EU Council adopts conclusions on cyber defense policy, emphasis now on enhancing resilience to cyberthreats

EU Council adopts conclusions on cyber defense policy, emphasis now on enhancing resilience to cyberthreats

The Council of the EU (European Union) announced that it approved conclusions on cyber defense stressing the need for the EU and its member states to further strengthen their resilience to face cyber threats and increase its common cyber security and cyber defense against malicious behavior and acts of aggression in cyberspace. The action comes as risks for EU security and defense increase at a time of growing geopolitical tensions and dependence on digital technologies.

The agency called upon the EU and member states to act together for a stronger cyber defense, secure the EU defense ecosystem, invest in interoperable cyber defense capabilities, and ​​partner to address common challenges. 

“Today’s conclusions welcome the Joint Communication of the European Commission and the High Representative on the EU Policy on Cyber Defence of November 2022, and emphasise the importance to substantially invest, both individually and collaboratively, in enhanced resilience and the deployment of full-spectrum defensive cyber defence capabilities,” the Council said in a Tuesday statement. “EU cooperation frameworks and financial incentives can be of key importance in this perspective.”

In line with the Strategic Compass, the conclusions invite member states and other relevant actors to act together for a stronger cyber defense, by strengthening cooperation and coordination within and of the EU, between military and civilian cyber communities, and between public and trusted private ecosystems. The Council welcomes the proposal for an EU Cyber Defence Coordination Centre to enhance coordination and situational awareness of in particular commanders of EU missions and operations and strengthen the wider EU command and control architecture.

The Council encourages member states to secure the EU defense ecosystem by further developing their capabilities to conduct cyber defense operations, including when appropriate proactive defensive measures to protect, detect, defend, and deter cyberattacks. The EU and its member states should reduce their strategic dependencies across their capabilities and supply chains, apart from developing and mastering cyber defense technologies. This includes strengthening the European defense technological and industrial base.

Furthermore, the Council urges member states to invest in interoperable cyber defense capabilities, including through the development of a set of voluntary commitments for the further development of national cyber defense capabilities, and making the best use of collaborative research opportunities at the EU level. The Council also recognizes the direct benefit of collaborative projects at the EU level to support the development of national cyber defense capabilities. Moreover, the Council invites member states to address the significant cybersecurity skills gap, leveraging the synergies between military, civilian, and law enforcement initiatives.

Lastly, the Council underlines the key importance of partnering to address common challenges. It calls on the High Representative and the Commission to explore mutually beneficial and tailored partnerships on cyber defense policies, including on cyber defense capacity building through the European Peace Facility (EPF). To this end, cyber defense should be added as an item to the EU’s dialogues and consultations on cyber and to the overall security and defense consultations with partners.

The war in Ukraine has provided a new strategic context and confirmed the need for the EU, its member states, and their partners to further strengthen the EU resilience to face cyber threats and increase our common cyber security and cyber defense against malicious behavior and acts of aggression in cyberspace, the Council of the EU said in its ‘Outcome of Proceedings’ document. 

“The Joint Communication on the EU Policy on Cyber Defence signals our determination to provide immediate and long-term measures to ensure freedom of actions in cyberspace and responses to threat actors seeking, amongst others, to intrude, disrupt or destroy network and information systems of the EU and its partners,” according to the document. “Complementing the EU’s Cybersecurity Strategy and in line with the Strategic Compass, this Joint Communication represents a significant step towards the EU’s full-spectrum approach to resilience, response, conflict prevention, cooperation, and stability in cyberspace.”

The Council emphasizes the need for further strengthening actions by Member States and EU institutions, bodies and agencies (EUIBAs) to protect the Union, its citizens, EUIBAs, and Common Security and Defence Policy (CSDP) missions and operations in cyberspace. It furthermore underlines the importance of EU resilience in cyberspace by developing cyber defense capabilities and enhancing cooperation with a trusted private ecosystem. 

The Council takes note of the European Commission’s cyber situation and analysis center which aims to enhance the Commission’s situational awareness. The Council emphasizes the importance of establishing mutually beneficial cooperation between this center and other EUIBAs, in particular ENISA and CERT-EU. 

The Council also underlines the importance of ensuring close cooperation with EU cooperation networks when developing situational awareness and respecting confidentiality. The Council notes the need for strengthening the common situational awareness at the EU level and further developing the EU cybersecurity crisis management framework while avoiding any unnecessary duplication of efforts.

The agency recalls that cyber education, training, and exercises are essential to ensure preparedness and effectiveness and welcomes national activities as well as those provided by the EU through the European Security and Defence College (ESDC), EDA, ENISA, and ongoing PESCO projects, such as the Cyber Ranges Federations and the EU Cyber Academia and Innovation Hub (CAIH). 

The Council also notes the proposal for a Cyber Solidarity Act and the intention to enhance capabilities to detect and respond to cybersecurity threats and incidents in the EU. It also took into account the Commission’s proposal to set up a Cyber Emergency Mechanism, which could support the availability of cybersecurity services from trusted private providers to upon request assist member states in case of large-scale cybersecurity incidents, while underlining the need to scale up a European cybersecurity industry with the support of the ECCC as an essential pillar for this mechanism to be operational.

“Building on the Council Conclusions on the EU Policy on Cyber Defence, the Council calls upon the High Representative and the Commission to develop for approval by Member States an implementation plan by the second quarter of 2023 for the Policy,” the document said. “The Council also invites Member States to voluntarily state their ambition and actions with regards to cyber defence in the context of the EU Policy on Cyber Defence and make full use of non-legally binding voluntary recommendations and commitments to step up their national and multinational cyber defence efforts aiming to maximize the impact at the EU level.” 

It also added that the High Representative, the Commission, and member states are invited to report and discuss yearly the progress of implementing the elements of the Joint Communication and its implementation plan starting by the second quarter of 2024.

The EU has rolled out two fundamental directives that work towards augmenting the durability of physical and digital infrastructure against potential cybersecurity threats, risks, and attacks across critical infrastructures that include power grids, the transport network, and information and communication systems. These directives cover the NIS 2 Directive which includes measures for a high common level of cybersecurity across the EU; and the resilience of critical entities (CER) directive that works to widen their scope across critical sectors and bring about more unified cybersecurity rules in the region.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related