The European Union has released a comprehensive cybersecurity report highlighting significant risks in the communications and power sectors. The assessment, released on Thursday, identifies supply chain vulnerabilities, particularly in 5G networks and renewable energy infrastructure. Key concerns include a shortage of cybersecurity experts, threats from cybercriminals and state-sponsored actors, and attacks on roaming infrastructure.
The report recommends the establishment of an EU framework on cyber situational awareness, improved crisis management capabilities, and supply chain security. With the Digital Operational Resilience Act (DORA) set to strengthen cybersecurity in the financial sector by January 2025, the EU is taking decisive steps to strengthen overall cyber resilience and protect critical infrastructure from evolving threats.
Why this is important:
As the number of digital services and activities expands, the threats grow accordingly. In this regard, the EU has taken steps to strengthen security and prepare for cyber attacks, but there is still much to be done, given existing vulnerabilities.
Threats to the telecommunications and power sectors
The report outlines several specific threats to the EU’s communications and power sectors, including ransomware, data wipers and the exploitation of zero-day vulnerabilities, particularly affecting operational technology. Additionally, the physical destruction of cable infrastructure and the jamming of satellite signals are also major challenges. These vulnerabilities are exacerbated by a shortage of cybersecurity experts and the presence of malicious insiders, particularly in the power sector.
In the telecommunications sector, attacks via roaming infrastructure and large-scale bot networks are major concerns. The rollout of 5G promises improved connectivity but comes with its own risks. Supply chain security issues, especially reliance on high-risk third-country providers, further complicate the situation. Jamming of satellite signals and physical destruction of infrastructure are difficult to mitigate, highlighting the need for robust security measures.
The power sector faces unique challenges, including threats from malicious insiders. Talent vetting and retention of cybersecurity talent remain major hurdles. The integration of renewable energy infrastructure creates new vulnerabilities, making enhanced cyber resilience imperative. The report highlights the need for continuous risk assessment and implementation of resilience-enhancing measures to protect this critical sector.
Cybercrime comes back stronger after Lockbit shutdown
Despite recent high-profile police actions against major cybercrime groups like LockBit, ransomware attacks continue. At least 147 ransomware cases were reported in the Netherlands last year, but this is likely just the tip of the iceberg. Experts warn that cybercrime remains highly lucrative, with some groups making millions of dollars in a matter of months.
Suggestions for improvement
The report offers several recommendations to strengthen cybersecurity. Member States are encouraged to carry out further self-assessments in line with the NIS2 and CER cybersecurity directives. Improving collective cyber situational awareness and information sharing is essential, especially in the context of geopolitical threats. It is also recommended to strengthen contingency planning, crisis management and operational cooperation between sectors. Addressing supply chain security is crucial, and a follow-up assessment of reliance on high-risk third-country providers is called for.
The EU has emphasised the need for a comprehensive framework for supply chain security, including the establishment of an EU framework focusing on high-risk third country providers. The European Cybersecurity Competence Centre (ECCC) in Brussels, together with the National Coordination Centres (NCCs), aims to strengthen Europe’s cybersecurity capabilities and boost funding for resilience measures.
The role of the Digital Operational Resilience Act (DORA)
DORA, due to be implemented by 17 January 2025, will play a pivotal role in strengthening cybersecurity in the financial sector: It introduces a pan-European oversight framework for critical ICT third-party service providers. The regulation aims to consolidate and upgrade ICT risk requirements, enabling financial institutions to withstand and recover from ICT-related disruptions. DORA’s binding nature, applicable to all EU Member States, will significantly strengthen the EU’s cyber resilience.
How easy is it for cybercriminals to get their hands on cracking tools?
Unfortunately, the tools that online criminals use to crack passwords are easily available. If you visit the dark web, you can make a good impression. What are some easily available programs that cybercriminals use on a daily basis?
Ongoing risk assessment
The ongoing risk assessments are part of a broader effort to assess and improve the cybersecurity and resilience of the EU’s communications infrastructure and networks. The Council’s conclusions on the EU’s cyber posture and Cyber Defence Policy emphasise the incorporation of risk assessments into both EU and national measures. These assessments are essential to develop effective risk scenarios and conduct cyber exercises to prepare for potential threats.
A report from Heimdal Security further underscores the urgency of these measures. The report reveals a sharp increase in brute force cyber attacks targeting corporate and institutional networks in the EU, primarily from Russia. These attacks highlight the need for enhanced cybersecurity measures, such as multi-factor authentication and regular security audits, to protect critical infrastructure from such aggressive tactics.
Conclusion
As the EU confronts evolving cyber threats, a comprehensive report on cybersecurity in the telecommunications and power sectors provides a critical roadmap. The recommendations, coupled with the impending implementation of DORA, underscore the EU’s commitment to strengthening cyber resilience. By addressing supply chain vulnerabilities, enhancing situational awareness and improving crisis management, the EU aims to protect critical infrastructure from growing cyber threats.
