The European Commission and the High Representative of the Union proposed, on Thursday 10 November, to strengthen European cyber defence by increasing cooperation and investment to “better protect, detect, deter and defend”.
In her 2021 State of the Union address, the Commission President called for the development of a European cyber defence policy, an ambition taken up in the ‘Strategic Compass’.
The joint Communication of the Commission and the High Representative thus aims to boost the EU’s cyber defence capabilities and to strengthen coordination and cooperation between the military and civilian cyber communities.
“We propose to increase cooperation on three main fronts. Cooperation between Member States’ military, cooperation between civil and military, and cooperation between private and public sectors”, said Executive Vice-President Margrethe Vestager to the media.
The new EU policy is built around four pillars: joint action for a stronger EU cyber defence, securing the EU defence ecosystem, investing in cyber defence capabilities and working with partners to address common challenges.
In order to enhance common situational awareness and coordination within the defence community, the Commission and the High Representative propose, inter alia, the creation of an EU Cyber Defence Coordination Centre (EUCDCC). “It would act as a central node to collect, analyse and distribute cyber defence information”, said the High Representative, Josep Borrell.
The Communication also proposes the establishment of an operational network for military Computer Emergency Response Teams (milCERTs) called MICNET and managed by the European Defence Agency. “MICNET should serve as a framework and infrastructure for information sharing between the different levels of the cyber defence community and external stakeholders”, the document said.
The need to strengthen the EU’s common detection, situational awareness and response capabilities through the EU’s civilian infrastructure of Security Operations Centres (SOCs) is highlighted as well.
The Commission will also prepare actions to strengthen preparedness and response measures across the EU. This would include testing potential vulnerabilities of critical entities operating critical infrastructure and conducting incident response actions.
In addition, the High Representative is committed to assisting Member States in developing non-legally binding recommendations for the defence community, inspired by the Directive on measures to ensure a common high level of cybersecurity in the Union (NIS2). Defence is excluded from the scope of the Directive.
According to Commissioner Thierry Breton, the EU wants to reduce technological and capability dependencies in cyberspace by working with Member States and industry on a European technology roadmap for cyberspace to develop the necessary European alternatives.
Furthermore, the Communication highlights the need to fill the gaps in the cyber defence workforce. “We need to train, educate and exercise the people who will be working on these new battlefields”, Mr Borrell said. For example, the Commission intends to launch an initiative for a Cyber Skills Academy and the further development of the European Security and Defence College’s cyber education, training, exercise and assessment platform is envisaged.
The EU also calls on Member States to “significantly” increase investment in modern military cyber defence capabilities in a collaborative manner, using cooperation platforms and funding mechanisms available at EU level, such as the Permanent Structured Cooperation or the European Defence Fund. The European Peace Facility could be used even more to help partner countries strengthen their fight against cyber attacks.
Finally, the Commission and the High Representative call in particular for enhanced cooperation between the EU and NATO in the field of cyber defence training, education, situational awareness and exercises.
See the communication: https://aeur.eu/f/40g
NATO calls for increased efforts
The same day, in a speech to the NATO Cyber Defence Pledge conference in Italy, NATO Secretary General Jens Stoltenberg called on Allies to do even more to protect cyberspace.
“The threat from cyberspace is real and growing”, he said, calling on the Allies “to recommit to cyber defence with more investment, more expertise and enhanced cooperation”.
Mr Stoltenberg recalled that NATO was working closely with the European Union on cyber issues. “Our cyber defenders share information on cyber threats and take part in each other’s exercises, including NATO’s Cyber Coalition”, he said. The next Cyber Coalition exercise, which will bring together over 40 allies and partners, will be held in Estonia at the end of November. (Original version in French by Camille-Cerise Gessant)