Explained: The EU’s new cybersecurity strategy

22 Dec 2020

Image: © BillionPhotos.com/Stock.adobe.com

The new strategy put forward by the European Commission promises ‘unprecedented investment’ in Europe’s digital transformation.

In a new cybersecurity strategy launched last week, the European Commission and the High Representative of the Union for Foreign Affairs and Security Policy outlined how EU countries can better defend themselves against cyberattacks.

The actions will help all citizens benefit from “trustworthy and reliable services and digital tools”, it said, referencing the need to protect from cyber threats when it comes to connected devices, hospitals, banks, the electricity grid and more.

The EU cybersecurity strategy

There are three core pillars in the new strategy: resilience, technological sovereignty and leadership; building operational capacity to prevent, deter and respond; and advancing a global and open cyberspace through increased cooperation.

1. Resilience

The first EU-wide law on cybersecurity, the NIS Directive that came into force in 2016, will be updated with more stringent supervision measures, new sanctions and fines, streamlined incident reporting and more.

In addition, a new network of security operations centres will be launched across the EU. These will draw on AI to act as a ‘cybersecurity shield’ for member states by detecting cyberattacks and enabling protective action. There will be more support for SMEs as part of the Digital Innovation Hubs initiative, a greater focus on upskilling workers and more emphasis on attracting and retaining cybersecurity talent.

2. Operational capacity

As well as the network of operations centres, the commission plans to install a joint cyber unit. This will help EU bodies and member state authorities for cybersecurity cooperate more easily.

The High Representative has also proposed strengthening the EU Cyber Diplomacy Toolbox to “prevent, discourage, deter and respond effectively against malicious cyber activities, notably those affecting our critical infrastructure, supply chains, democratic institutions and processes”.

3. Advancing cyberspace

The strategy will aim to work with international bodies, such as the United Nations, to better help cybersecurity efforts globally through an external cyber capacity-building agenda. It will form a global Cyber Diplomacy Network to “promote its vision of cyberspace”.

It also promises “unprecedented investment” in digital transition in the EU over the next seven years. The commission said that through funds such as the Digital Europe Programme and Horizon Europe, its goal is to reach up to €4.5bn of combined investment from the EU, member states and industry. It said it will ensure a “major portion” of this goes to SMEs.

Next steps and next-generation networks

The commission is also encouraging all member states to finalise implementation of the EU 5G Toolbox, which set out a coordinated European approach aimed at mitigating the main cybersecurity risks of 5G networks. It said that while most are already on track, all EU countries should aim for full integration by Q2 2021.

Margrethe Vestager, executive VP for a Europe Fit for the Digital Age, said that Europe is “committed to the digital transformation of our society and economy”.

“So, we need to support it with unprecedented levels of investment. The digital transformation is accelerating but can only succeed if people and businesses can trust that the connected products and services on which they rely are secure.”

High Representative Josep Borrell added: “International security and stability depends more than ever on a global, open, stable and secure cyberspace where the rule of law, human rights, freedoms and democracy are respected.

“With today’s strategy, the EU is stepping up to protect its governments, citizens and businesses from global cyberthreats, and to provide leadership in cyberspace, making sure everybody can reap the benefits of the internet and the use of technologies.”

The commission said the new strategy will be rolled out in the next few months, with regular progress reports to be made available for the European Parliament, the Council of the European Union and other relevant stakeholders.

Lisa Ardill was careers editor at Silicon Republic until June 2021