complete national risk assessments of 5G networks, work together at EU level on a coordinated EU-wide risk assessment, and to prepare a toolbox of possible mitigating measures.
Ongoing work to build capabilities and strengthen the culture of cybersecurity remains an important priority in the EU. The emerging complexity of threats calls for closer cooperation across sectorial, institutional and national borders. Thinking has shifted towards building resilience in order to protect critical digital and non-digital infrastructure, which involves focusing on ensuring that infrastructure is equipped to recover from disruption as quickly as possible, rather than aiming to reduce all possible risks.
Critical infrastructures such as railway networks, power stations and telephone grids are under daily attack by cyber criminals.
To reduce the vulnerabilities of critical infrastructures, the European Commission has launched the European Programme for Critical Infrastructure Protection (EPCIP), aimed at improving the protection of critical infrastructure in Europe, across all EU States and in all relevant sectors of economic activity.
The European Reference Network for Critical Infrastructure Protection (ERNCIP) which carries out different research activities to certify that IT components used in industrial environments match adequate security levels. Through the EU Internet Forum, which brings together governments, Europol and the biggest technology and social media companies, there is cooperation to ensure that illegal content, including terrorist propaganda, is taken down as quickly as possible.
Although new technologies bring threats and challenges, they also offer new solutions and tools to improve disaster risk management. Space technologies, such as the EU Copernicus programme, play an important role in supporting disaster risk management, providing satellite imagery, satellite communications and global navigation systems.
The Horizon 2020 work programme includes a dedicated call for research on how to address combined physical and cyber threats to critical infrastructure.
The mandate for the EU Agency for Cybersecurity (ENISA) was increased, making it better equipped to support Member States in tackling cybersecurity threats and attacks.
