The EU Commission proposed on Wednesday a Joint Cyber Unit to step up response to large-scale security incidents, taking a cue from countries like the U.S and Australia that are quickly responding with regulation to a rash of hacker attacks, including on waterworks and other utilities.
The European agency said it will focus on tackling the rising number of serious cyber incidents impacting public services, businesses and citizens across the European Union. The Joint Cyber Unit platform aims to strengthen cooperation among EU institutions, agencies, bodies and the authorities in the member states. For instance, civilian communities, law-enforcement, diplomatic and cyber defense ones, to prevent, deter and respond to cyberattacks.
The Joint Cyber Unit will coordinate responses to cybersecurity incidents, which have become increasingly necessary, as cyberattacks grow in number, scale and consequences. It will also work at an operational and technical level to deliver the EU Cybersecurity Incident and Crisis Response Plan, based on national plans, in addition to setting up and mobilizing the EU Cybersecurity Rapid Reaction Teams.
The Joint Cyber Unit aims at bringing together resources and expertise available to the EU and its member states “to effectively prevent, deter and respond to mass cyber incidents and crises,” according to an EU press statement. The unit will also facilitate the adoption of protocols for mutual assistance among participants, while establishing national and cross-border monitoring and detection capabilities, including security operation centers (SOCs).
Jonathan Terra, a Prague-based political scientist and former US diplomat, cautioned in a Balkan Insight post that being very public about ramping up and coordinating one’s ability to respond may, paradoxically, provoke more attacks than otherwise might have happened.
“Hackers, especially those doing covert state work, will attempt to defeat any new measures to show that they can act at will,” Terra said. “Then as the cooperative ‘EU cyber-response’ mechanism goes into action, and damage assessment takes place, it will become clear that the key to dealing with this threat is to have a strong deterrent, which the EU doesn’t really have as an independent unitary actor,” he added.
“Cybersecurity is a cornerstone of a digital and connected Europe. And in today’s society, responding to threats in a coordinated manner is paramount,” Margrethe Vestager, executive vice president for a Europe Fit for the Digital Age, said in the statement. “The Joint Cyber Unit will contribute to that goal. Together we can really make a difference.”
As cybersecurity communities, including civilian, law enforcement, diplomatic and cyber defense communities and private sector partners operate separately, the Joint Cyber Unit will have a virtual and physical platform of cooperation that works progressively towards a European platform for solidarity and assistance to counter large-scale cyberattacks.
For the blueprint of the Joint Cyber Unit, the EU Commission relied on its coordinated response document to large-scale cybersecurity incidents and crises that the agency released in September 2017.
The EU Commission aims to assess the organizational aspects and identify EU operational capabilities by the end of this year. By the end of June 2022, It will prepare national incident and crisis response plans and roll out joint preparedness activities. Based on the results of the assessments carried out by the participants of the JCU, the Commission and the High Representative will draw up a report on the roles and responsibilities of participants within the Joint Cyber Unit, to be transmitted to the Council of the European Union for endorsement.
By the end of next year, the Commission hopes to operationalize the Joint Cyber Unit by mobilizing EU Rapid Reaction teams, along the lines of procedures defined in the EU Incident and Crisis Response Plan. Finally, by June 2023, the agency will involve private sector partners, users and providers of cybersecurity solutions and services, to increase information sharing and to be able to escalate EU coordinated response to cyber threats.
The European Union Agency for Cybersecurity, ENISA, will serve as the secretariat for the preparatory phase and the Unit will operate close to their Brussels offices and the office of CERT-EU, the Computer Emergency Response Team for the EU institutions, bodies and agencies.
The investments necessary for setting up the Joint Cyber Unit, will be provided by the Commission, primarily through the Digital Europe Programme. Funds will serve to build the physical and virtual platform, establish and maintain secure communication channels, as well as improve detection capabilities. Additional contributions, especially to develop Member States’ cyber-defense capabilities, may come from the European Defence Fund.
The EU’s effort comes at a time when governments around the world are reacting to cybersecurity incidents that threaten national security and critical infrastructure. The U.S. has in recent weeks released a security directive for the pipeline owners and operators to comply with following the ransomware attack on Colonial Pipeline.
The Cybersecurity and Infrastructure Security Agency also released guidelines for critical infrastructure owners and operators to review their operational technology (OT) assets and control systems, in direct response to the recent increase in ransomware attacks.
Earlier this month, a memo was sent out to corporate executives and business leaders, stating that tackling cybersecurity incidents was a ‘top priority’ for the U.S. administration, as the number and size of ransomware incidents have increased significantly.
The Australian government last month increased emphasis on protecting critical infrastructure from cyberattacks with its ‘Security Legislation Amendment (Critical Infrastructure) Bill 2020,’ which amends existing legislation to enhance the existing framework for managing risks relating to critical infrastructure by introducing additional positive security obligations for critical infrastructure assets, including a risk management program, to be delivered through sector-specific requirements and mandatory cyber incident reporting.
The legislation also seeks to enhance cybersecurity obligations for assets of national significance, using government assistance to relevant entities for critical infrastructure sector assets in response to significant cyber attacks.
“The Department of Home Affairs will work in partnership with critical infrastructure operators to develop requirements that strike a balance between uplifting security and ensuring businesses remain viable and their services remain sustainable, accessible and affordable,” according to a statement released by the Australian Government’s Department of Home Affairs.