• Eyal Pinko

Cybersecurity: The EU efforts to face cyber threats

The EU is taking actions to address cyber security challenges.

Critical sectors such as transport, energy, health, and finance have become increasingly dependent on digital technologies to run their core business. However, while digitalization brings enormous opportunities and provides solutions for many of Europe's challenges during the COVID-19 crisis, it also exposes the economy and society to cyber threats.

Cyberattacks and cybercrime are increasing in number and sophistication across Europe. Moreover, this trend is set to grow further in the future, given that 22.3 billion devices worldwide are expected to be linked to the Internet of Things by 2024.

Improved robust cybersecurity response to build open and secure cyberspace can create greater trust among citizens in digital tools and services.

In October 2020, EU leaders called for stepping up the EU's ability to:

  • protect itself against cyber threats

  • provide for a secure communication environment, primarily through quantum encryption

  • ensure access to data for judicial and law enforcement purposes

Promoting cyber resilience

in December 2020, the European Commission, and the European External Action Service (EEAS) presented a new EU cybersecurity strategy.

This strategy aims to strengthen Europe's resilience against cyber threats and ensure that citizens and businesses can benefit fully from trustworthy and reliable services and digital tools. The new strategy contains concrete proposals for deploying regulatory, investment and policy instruments.

The strategy describes how the EU can harness and strengthen all its tools and resources to be technologically sovereign. It also lays out how the EU can step up its cooperation with partners worldwide who share our values of democracy, the rule of law, and human rights.

On 22 March 2021, the Council adopted conclusions on the cybersecurity strategy, underlining that cybersecurity is essential for building a resilient, green, and digital Europe. EU ministers set as a key objective achieving strategic autonomy while preserving an open economy. This includes reinforcing the ability to make autonomous choices in cybersecurity, to strengthen the EU's digital leadership and strategic capacities.

The EU is also working on two legislative proposals to address current and future online and offline risks:

  • an updated directive to better protect network and information systems

  • a new directive on the resilience of critical entities

EU Cybersecurity Act

The EU Cybersecurity Act entered into force in June 2019 and introduced:

  • an EU-wide certification scheme 

  • a new and stronger mandate for the EU Agency for Cybersecurity

The EU-wide cybersecurity certification scheme

Certification plays a critical role in ensuring high cybersecurity standards for ICT products, services, and processes. However, the fact that different EU countries currently use various security certification schemes generates market fragmentation and regulatory barriers.

With the Cybersecurity Act, the EU has introduced a single EU-wide certification framework that will:

  • build trust

  • increase the cybersecurity market's growth

  • ease trade across the EU

The framework will provide a comprehensive set of rules, technical requirements, standards, and procedures.

EU Agency for Cybersecurity

The new EU Agency for Cybersecurity builds on the structures of its predecessor, the European Union Agency for Network and Information Security, but with a strengthened role and a permanent mandate. It has also adopted the same acronym (ENISA).

It supports member states, EU institutions, and other stakeholders in dealing with cyberattacks. 

Network and information systems directive

The directive on the security of network and information systems (NIS) was introduced in 2016 as the first-ever EU-wide legislative measure to increase cooperation between member states on the vital issue of cybersecurity. It laid down security obligations for operators of essential services (in critical sectors such as energy, transport, health, and finance) and digital service providers (online marketplaces, search engines, and cloud services).

In December 2020, the European Commission proposed a revised NIS directive (NIS2). The new proposal responds to the evolving threat landscape and considers the digital transformation of our society, which the COVID-19 crisis has accelerated.

The new rules will:

  • strengthen security obligations for companies

  • address the security of supply chains

  • introduce more stringent supervisory measures for national authorities

  • increase information sharing and cooperation

Fighting cybercrime

Cybercrime takes various forms, and many common crimes are cyber-facilitated. For example, criminals can:

  • gain control over personal devices using malware

  • steal or compromise personal data and intellectual property to commit online fraud

  • use the internet and social media platforms to distribute illegal content

  • use the 'darknet' to sell illicit goods and hacking services

Some forms of cybercrime, such as child sexual exploitation online, cause serious harm to their victims.

A specialized European cybercrime center has been created within Europol to help EU countries investigate online crimes and dismantle criminal networks.

Stepping up cyber defense

Cyberspace is considered the fifth domain of warfare, as critical to military operations as land, sea, air, and space. It is a domain encompassing everything from information and telecommunication networks, infrastructure, and the data they support, to computer systems, processors, and controllers.

The EU cooperates on defense in cyberspace through the European Defence Agency (EDA) activities, collaborating with the EU cybersecurity agency and Europol. The EDA supports member states in building a skilled military cyber-defense workforce and ensures the availability of proactive and reactive cyber-defense technology.

The EU cybersecurity strategy adopted in December 2020 by the Commission and the EEAS reinforces:

  • cyber defense coordination

  • cooperation and building cyber defense capabilities

cybersecurity competence center

In December 2020, the Council and European Parliament reached an informal agreement on the proposal to set up the European Cybersecurity Industrial, Technology and Research Competence Centre, backed by a network of national coordination centers.

The Council adopted the regulation establishing the center and the network in April 2021.

The new center aims to:

  • improve cyber resilience

  • contribute to the deployment of the latest cybersecurity technology

  • support cybersecurity start-ups and SMEs

  • enhance cybersecurity research and innovation

  • contribute to closing the cybersecurity skills gap

EU member states selected Bucharest as the seat of the new center.

8 views0 comments