A new EU cyber defence policy and action plan on military mobility will address deteriorating security following Russia’s aggression against Ukraine and boost capacity to protect citizens and infrastructure, the EU commission says putting forward a communication on cyber defence. At the same time, the European Parliament has approved new legislation with tighter cyber security requirements for businesses, administrations, infrastructure.
“With its new cyber defence policy, the EU will enhance cooperation and investments in cyber defence to better protect, detect, deter, and defend against a growing number of cyber-attacks”, the commission says.
“Cyberspace has no borders. Recent cyber-attacks on energy networks, transport infrastructure and space assets show the risks that they pose to both civilian and military actors. This calls for more action to protect citizens, armed forces, as well as the EU’s civilian and military missions and operations, against cyber threats.”
The commission says that the EU Policy on Cyber Defence aims to boost EU cyber defence capabilities and strengthen coordination and cooperation between the military and civilian cyber communities (civilian, law enforcement, diplomatic and defence).
“It will enhance efficient cyber crisis management within the EU and help reduce our strategic dependencies in critical cyber technologies, while strengthening the European Defence Technological Industrial Base (EDTIB). It will also stimulate training, attracting, and retaining cyber talents and step up cooperation with our partners in the field of cyber defence.”
The commission says it is built around four pillars:
- Act together for a stronger EU cyber defence: The EU will reinforce its coordination mechanisms among national and EU cyber defence players, to increase information exchange and cooperation between military and civilian cybersecurity communities, and further support military CSDP missions and operations.
- Secure the EU defence ecosystem: Even non-critical software components can be used to carry out cyber-attacks on companies or governments, including in the defence sector. This calls for further work on cybersecurity standardisation and certification to secure both military and civilian domains.
- Invest in cyber defence capabilities: Member States need to significantly increase investments in modern military cyber defence capabilities in a collaborative manner, using the cooperation platforms and funding mechanisms available at the EU level, such as PESCO, the European Defence Fund, as well as Horizon Europe and the Digital Europe Programme.
- Partner to address common challenges: Building on existing security and defence as well as cyber dialogues with partner countries, the EU will seek to set up tailored partnerships in the area of cyber defence.
The legislation now approved by the European Parliament, will set tighter cybersecurity obligations for risk management, reporting obligations and information sharing, the parliament says.
“The requirements cover incident response, supply chain security, encryption and vulnerability disclosure, among other provisions.”
“More entities and sectors will have to take measures to protect themselves. “Essential sectors” such as the energy, transport, banking, health, digital infrastructure, public administration and space sectors will be covered by the new security provisions.”