Brussels – “In the present geopolitical context, the Commission is a high-profile target for cyberattacks.” The Executive Vice-President for Technological Sovereignty, Henna Virkkunen, has sounded the alarm: the EU in general, and the European Commission in particular, are at the centre of hacking campaigns by hostile nations. She never mentions Russia directly, but the “present” geopolitical context she refers to points to very specific dynamics. Nor is the finger being pointed at China, another country that the European Commission has already formally included on the list of “enemies,” but there is an issue that needs to be addressed and managed.
The cybersecurity alert is in response to a question tabled by Belgian MEP Barbara Bonte (PvdA/FvD), who is concerned about the cyberattack that took place on 24 March this year against the Europa.eu platform. The attack is said to have resulted in the theft of approximately 92 gigabytes of data, including personal data and email content. For the far-right politician, the incident calls into question the credibility of EU cybersecurity legislation, but for Virkkunen, the issue is quite another and far more serious.
“The incident involving the cloud infrastructure of the Europa.eu platform points to a major and growing risk of software supply-chain attacks”, the Vice-President of the European Commission warns. In short, the EU is being targeted because of its role and the positions it has taken on international policy issues. Furthermore, Virkkunen continues, “their scenarios are increasingly complex and deceptive, as threat actors use more advanced techniques, including artificial intelligence.”
The situation is set to become increasingly delicate and even more difficult to manage. In light of all this, the Commission “i is reinforcing the measures aiming at verification of software origin and authenticity, tighter controls on third-party and open-source components,” i.e., programmes not protected by copyright and freely modifiable by users. Furthermore, Brussels plans “continuous monitoring and defence-in-depth to limit the propagation of attacks.”
English version by the Translation Service of Withub






