Enhancing European cyber resilience and cyber responsiveness — a view from Slovenian Presidency of the Council of the EU
/ By Dr Uroš Svete, Acting Director, Government Information Security Office, Republic of Slovenia
This article was originally published as part of the 2021 edition of Bled Strategic Times, the official gazette of the Bled Strategic Forum (BSF) international conference. You can access the full version of this and other BSF publications by visiting our official website.
Marked by the Covid-19 pandemic, the Slovenian Presidency of the Council of the European Union (EU) is focusing on improving the EU’s resilience and ability to respond to crises, among them also large-scale cyber-attacks. Enhanced digitalisation is also increasing the importance of cybersecurity. Our critical infrastructures, ranging from health, water, transport, energy, telecommunications, finance, democratic processes, to space and defence, are more and more digitalised and interconnected. With this, the impact of malicious cyber activities can be far more significant than ever before. In recent years, we have seen disturbing developments in the cyber threat landscape. Cyber threat actors, state and non-state actors, including state-sponsored, are becoming more sophisticated in their actions and more persistent in their efforts. Cyberspace has become an area of strategic competition and geopolitical tensions, including increased attempts to control and exploit new technologies, as well as threats to global, open, free, safe and secure Internet, rule of law, fundamental rights and freedoms, and democracy.
In cybersecurity cooperation is vital. The EU Member States bear the main responsibility for national security. At the same time, there is also a high level of understanding that we are stronger together. The EU offers the Member States a unique structured environment for cooperation and coordination, which is needed to enhance European cyber resilience and the ability to respond to large-scale cyber incidents and crises. In recent years, the EU has already achieved substantial progress in this regard, including following the adoption of the Directive concerning measures for a high common level of security of network and information systems across the Union (NIS directive), Cyber Security Act, Cyber Diplomacy Toolbox, European Cyber Defence Policy Framework as well as efforts in the field of tackling cybercrime. Moreover, based on national risk assessments, the EU and its Member States adopted a coordinated approach to 5G security with the adoption and implementation of 5G Toolbox. European strategic autonomy, the EU’s ambition to lead in the development of secure technologies across the whole supply chain, ensuring stronger resilience and strong innovation, industrial and technological capacities served also as a guiding force in the recent adoption of the Regulation to establish the European Cybersecurity Competence Centre and the Network of National Coordination Centres. Future investments shall focus on key technologies, such as artificial intelligence, quantum computers and microprocessors.
Slovenia attaches special importance to the EU and Western Balkans partnerships — a priority region for cyber capacity building in the 2020 EU Cybersecurity Strategy.
EU legislative and policy initiatives have thus far led to the development of national cybersecurity frameworks and the establishment of more structured cooperation among the Member States in responding to cyber incidents. Examples of such cooperation include also NIS Cooperation Group, Cyber Crises Liaison Organisation Network (CyCLONe) and CSIRT Network. However, to be able to better respond the cyber threats and challenges and to promote greater harmonisation and a more consistent approach within the internal market, we have to do more. During Slovenian Presidency the main focus is therefore on the revision of the NIS directive — a set of rules on cybersecurity across the Union aimed at further increasing the level of cybersecurity across all relevant sectors that perform essential and important functions for the economy and society.
Moreover, the Presidency is focused also on promoting the completion of the European cyber crisis management framework to ensure timely and coordinated response to large-scale cyber incidents and crises. It is important to have clear roles and responsibilities, rules and procedures, and to ensure better information sharing and collective situational awareness. In this light, the Council is currently examining Commission’s Recommendation on building a Joint Cyber Unit. It is important that the next steps build on the existing achievements and frameworks already available in the Member States for a collective response to large scale cyber incidents and crises, as well as on existing mandates and competencies of Member States, EU institutions, bodies and agencies, while also being ambitious to increase coordination and cooperation at the EU level. Bringing closer together the existing communities, i.e. civilian, law enforcement, diplomacy and defence is an important, as well as a highly challenging undertaking. It has to be done in a careful manner to be able to preserve and strengthen the necessary trust. In addition, further integration of cybersecurity crisis management into overall crisis management, including the integrated political crisis response (IPCR) is needed.
This work is complementary to the efforts aimed at strengthening the resilience and security of EU institutions, bodies and agencies — especially to the future Commission proposal for a regulation on common binding rules on cybersecurity of EU institutions, bodies and agencies.
The EU does not work in isolation. The importance of partnerships, with third countries, international organisations, especially NATO, as well as with the multi-stakeholder community is at the top of the European agenda for keeping cyberspace global, open, stable and secure. The EU has developed a clear and strong voice in the field of cyber diplomacy. It became an invaluable promotor of international norms and rules of responsible behaviour in cyberspace, which is of significant importance in light of the growing attempts to undermine and alter the existing international law, norms and rules. The Presidency is strongly supporting the ongoing efforts of close coordination among the Member States, as well as with the like-minded partners and the multi-stakeholder community for the ongoing UN processes, as well as for other fora, such as the International Telecommunications Union (ITU). Strong European cyber diplomacy reinforces European digital sovereignty.
Partnerships are also a lot about cyber capacity building. Slovenia attaches special importance to the EU and Western Balkans partnerships — a priority region for cyber capacity building in the 2020 EU Cybersecurity Strategy. The Presidency is encouraging the EU to foster a more action-oriented and more strategic approach towards the Western Balkans. Bringing the region closer to the European cyber ecosystem is also an element of building trust and a secure environment for digital transformation. It is also a contribution to European cyber resilience and global stability in cyberspace.
Work in the area of cyber does not stop with the areas named so far. Important efforts are devoted also to the improvement of capacities of law enforcement to investigate cybercrime, with a particular focus on combating child sexual abuse online, as well as to advancements in cyber defence capabilities. The EU is in the process of the review of the Cyber Defence Policy Framework, which feeds also in the work of the Strategic Compass, as well as in the process of setting up the military vision and strategy for cyberspace as a domain of operations. The Presidency is supporting also the initiative led by the European Defence Agency (EDA) on setting up the Military CERT-Network, another piece of the cyber crisis management puzzle that was missing so far.
To conclude, cybersecurity (encompassing not only internal elements of cyber security but also cybercrime, diplomacy and defence) is not a standalone or a technical issue. It is a horizontal matter that requires a truly comprehensive and well-coordinated approach of several national and international stakeholders. The EU can contribute to building bridges among different communities with the aim of working closely together for a stronger and more resilient Europe in an ever changing security environment.
*Daniel S. Hamilton and Joseph P. Quinlan, “Transatlantic Economy 2021,” Foreign Policy Institute, Johns Hopkins University SAIS/ Woodrow Wilson Center, 2021, p. 46. https://www.wilsoncenter. org/sites/default/files/media/uploads/documents/TransatlanticEconomy2021_FullReportHR.pdf