On 25 April 2019, the NATO Communications and Information (NCI) Agency and the Computer Emergency Response Team for the European Union’s institutions, bodies and agencies (CERT-EU) held a workshop on “Cyber Threat Vector Analysis” ahead of the European Parliament elections in May 2019. The NCI Agency, CERT-EU and industry experts discussed measures to counteract potential threats to devices and systems related to the 2019 European elections. During the workshop, attendees identified techniques such as spear phishing and Distributed Denial-of-Service (DDoS) attacks as potential threats to watch out for. In a typical DDoS attack, a bad actor disrupts a server’s normal traffic by overloading it with internet traffic from compromised systems, like computers or other connected devices. Attendees also discussed the issue of disinformation. The workshop highlighted the need to continue to focus on training and educating users, in areas such as guarding against social engineering attacks, like phishing. Government actors and their industry partners must also continue to collaborate and share threat information. Ian West, Cyber Security Chief of NCI, said: As Secretary General Jens Stoltenberg has said, NATO must act as a hub for cyber information sharing, training and expertise. Through our agreement with CERT-EU the NCI Agency’s NATO Computer Incident Response Capability (NCIRC) can further this aim by convening its industry partners to discuss potential threats, suggest measures to counteract them and explore ways to disseminate such information. Though Nations are primarily responsible for securing election systems, NATO stands ready to support with information about the threat landscape, as well as processes and techniques we use to secure high-profile events. Saâd Kadhi, Head of CERT-EU, said: The European Union and NATO both face an ever-shifting, complex cyber threat landscape. Leveraging their 2016 Technical Agreement, CERT-EU and NCIRC have worked increasingly closely to tackle the challenges they mutually face in cyberspace. The exchange of best practices, sharing of information and frequent bilateral meetings are key to strengthening our strategic partnership. This joint workshop comes at an important time, a month ahead of the European elections, and is an excellent example of the growing engagement and concrete cooperation between our cyber defence teams. About the NCI Agency and CERT-EU partnership The NATO Computer Incident Response Capability (NCIRC) and the Computer Emergency Response Team of the European Union (CERT-EU) signed a technical arrangement on 10 February 2016. The NCI Agency and CERT-EU have established a robust partnership based on thorough cyber defence information sharing to improve incident prevention, prediction, detection and response. The NCI Agency is responsible for defending NATO networks 24/7. The NATO Computer Incident Response Capability (NCIRC) Technical Centre, part of the Agency, provides specialist services to prevent, detect, respond to and recover from cyber security incidents. CERT-EU supports the various IT security teams in EU institutions, bodies and agencies in defending against cyber threats. It also acts as a coordination hub for EU institutions on cyber-security information exchange and incident response. For more information: www.ncia.nato.int www.cert.europa.eu https://www.nato.int/cps/en/natohq/news_127836.htm https://eeas.europa.eu/headquarters/headquarters-homepage/5254/eu-and-nato-increase-information-sharing-cyber-incidents_en Details Publication date6 May 2019AuthorDirectorate-General for Digital ServicesLocationBrussels
