On Wednesday 23 June, the European Commission presented its plan for the creation of the Joint Cyber Unit. This is intended to strengthen cooperation between Member States in order to respond to the large-scale attacks and incidents in this area, which have increased in recent months.
“The new big threat is in cyber security. A threat to our lives, our societies, our economies. Together we must ensure cyber security, including on the international scene. We need to act now”, European Commission Vice-President Margarítis Schinás told a press conference.
The new ‘Joint Cyber Unit’ will take the form of a virtual and physical platform that should be used to implement the EU’s cybersecurity incident and crisis response plan, based on the national plans proposed in the revised NIS Directive (see EUROPE 12624/1). Teams of experts capable of reacting quickly - physically or otherwise - to incidents should also be set up.
The new Unit also foresees the production of reports on the state of cyber security in the EU and the creation of inventories of available operational and technical capabilities.
The operational launch is expected to take 12 to 18 months, according to Commissioner for the Internal Market Thierry Breton, who expects a fully established Joint Cyber Unit by June 2023.
“We need this platform. We will decide on the protocols, and how to react in case of attacks. We were already doing it, but in a disorganised way. We need to harmonise what already exists, including at the level of Member States’ expectations”, said Mr Breton.
756 incidents in 2020
The European Union Agency for Cybersecurity (ENISA) (see EUROPE 12723/26) - which the Commission gave its consent on Wednesday 23 June to establish a local office in Brussels - will be responsible for the secretariat of the preparatory phase of the Unit. It will be located near the offices of the ‘Computer Emergency Response Team’ which responds to computer emergencies for the EU institutions, bodies and agencies.
The European Commission will provide the necessary investment for the creation of the Unit. Most of this will come from the ‘Digital Europe Programme’. Additional contributions, the Commission says, could come from the European Defence Fund, with the aim of developing Member States’ cyber defence capabilities.
“I have a message for the co-legislators: don't lower our sights on this issue”, Breton insisted, saying that while the European Parliament supports the momentum of this project, divisions could arise - in the name of national sovereignty of Member States - in the EU Council.
In 2020, 756 cybersecurity incidents were reported, an increase of 75% compared to 2018.
See the Commission’s recommendation: https://bit.ly/3gMSaIL (Original version in French by Thomas Mangin)