EU’s latest assessment on cybersecurity of communications infrastructure puts forward recommendations to mitigate risks

Today, EU Member States, with the support of the Commission and ENISA, the EU Agency for Cybersecurity, presented a report on the cybersecurity and resilience of the EU communications infrastructures and networks. The report identifies threats to communication networks and infrastructure, which exploit vulnerabilities and can pose significant risks to the security and resilience of connectivity infrastructure. The findings on identified threats include, among others, wipers, which can delete or corrupt data on targeted systems, ransomware attacks, supply chain attack and physical attacks.

Based on these findings and, in addition to the risk scenarios already identified in the EU Coordinated risk assessment of 5G networks, the report develops ten strategic risk scenarios, such as a supply chain attack to gain access to the infrastructure of operators or a coordinated physical sabotage attack on digital infrastructure.

As immediate follow-ups to mitigate these risks, the report puts forward strategic and technical recommendations for Member States, the Commission and ENISA, which should be implemented as soon as possible. These recommendations include cyber exercises, stress testing of critical infrastructure, criticality, resilience and redundancy assessment of core Internet infrastructure, including submarine cables, or exchange of good practices among national authorities about physical attacks on digital infrastructure.

The report is a follow up to the joint call from the informal Council meeting of Telecom Ministers organised in Nevers, France on 9 March 2022. This report also contributes to the workstream under Pillar III – Secure and resilient digital infrastructures for Europe, of the White Paper adopted today on “How to master Europe’s digital infrastructure needs?”.