European Union: European Union's New Cybersecurity Strategy

1. Background

Cybersecurity is at the forefront of the European Union ("EU")'s efforts to build a resilient, green and digital Europe. In this respect, on December 16, 2020, the European Commission and the High Representative of the Union for Foreign Affairs and Security Policy presented the European Union's new Cybersecurity Strategy for the Digital Decade¹ (the "EU Cybersecurity Strategy").

The EU Cybersecurity Strategy is an ambitious document aimed at ensuring secure and reliable digital tools and connectivity throughout Europe, being part of the broader EU digital strategy that aims to transform Europe in a global leader for digital economy.

We live in a world where vital sectors such as transport, energy and health, telecommunications, finance, security, democratic processes, space and defence rely more and more on increasingly interconnected network and information systems. In the near future, there will be an exponential increase in the number of interconnected devices throughout all the industries.

In order to help reduce the vulnerabilities presented by such interconnected devices, the EU started setting the stage, by creating the conditions for the integration of cybersecurity into all digital investments (particularly when it comes to technologies like Artificial Intelligence, encryption and quantum computing).

2. The structure of the Cybersecurity Strategy

The new EU Cybersecurity Strategy is divided into three parts: (i) resilience, technological sovereignty and leadership, (ii) building operational capacity to prevent, deter and respond and (iii) advancing a global and open cyberspace.

2.1. Resilience, technological sovereignty and leadership

This part of the Cybersecurity Strategy focuses on the EU's critical infrastructure and essential services. In the EU's view both the private and public sectors must be able to have a choice amongst the most secure infrastructures and services.

2.1.1. Reforming NIS Directive

According to the European Commission, the Directive on security of network and information systems ("NIS Directive") is at the core of the Single Market for cybersecurity. However, there is a need to increase the level of cyber resilience of all relevant sectors, including energy, transport, health and the financial sector, that are fundamental for the economy and society. Moreover, reviewing NIS Directive will help reduce the inconsistencies across the internal market, and it will provide specific rules for strategically important sectors, so that to become more cyber resilient.

2.1.2. The role of ISACs, CSIRTs and SOCs

In the race to become more cyber resilient, an important role will be played by the Information Sharing and Analysis Centres ("ISACs"), Computer Security Incident Response Teams ("CSIRTs") and Security Operations Centres ("SOCs"). These centres are set up by the public and private sector to tackle cybersecurity threats, by disseminating relevant information, identifying real-time anomalies or detecting the activity of malicious executables. Taking into account the importance of such centres, the European Commission is willing to spend over EUR 300 million to build a network of SOCs that would create collective knowledge and share best practices on fighting cyber threats.

2.1.3. Securing both the communication infrastructure and the next generation of broadband mobile networks

The Commission plans to work together with Member States to build a secure quantum communication infrastructure ("QCI") for Europe, that will ensure the security of communications of public authorities. The QCI will be composed both of fibre communications networks and of linked satellites covering the EU and EU overseas territories.

In March 2019, the Commission equally started working on 5G technology and the need to have secure next generation of broadband mobile networks, by publishing a Recommendation on the Cybersecurity of 5G networks ("EU Recommendation") In October 2019 this was followed by the EU coordinated risk assessment of the cybersecurity of 5G networks and in January 2020, by the Cybersecurity of 5G networks EU Toolbox of risk mitigating measures ("EU 5G Toolbox"), a common set of measures meant to mitigate the main cybersecurity risks of 5G networks.

Footnote

1 More details can be found here: https://ec.europa.eu/commission/presscorner/detail/en/ip_20_2391 

To view the full article click here

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.