Brussels — Six million computers worldwide have already been taken over by remote viruses, and social networks such as Facebook put an ever-increasing number of people at risk from data theft, the heads of the EU’s web-security agency warned on Tuesday.
The internet was "born free," but that makes it "good for the good guys and the bad guys: security is a race between the two," Andrea Pirotti, head of the Crete-based European Network and Information Security Agency (ENISA), told Deutsche Presse-Agentur.
According to ENISA, which was set up in 2004 to provide EU member states with expert advice on internet-security issues, the volume of spam emails hitting European computers has gone up by 10 per cent in the last year, and now costs internet service providers some 64.5 billion euros (102 billion dollars) a year – double the sum in 2005.
Social networking danger
The massive popularity of social networks such as Facebook, meanwhile, has made users increasingly vulnerable to data theft.
"Users should be more aware of the fact that they don’t really control who has access to their profiles," Dr Ronald de Bruin, head of ENISA’s cooperation and support department, said.
Clients who pay to use the services on such sites can be given a certain number of existing users as "friends" and access their pictures and profiles without those users’ knowledge, he explained.
And the overwhelming shift by governments, banks and businesses to web-based work leaves them potentially vulnerable to coordinated attacks, which could have a catastrophic impact on everything from energy transmission to basic communications.
"We must avoid a digital 9/11 … Imagine what could happen in a broad-scale attack on the European economy," Pirotti said.
Task force
ENISA’s response has been to advise and help EU member states in setting up their own Computer Emergency Response Teams (CERTs) – groups of experts trained in identifying and neutralizing web-based attacks, and often referred to as "digital fire brigades."
When ENISA was founded, only nine European governments – Britain, France, Germany, the Netherlands, Hungary, Norway, Sweden, Finland and Denmark – had their own CERTs.
By 2008, and thanks in part to the agency’s combination of technical advice and expert contacts in other member states, Italy, Austria, Spain and the Baltic states had set up their own government CERTs.
A further 10 EU members are set to open theirs in the next 18 months, and cooperation between states is improving steadily, ENISA’s experts say.
For example, France is helping Luxembourg to set up a CERT, in return for help organizing public-awareness campaigns, de Bruin said.
But there is "clearly a margin for improvement" in the way EU member states share their information, he added.
Indeed, one of ENISA’s goals is to devise at least five different models by which EU member states can work together on internet security. Another is for the centre to become the "point of reference" on web security for at least 15 EU states, de Bruin said.