First ever case of cyber cooperation at EU level

As of Friday 12 May 2017, multiple variants of a ransomware named WannaCry have been spreading globally, affecting hundreds of thousands of users, organizations, including users in the European Union. It is understood that the cyber attack is focussed on Microsoft Windows based operating systems.

Udo HELMBRECHT, Executive Director of ENISA, said “as the European Cybersecurity Agency, we are closely monitoring the situation and working around the clock with our stakeholders to ensure the security of European citizens and businesses, and the stability of the Digital Single Market. We are reporting on the evolution of the attacks to the European Commission and liaising with our partners in the European Union CSIRT Network”.

ENISA and several European Member States are currently working together to assess the situation at European level.  A dedicated taskforce has been set up at ENISA to support what is the first ever case of cyber cooperation at EU level in that the EU Standard Operating Procedures, developed by ENISA and the Member States, are currently being used to this end.

What makes this event unusual is that this attack impacted many organisations across the world in short period of time. Recent estimates, at this point in time, suggest that approximately 190,000 computers in over 150 countries have been affected. European Critical infrastructure operators (health, energy, transport, finance and telecoms), manufacturers and service providers have been affected.

This malware also affected computers used for dedicated tasks such as robotics, information display systems or medical scanners. A number of car manufacturing plants in the UK, France, Romania and Slovenia have already indicated that their production lines are affected by this malware.

The ransomware prevents access by encrypting multiple common file types such as documents, images and videos, asks for a ransom and distributes automatically. The key characteristic of this attack is a fast propagation leveraging a known critical vulnerability affecting Microsoft Windows systems, exploited by the ransomware without user interaction.

ENISA understands that at this point in time users who are using the latest version of the windows operating system and have their software up to date are not affected by this attack.

Users affected by ransomware are generally presented with a message on the screen indicating that their computer systems and or files have been blocked and that the files will be unblocked if a ransom is paid.

Payment is often requested to be made using bitcoin as an attempt to effect a money transfer in an anonymous way.

This type of cyber-attack does not generally involve the stealing of personal data.

The compromise can be displayed in a number of ways including

  • Not being able to access your files
  • Access to certain operational programs being blocked

Analysis of the malware by ENISA, indicates that different encryption keys are generated for different files. In this regard the malware is relatively sophisticated. ENISA’s experts continue to analyse the ransomware to advise Member States in order to raise awareness of this particular case.

Ransomware attacks are generally successful when an internet user opens an email with an attachment containing malware. Other methods involve a web users visiting a compromised web site where activating a link on the web site can result in malware being downloaded onto the user’s computer.

In this particular case the infection vector involves targeting vulnerable computers with identified open ports. No action was required by the user to become infected.

ENISA recommendations

If your systems have not been hit by the ransomware, you are recommended to apply the following actions as soon as possible:

  • Back-up your files
  • Patch your system with the latest Microsoft’s patch
  • Update your Antivirus to the latest version
  • Consider adding a rule on your router or firewall to block incoming traffic to ports that are not necessary.

As with all types of security there is no guarantee and users are recommended to follow best practice to minimise the risk of attack.

Users are advised that payment of the ransom does not guarantee that the user will receive the code to decrypt their files or that their computers will be restored to its proper function. Affected users are advised to seek expert assistance and to contact law enforcement personnel to report the crime.

For more information:

Check out ENISA’s technical note: WannaCry Ransomware Outburst

Acquired Rights of EU Citizens in the UK and British Citizens living in the EU-27

A new study commissioned by the European Union’s Policy Department for Citizens’ Rights and Constitutional Affairs examines the relevance of the legal concept of “acquired rights” in the context of the loss of EU citizenship rights by EU-27 Citizens in the UK as well as UK citizens in the EU-27.

“It is quite plausible that many of these citizens, and others with expectations of rights, are not simply going to settle for the sudden loss of the status of European citizen and, consequently, of the rights to move, reside, work with rights, set up companies, provide services, have access to health and social services, etc. In the absence of a reasonable agreement between the United Kingdom and the Union, we can expect the level of litigation to be high.”

(The Impact and Consequences of Brexit on Acquired Rights of EU Citizens Living in the UK and British Citizens living in the EU-27, p.53)

Timetable leading up to the General Election

  • 3 May at 00:01 – Parliament will be dissolved; any business such as open petitions will be closed prematurely.
  • 4 May at 22:00 – Voting for Kent County Council closes.
  • 11 May at 16:00 – Deadline for nomination as a candidate.
  • 22 May – Last chance to register to vote. You may register on-line by using https://www.gov.uk/register-to-vote – this applies to people resident abroad as well. Special conditions apply to Crown Servants, British Council Employees, the Armed Services, Northern Ireland and Welsh speakers; but all may be accessed from this page.
  • 8 June – General Election. All votes, including postal votes must be received by 22:00.

The full timetable as supplied by the Electoral Commission is here:-

Event Working days before poll (deadline if not midnight) Date (deadline if not midnight)
Dissolution of Parliament 25 days Wednesday 3 May
Receipt of writ 24 days Thursday 4 May
Publication of notice of election Not later than 22 days (4pm) Not later than 4pm on Monday 8 May
Delivery of nomination papers From the day after the publication of the notice of election until the sixth day after the date of dissolution Between 10am and 4pm on any working day after publication of notice of election until 4pm on Thursday 11 May
Deadline for delivery of nomination papers 19 days (4pm) 4pm on Thursday 11 May
Deadline for withdrawals of nomination 19 days (4pm) 4pm on Thursday 11 May
Making objections to nomination papers

 

(except for objections on the grounds that an individual candidate may be disqualified under the Representation of the People Act 1981 – see Commission guidance)

On 19 days (10am to 5pm), subject to the following:

 

Between 10 am – 12 noon objections can be made to all delivered nominations

 

Between 12 noon and 5pm objections can only be made to nominations delivered after 4pm, 20 days before the poll

 

 

 

 

Between 10am and 12 noon on Thursday 11 May objections can be made to all delivered nominations

 

Between 12 noon and 5pm on Thursday 11 May objections can only be made to nominations delivered after 4pm on Wednesday 10 May

Deadline for the notification of appointment of election agent 19 days (4pm) 4pm on Thursday 11 May
Publication of statement of persons nominated, including notice of poll and situation of polling stations If no objections: on 19 days (at 5pm)

 

If objection(s) are made: Not before objection(s) are disposed of but not later than 18 days (4pm)

If no objections: at 5pm on Thursday 11 May

 

Objection(s) made: not before objection(s) are disposed of but not later than 4pm on Friday 12 May

Publication of first interim election notice of alteration On 19 days

 

Thursday 11 May
Deadline for receiving applications for registration 12 days Monday 22 May
Deadline for receiving new postal vote and postal proxy applications, and for changes to existing postal or proxy votes 11 days (5pm) 5pm on Tuesday 23 May
Deadline for receiving new applications to vote by proxy (not postal proxy or emergency proxies) 6 days (5pm) 5pm on Wednesday 31 May
Publication of second interim election notice of alteration Between 18 days and 6 days Between Friday 12 May and Wednesday 31 May (inclusive)
Publication of final election notice of alteration 5 days Thursday 1 June
Deadline for notification of appointment  of polling and counting agents 5 days Thursday 1 June
First date that electors can apply for a replacement for lost postal votes 4 days Friday 2 June
Deadline for notification of appointment of sub agents 2 days Tuesday 6 June
Polling day

 

0 (7am to 10pm) 7am to 10pm on Thursday 8 June
Last time for re-issue of spoilt or lost postal votes 0 (5pm) 5pm on Thursday 8 June
Deadline for emergency proxy applications 0 (5pm) 5pm on Thursday 8 June
Last time to alter the register due to clerical error or court appeal 0 (9pm) 9pm on Thursday 8 June
After the declaration of result
Event Deadline Date
Delivery of return as to election expenses Within 35 calendar days after the date the election result is declared If result declared on Thursday 8 June: by Thursday 13 July

 

If result declared on Friday 9 June: by Friday 14 July

Deadline for sending postal vote identifier rejection notices Within the period of three months beginning with the date of the poll By Thursday 7 September 2017
Deadline for spending returns of political parties and non party campaigners who spend less than £250,000 Within three months of the election 8 September 2017
Deadline for spending returns of political parties and non party campaigners who spend more than £250,000 Within six months of the election 8 December 2017

The Challenges for the Great Repeal Bill – New Commons Briefing Paper

Disentangling the UK from over 40 years EU legislation is a huge task that will take years to complete. To overcome this problem, the government is drafting the “Great Repeal Bill”, which will try to simply convert EU laws into domestic legislation, before asking parliament to repeal the 1972 European Communities Act.

Simple as it sounds, there are some tricky legal issues that need to be taken into account. These are descried in a new briefing paper for the House of Commons, a summary of which can be found on the parliament website, as well as a link to the full report (pdf file).

Summary: http://researchbriefings.parliament.uk/ResearchBriefing/Summary/CBP-7793

 

New EU AFCO Study: Brexit and the European Union

A very insightful new study about Brexit written for the EU Constitutional Affairs Committee has just been published, providing what appears to be the most comprehensive analysis of legal steps for the Brexit process and options for the UK’s future with the EU so far.
http://www.europarl.europa.eu/RegData/etudes/STUD/2017/571404/IPOL_STU(2017)571404_EN.pdf

 

Trade under WTO Rules – What does it mean?

What are the implications of “trade under WTO rules” if the UK leaves the single market?

The parliamentary International Trade Committee has been interviewing subject specialists to provide insights into the legal and political dimensions of trading under WTO rules only.

This session on Parliament TV has particular emphasis on technical issues such as non-tariff barriers to trade agricultural trade, the legality of establishing a new farm subsidy system outside the CAP, and the practical difficulties of extracting the UK share from the EU in the WTO quota system.

PARLIAMENT TV: International Trade Committee – WTO Rules and UK Agriculture (excerpt)