The European Commission calls for the creation of national CERT response centers and increased cooperation in the face of growing threats to critical infrastructure
The European Commission urged the member states of the Union on Thursday to intensify their efforts in cybersecurity, warning that cyberattacks have become “more sophisticated” and present an “ever-changing” threat to the security of both public and private critical infrastructure.
This warning comes after a series of serious incidents, including cyberattacks on the French Ministry of Finance ahead of the G-20 summit, a recent attack on the EU’s CO₂ emissions trading system, and one that affected the European Commission itself and the European External Action Service two weeks ago.
“Europeans need and expect secure, resilient, and robust IT networks and services. We have made progress, but we need to do more at both the EU and global level to respond to these threats,” emphasized the Commissioner for the Digital Agenda, Neelie Kroes.
Call for the creation of CERTs in all countries
Although most countries, including Spain, have already established Computer Emergency Response Teams (CERTs), Brussels has urged the remaining ones to do so by 2012 to “reduce the overall vulnerability” to cyberattacks. Among the states that have yet to establish a national CERT are Ireland, Portugal, Poland, Greece, Cyprus, Malta, and Romania, according to Kroes’s spokesperson, Jonathan Todd.
“The cross-border nature of attacks makes all countries vulnerable if one fails. While the creation of CERTs remains voluntary, their absence weakens the entire Union,” Todd noted.
Assessment and plans for 2026
An assessment report presented by the European Commission acknowledges that member states have made “progress” since the approval of the 2009 action plan on cyber defense. However, it warns that “further actions” are necessary to effectively protect critical infrastructure networks.
Among the upcoming measures, Brussels plans to develop a continent-wide contingency plan against cyberattacks by 2026, based on existing national plans. It also advocates for regular cybersecurity drills at both national and community levels.
Currently, only 12 member states have conducted national exercises, aside from the community exercise “Cyber Europe” that took place last year.
International cooperation and security standards
In addition to internal reinforcement, the Commission supports promoting international standards for network security and resilience, as well as establishing cooperation agreements with third countries, such as the United States, in combating cybercrime. Brussels also aims to encourage the adoption of new technologies and regulations that enable the effective implementation of advanced protection systems.
The increasing digitization of essential services and global interconnection make cybersecurity a matter of national and strategic security, in which member states cannot afford delays or coordination gaps.