mixmagic - stock.adobe.com

EU security strategy a ‘step up’ on cyber leadership, says Brussels

The EU’s new cyber security strategy forms a key component of Shaping Europe’s Digital Future, the Recovery Plan for Europe, and the EU Security Union Strategy

The European Union (EU) has published details of its new EU Cybersecurity Strategy, intended to bolster Europe’s collective resilience against cyber threats and ensure citizens and businesses can benefit from trustworthy and reliable digital services. The bloc hopes the move will enable it to step up its leadership on international cyber security norms and standards, and strengthen international collaboration.

Presented jointly by the European Commission (EC) and the high representative of the Union for Foreign Affairs and Security, the strategy will form a key component of Shaping Europe’s Digital Future, the Recovery Plan for Europe, and the EU Security Union Strategy.

“International security and stability depends more than ever on a global, open, stable and secure cyber space where the rule of law, human rights, freedoms and democracy are respected,” said high representative Josep Borrell.

“With today’s strategy, the EU is stepping up to protect its governments, citizens and businesses from global cyber threats, and to provide leadership in cyber space, making sure everybody can reap the benefits of the internet and the use of technologies.”

Margrethe Vestager, executive vice-president for a Europe Fit for the Digital Age, added: “Europe is committed to the digital transformation of our society and economy, so we need to support it with unprecedented levels of investment. The digital transformation is accelerating, but can only succeed if people and businesses can trust that the connected products and services – on which they rely – are secure.”

The strategy’s core aim is to safeguard a global, open internet while offering protections to ensure security and protect collective European values and rights. To this end, it contains a number of proposals for regulatory, investment and policy initiatives in three action areas.

The first action area, “Resilience, technological sovereignty and leadership”, covers new proposals to reform network and information systems security rules to increase resilience for critical national infrastructure (CNI). The EC is also planning to launch a network of security operations centres (SOCs) across the EU, “powered by AI”, which it believes will form a cyber security early warning shield. Further measures will offer support to SMEs, alongside security upskilling and recruitment programmes.

The second action area, “Building operational capacity to prevent, deter and respond”, covers the creation of a new Joint Cyber Unit to strengthen security cooperation between EU bodies and member state authorities with responsibility for cyber security. This includes new proposals to strengthen the EU Cyber Diplomacy Toolbox to “prevent, discourage, deter and respond” against malicious activities. The EU will also aim to enhance defence cooperation and develop new cyber defence capabilities.

The third action area, “Advancing a global and open cyber space through increased cooperation”, will see the bloc step up work with international partners to strengthen the rules-based global order, promote security and stability in cyber space, and protect human rights and freedoms online.

The strategy will be backed by up to €4.5bn of combined investment from the EU, its member states and the private sector. The EU hopes to begin implementing the strategy in the next few months, subject to agreement on various proposals.

Read more about cyber security policy

  • Government outlines the UK’s strategic cyber security policies for the coming 12 months, with critical national infrastructure a clear priority.
  • Think tank report urges adoption of new policies in the next version of the UK’s National Cyber Security Strategy.
  • CyberUp, a group of campaigners who want to reform the Computer Misuse Act, finds 80% of security professionals are concerned that they may be prosecuted just for doing their jobs.

Read more on Regulatory compliance and standard requirements

Data Center
Data Management