“We’re not saying that the systems are prone to leaks or are insecure, but the security measures in place make them cumbersome to use,” said an EU auditor who worked on the file. “There’s a risk that people try to bypass them, and we want to avoid this risk.”
The Court of Auditors flagged the risks to the EEAS and said the service is working to fix the IT issues.
The EU has long faced challenges in exchanging information, and especially intelligence, often because of a lack of trust between national diplomatic services and a lack of faith in the security measures in place to keep confidential information out of the public eye.
EU institutions have also faced myriad cyberespionage campaigns and cyberattacks in past years, including recent hacking attempts by Russian government-linked groups last year, a breach of its European Medicines Agency during the Covid pandemic, and an eavesdropping campaign by hacking groups affiliated with the Chinese government in 2018. The EU’s diplomatic office in Moscow also suffered a cybersecurity incident in 2017, the bloc acknowledged later.