On Tuesday 18 April, the European Commission will present its strategy to combat cyber attacks (‘Cyber Solidarity Act’). The text is expected to include a range of important measures, including the creation of a ‘cyber shield’.
“Our aim is to create a ‘European cyber shield’ that will allow better detection of attacks upstream”, said Internal Market Commissioner Thierry Breton, who says he wants to reduce the time it takes to detect malware and other attacks.
“We want to reduce this time to a few hours”, he explained on Wednesday 5 April at the International Cyber Security Forum. The average time between an attack and its detection is currently 190 days.
The text should also provide for a role for future Cyber Security Operations Centres (SOCs) in detecting cyber attacks. These operational centres, of which there are five or six across the EU, should form a constellation of infrastructures. The first centres should be operational by 2024 and represent an investment of €1 billion. Two thirds of this amount would come from EU funds.
In addition to these SOCs with artificial intelligence systems and supercomputers, the future Cyber Solidarity Act should also involve the establishment of a ‘cyber reserve’ “consisting of several thousand people”, said Mr Breton.
This reserve would be made up of experts from the public and private sectors and would be mobilised on a voluntary basis in the event of an emergency. Some of these experts could be drawn from the ranks of the future ‘Cyber Skill Academy’, which Thierry Breton has announced.
Solutions to increase cooperation between Member States should also be included in the text to reduce the risk of cyber attacks and improve the resilience of important EU infrastructure, such as hospitals, power plants or digital networks. This cooperation would be based, in part, on the exchange of information.
The text, which will be presented by the Commission on 18 April, will complete the EU’s legislative arsenal, which already includes several important cybersecurity dossiers. Last September, the European Commission presented its proposal to increase the security level of all connected objects (see EUROPE 13122/16). Among other things, it will increase the liability of manufacturers and suppliers of connected objects and improve reporting of vulnerabilities and other problems.
By November 2022, the EU Council had formally adopted one of the major pillars of the fight against cyber threats, the revised ‘NIS 2’ Directive (see EUROPE 13072/30), which aims at a common high level of cyber security across the EU. The provisions of the NIS 2 Directive will have to be implemented by the Member States by 18 October 2024. (Original version in French by Thomas Mangin)