The European Union is increasingly cooperating in cyber defense, with a view to strengthen its capacities. But one weak link could bring the entire continent to its knees. The European Council has therefore called for measures to build stronger cybersecurity in the EU, referring in particular to restrictive measures able to respond to and deter cyber attacks.
On November 19, the Council adopted an updated version of the EU cyber defense policy framework. The update allows the EU to take account of the changing security challenges since the initial framework was adopted in 2014. It identifies priority areas for cyber defense and clarifies the roles of those involved.
The update has set several priority areas, such as cyber defense capabilities development, military drills, and enhancement of civil and military cooperation. It also focuses on addressing cybersecurity threats during exercises in order to improve the EU’s ability to react and improve decision making and information sharing in the event of a real attack.
Also on November 19, EU defense ministers adopted a plan providing for the creation of a Joint EU Intelligence School (JEIS). The JEIS, in collaboration with NATO, will provide education and training in intelligence disciplines and other specific fields to EU member states intelligence personnel. The United Kingdom (along with Malta and Denmark) is not expected to be part of the joint project as it continues with its divorce from the EU.
Earlier in November, four European organizations agreed on a cybersecurity roadmap for 2019. Following a meeting at working level, the four Principals of the Memorandum of Understanding (MoU) between Europol, the European Union Agency for Network and Information Security (ENISA), the European Defence Agency (EDA), and the Computer Emergency Response Team for the EU Institutions, Agencies and Bodies (CERT-EU), met at CERT-EU’s premises.
The purpose of the meeting was to update each other on relevant developments and assess the progress made to date under the MoU, which provides a cooperation framework aiming at leveraging synergies between the four organizations to achieve a safe and open cyberspace.
The four partners also agreed on a roadmap prepared by the MoU working group with concrete activities and deliverables throughout 2019. The initial focus will be on working closer in the areas of training and cyber exercises, building cooperation capacity and improving the exchange of information on respective projects and events with a view to complementing the work of the four partners and avoiding the duplication of efforts.
In a separate MoU, Europol has signed an agreement with Diebold Nixdorf to create a safer cyber space for citizens, businesses and governments. Diebold Nixdorf is a global provider of self-service transaction systems such as ATMs and point-of-sale technology for the financial and retail industries.
Sharing knowledge on major cyber threats and attacks and exchanging expertise, best practices, technical information and trends related to organised crime activity related to attacks against self-service ecosystems, are the main activities covered under the MoU.
As the United Kingdom prepares to leave the European Union, it is unclear which, if any of these initiatives, it will be a part of. A British parliamentary committee report says the country faces a growing cyber threat to its critical infrastructure and urged Prime Minister Theresa May to appoint a cybersecurity minister.
The committee, made up of members of parliament and peers, stated “Identifiable political leadership is lacking. There is little evidence to suggest a ‘controlling mind’ at the centre of government, driving change consistently across the many departments and CNI sectors involved.
“We are concerned that the current complex arrangements for ministerial responsibility mean that day-to-day oversight of cross-government efforts is, in reality, led by officials, with ministers only occasionally ‘checking in’.
“This is wholly inadequate to the scale of the task facing the government, and inappropriate in view of the government’s own assessment that major cyber-attacks are a top-tier national security threat.”
The committee did however praise the establishment of the UK National Cyber Security Centre, which recently revealed it has defended the country from an average of more than 10 cyber attacks per week.