Cyber attacks hit ETS scheme

The European Commission has reported widespread cyber attacks on EU Emissions Trading System (EU ETS) registries. Fake emails, it said, asked users to log on to a malicious website and disclose their user ID code and password. The site, it added, appeared to be genuine, using the EC’s own visual identity.

According to the EC, the ’phishing’ attack on the EU ETS registries took place on 28 January. Following alerts by authorities in The Netherlands and Norway, the Commission informed all Member States and asked them to take immediate security measures. However, a “limited number” of fraudulent transactions were said to have been performed at the fake website.

The security of the Community Registry and the Community Independent Transaction Log were not compromised, insisted the Commission, now revising its internet security guidelines. However, the EC said it is supporting member states in their investigations of the fake transactions and has also started immediate investigations of the fake website with a view to closing it down.

The EC said it intends to review the security measures for ETS registries and is preparing revised security guidelines for registries and an action plan aiming at harmonising their approach in case of future such incidents. These measures will be in addition to legislation to improve cyber security standards ahead of the inclusion of the aviation sector in the Community Registry in 2012.