The European Commission recently released its new Cybersecurity Strategy (EUCSS) attempting to strengthen resilience against major security breaches and state backed cyber-attacks.
The COVID-19 pandemic accelerated digitalisation across various sectors in the EU at an unprecedented scale, but increased digitalisation also entails increased vulnerability to cyber-attacks and other malicious online activities. As Commission President Ursula von der Leyen already outlined in 2019: “cyber security and digitalisation are two sides of the same coin. This is why cyber security is a top priority.”
The new EU Cybersecurity Strategy (EUCSS) tries to tackle these evolving threats and proposes a number of new initiatives to foster resilience and situational awareness of cyberthreats. The strategy identifies three dimensions of EU action and provides concrete proposals for regulatory, investment, and policy initiatives to safeguard a global and open internet and to protect European values.
The first dimension aims at improving resilience, technological sovereignty, and leadership across European private and national institutions. Two legislative proposals that were published together with the EUCSS lie at the heart of the attempt to promote greater resilience of the single market for cybersecurity: the Directive on measures for high common level of cybersecurity across the Union (NIS2) and the Critical Entities Resilience Directive (CER) (European Commission, 2020b). Furthermore, the Commission promotes the establishment of a “European Cyber Shield” that would allow for an increased degree of information exchange between stakeholders and will provide timely warnings on cybersecurity incidents to detect potential threats before they can cause damage (European Commission, 2020a).
The second pillar of the EUCSS focuses on building the operational capacity to prevent, deter and respond to cyber incidents. One of the major focal points to increase the operational capacity is to establish a Joint Cyber Unit (JCU) to speed up information sharing between different cybersecurity communities in the EU. The JCU is an important step forward in completing the European cybersecurity crisis management framework.
Cybersecurity company Nominet has welcomed the JCU plans. Steve Forbes, Government Cyber Security Expert at Nominet says: “It’s very welcome news that the European Commission is intending to announce plans for a Joint Cyber Unit. The new effort includes rapid response teams ready to be deployed in the instance of an attack, as well as a game-changing platform for collaboration across the European Union, including intelligence, resources and expertise. This is exactly what’s needed to stem the tide against attacks that are only becoming more brazen and sophisticated.
“Until now it has been reported that countries were hesitant to give away any control of their national security and that is completely understandable when you consider that cyber is increasingly being seen alongside traditional methods of defence such as the army, navy and air force. There is a middle ground, however, where countries can benefit from centralised intelligence, overarching strategies and broad reaching tactics. With similar threats faced across the European Union – particularly against critical infrastructure – often with the same adversaries, pulling together will allow the bloc to make step changes in its cyber defence.
“The new cyber unit will set a powerful precedent for international collaboration as central to our future global cyber defence.”
Advancing a global and open cyberspace through increased cooperation is the third dimension of EU action. The Commission is especially emphasising the need to strengthen the rule-based international order by utilising the EU’s international influence to promote European values across the globe and to ensure that the coming digital age bears a European signature.