ATHENS – As hackers – ransomware groups and state-backed too – target governments, state agencies, utilities, schools, hospitals and businesses – Greece is creating a national cybersecurity agency to thwart them.
The New Democracy government is said to be forwarding a measure to Parliament to protect the public sector and private companies in areas including manufacturing, chemical distribution and food products.
The measure was introduced by Digital Governance Minister Dimitris Papastergiou and calls for setting up a National Cybersecurity Authority, which until now was a directorate of the Ministry of Digital Governance.
The upgrade to a full authority comes as hackers around the world have gotten more sophisticated in breaking down defenses and able to glean enough information in some cases to lock computers that can’t be opened unless a ransom is paid.
In the digital age information is a valuable commodity and for individuals who are impacted it can bring hackers access to their bank accounts and credit cards and identity theft.
For governments and businesses, the impact is even greater because hackers can affect or shut down whole systems, including utilities and hospital and government services.
The NIS1 program, as it’s called, has been extended to specific sectors such as transport to project airports as well as banks, other financial institutions and health systems.
A European directive issued NIS2 SSA now is expected to be implemented from October 2024 and Kathimerini said it will cover more than 2,000 organizations including the entire public sector.
That will entail regional governments as well and postal and courier services, waste management, and businesses in vital industries like chemical manufacturing, production and distribution, food production and processing, and the construction sector.
Medium-sized businesses with more than 50 workers and a balance sheet of more than 10 million euros ($10.77 million) are eligible as the new agency will likely be at battle with hackers just as expert in breaking down defenses.
In May, Greece’s Education Ministry was targeted in a cyberattack described as the most extensive in the country’s history, aimed at disabling a centralized high school examination platform.
HOW MUCH IS A VPN?
It said the distributed denial of service, or DDoS, attacks aimed at overwhelming the platform lasted for two days, involved computers from 114 countries, causing outages and delays in high school exams but failing to incapacitate the system, the ministry said.
The cyberattacks prompted a judicial investigation ordered by a Supreme Court prosecutor, to be assisted by the police’s cybercrime division that is facing organized attackers, some said state-backed by China and Russia.
“It is the most significant attack ever carried out against a Greek public or government organization,” the Education Ministry said, describing the incidents as “large-scale and of sustained duration.”
Hellenic Public Properties Co, HPPC, the company managing the real estate assets of the Greek state, suffered DDoS attacks in November which led rival parties to blame the ruling New Democracy government.
Opposition MPs accused the conservative government of treating cyber security “superficially” and demanded a national strategy to deal with the issue, which is now being realized.
“Cyber security is treated by the Greek government and in particular by the Ministry of Digital Governance superficially in terms of communication and as a simple modern technological international trend … The cyber attack on the HPPC calls for a coordinated and unified national cyber security strategy,” said opposition SYRIZA MP George Karameros.
DDoS attacks aim to disrupt the normal traffic of a system and bring it down. In these kinds of attacks, a ransom is usually demanded for its recovery, noted Balkan Insight (BIRN) about the attack in Greece.
The breach in HPPC’s information systems had a limited effect on its operations and the company said there weren’t any data breaches. HPPC said it had informed the Greek Data Protection Authority.
The national natural gas system operator, DESFA, in August said it had suffered a cyber attack. A group of cyber extortionists, Ragnar Locker, in a post, took responsibility for the attack and posted 361 gigabytes of DESFA’s data on the dark web, said BIRN.
In March 2022, hackers brought down Greek Post’s computer systems. On January 17 that year, two hospitals in the Attika region were targeted by cyber attackers who used the same type of ransomware.
Athens is also home to ENISA, the EU’s Cybersecurity agency that has a leading role in trying to help the 27 member states deal with threats and attacks and offer counter measures to deal with them.