European Union to set up new cyber response unit

The European Commission (EC) has set out plans to establish a new Joint Cyber Unit to respond to a high and growing number of cyber incidents affecting public services, private organisations and citizens, across the 27 European Union (EU) member states.

Reflecting a growing trend for government-led responses to cyber security incidents, the EC said that all EU states needed to be ready to respond collectively and exchange information more proactively.

Announced by EC president Ursula von der Leyen, the Joint Cyber Unit will bring together resources and expertise available to the bloc to prevent, deter and respond to large-scale cyber incidents, establishing new guidelines and best practice for collaboration between civilian law enforcement, diplomatic and cyber defence communities, as well as the private sector. It will bring a “virtual and physical platform of cooperation to build progressively a European platform for solidarity and assistance to counter large-scale cyber attacks”.

Besides contributing operational resources for mutual assistance, sharing best practice and threat intelligence, member states will also work at an operational and technical level to deliver a pan-EU Cybersecurity Incident and Crisis Response Plan, establish and mobilise rapid reaction teams, facilitate new protocols for mutual assistance, and establish national and cross-border monitoring and detection capabilities and security operations centres (SOCs).

“The Joint Cyber Unit is a very important step for Europe to protect its governments, citizens and businesses from global cyber threats,” said Josep Borrell, high representative of the EU on foreign affairs and security policy.

“When it comes to cyber attacks, we are all vulnerable and that is why cooperation at all levels is crucial. There is no big or small. We need to defend ourselves, but we also need to serve as a beacon for others in promoting a global, open, stable and secure cyber space.”

Margaritis Schinas, vice-president for promoting the European way of life, added: “The recent ransomware attacks should serve as a warning that we must protect ourselves against threats that could undermine our security and our European way of life.

“Today, we can no longer distinguish between online and offline threats. We need to pool all our resources to defeat cyber risks and enhance our operational capacity. Building a trusted and secure digital world, based on our values, requires commitment from all, including law enforcement.”

The EC said the standing up of the Unit would be an important step towards completing a European crisis management framework for cyber, and a concrete deliverable of the EU Cybersecurity Strategy and Security Union Strategy – as part of progress towards which the Commission has also delivered a number of other reports this week on the implementation of various frameworks pertaining to security, alongside a final decision on establishing the EU Agency for Cybersecurity (Enisa) in Brussels.

The plan is to move the Joint Cyber Unit to the operational phase by the end of June 2022, and to have it fully established one year from then. Enisa will serve as secretariat for the preparatory phase. Funding will be provided through the EC’s Digital Europe Programme, while additional contributions may be drawn from the European Defence Fund.

Assessing the proposals, Steve Forbes, government cyber security expert at Nominet, said the plans were very welcome news. “The new effort includes rapid response teams ready to be deployed in the instance of an attack, as well as a game-changing platform for collaboration across the European Union, including intelligence, resources and expertise,” he said. “This is exactly what is needed to stem the tide against attacks that are only becoming more brazen and sophisticated.

“Until now, it has been reported that countries were hesitant to give away any control of their national security and that is completely understandable when you consider that cyber is increasingly being seen alongside traditional methods of defence, such as the army, navy and air force. There is a middle ground, however, where countries can benefit from centralised intelligence, overarching strategies and broad-reaching tactics.

“With similar threats faced across the EU – particularly against critical infrastructure – often with the same adversaries, pulling together will allow the bloc to make step changes in its cyber defence.”

Forbes added: “The new cyber unit will set a powerful precedent for international collaboration as central to our future global cyber defence.”

ImmuniWeb’s Ilia Kolochenko, who is also a member of Europol’s data protection experts network, said that given international collaboration was needed to bring surging cyber crime to heel, the EU’s proposal looked very promising. But the plans may yet need to be beefed up, he added.

“We should bear in mind that coordinated defence, response and eventual prosecution of cyber crime is virtually impossible without cohesive global cooperation,” said Kolochenko. “The EU countries may face the well-known challenges of foreign jurisdictions that continually refuse to extradite their citizens charged with cyber crime abroad.

“Moreover, modern nation-state hacking groups increasingly frame up some of their rivals, for example neighbouring countries, by hacking their infrastructure and then proxying their attacks through the breached systems. 

“Eventually, even the best forensic investigation will be misled and likely misattribute the attack. This uncertainty undermines cyber self-defence, as you risk counterattacking an innocent party, provoking further escalation and violating international law. Therefore, I think, the best way to protect EU countries from digital threats is to invest in national cyber resilience capacities, promote cyber security awareness among organisations of all sizes, and implement mandatory cyber education in schools and universities.”