Brussels has seen a sharp rise in “more and more dangerous” cyber attacks on EU servers in the past year, as anxiety increases about potential Russian meddling in European politics.
There were 110 separate attempts to hack the European Commission’s servers in 2016, a 20 per cent rise on the year before, according to people close to the situation. Brussels revealed a large-scale cyber attack last November.
The latest revelations add to concern over the possibility that Moscow could interfere in French and German elections in coming months, after US intelligence agencies blamed the Kremlin for hacking Democratic national committee emails ahead of last year’s US presidential election.
Brussels, which holds sensitive data on the EU’s 28 member states as well as the management of the single currency, has stepped up security measures to combat the rising threat. Senior civil servants have been told to use email encryption and the commission is expanding co-operation on cyber security with Nato, which said attacks against it had become “more sophisticated” in the past year.
“It’s clear that many institutions across Europe and more widely, and that includes the European Commission, are subject to a continuously increasing number of cyber attacks from different sources,” Sir Julian King, the EU security commissioner, told the FT. “These threats are persistent, they are aggressive, and more and more dangerous and potentially destructive.”
The most damaging cyber attacks are those that seek to “undermine the trust in our democracies”, he added.
Russia is at the centre of concern in Brussels about cyber security, but the commission declined to comment on the suspected source of attacks. “Different attackers share and use the same tools and methods and hide their identities by using anonymous servers,” a spokeswoman said.
But with Washington reeling over president-elect Donald Trump’s dismissal of intelligence findings that Russia hacked the servers of the Democratic party, diplomats in Brussels said the possibility of Kremlin interference in Europe’s elections was a credible risk.
Angela Merkel, Germany’s chancellor, has warned in recent weeks that internet-based attacks and Russian misinformation campaigns could “play a role” in this year’s election campaign. A senior Brussels diplomat said there were similar concerns in France ahead of the presidential election in the spring.
Jean-Yves Le Drian, the French defence minister, warned on Sunday that April’s presidential election was vulnerable to cyber attacks. He said it would be “naive” to think France, which saw cyber attacks double last year, was immune to the type of hack that had targeted the US election.
An official said 80 per cent of the cyber attacks at the commission last year could be considered “harmful”, but added that systems to protect confidential data had worked. “If the attack had been completed and successful, there could have been harm done to the commission, mainly information exfiltration, or also possible damage to IT systems,” the person said.
The matter has been raised at the highest level within the commission. The official minutes of a meeting in mid-November show that Sir Julian, Britain’s commissioner, urged colleagues “to exercise the utmost vigilance in order to protect the EU institutions against cyber crime and prevent it from interfering in their decision-making processes”.
At this meeting the commission said EU institutions needed to assess the “possible impact on system security of the use of external staff.”
Nato, which dealt with 320 incidents per month in 2015, is also grappling with the problem. In the past year, cyber attacks on the military alliance have become more forceful. “In general terms, there has not been an increase in quantity, but in quality and complexity. The attacks we face are now more sophisticated,” said a Nato official.
US experts are known to have briefed Nato ambassadors in Brussels on the hack of the Democratic National Committee. Last year the EU and Nato struck a deal to boost co-operation against “hybrid” threats such as cyber attacks.
On Friday, a declassified report by the US intelligence community concluded that Russian President Vladimir Putin personally approved cyber attacks aimed at interfering with last year’s presidential election motivated by “a clear preference” for Mr Trump.