The European Union (EU) has proposed the creation of a joint cyber unit to improve the ability to respond to the growing number of cyber attacks in member states. As cyber-attacks grow in number, scale and consequences, with serious implications for EU security, an advanced and coordinated response in the field of cybersecurity becomes increasingly necessary. All relevant actors in the EU need to be ready to respond collectively and exchange relevant information on a ‘need to share’ basis, not just ‘need to know’.

EU to form joint cyber agency to tackle growing cyber attacks

President Ursula von der Leyen announced the joint network agency for the first time in her political guidelines. , contain and respond to large-scale cyber incidents and crises. The cybersecurity community, including civil, law enforcement, diplomatic, and cyber defense communities, as well as private sector partners, often operate alone. Through joint cyber agencies, virtual and physical cooperation platforms will be established: relevant EU agencies and organizations will work with member states to gradually establish a European solidarity and assistance platform in response to large-scale cyber attacks.

The timetable for the establishment of the federation network organization has been clarified

The proposal to create a joint cyber agency is an important step towards improving the European framework for managing the cybersecurity crisis. It is a concrete outcome of the EU Cybersecurity Strategy and the EU Security Alliance Strategy, contributing to the building of a secure digital economy and society.

EU to form joint cyber agency to tackle growing cyber attacks

The unit’s goal is to enable the EU to coordinate responses to large-scale cyber incidents and crises by pooling nation-state resources and improving intelligence sharing among relevant agencies.

To achieve this vision, the European Commission has proposed to develop a physical and virtual platform for the unit. The physical platform will provide “a physical space where cybersecurity experts can come together when needed for joint action, share knowledge and work together.” The virtual platform will be used for “collaboration and security information sharing, leveraging capabilities through monitoring and detection A wealth of information gathered.”

The platforms will be funded primarily through the EU’s Digital Europe initiative as secure communication channels are established and maintained and detection capabilities are improved.

The European Commission proposes that the joint network unit be built in four phases, with a final completion date of June 2023.

Assessment phase (until 31 December 2021) – determine how the unit will be organised and gain an understanding of the EU’s operational capabilities.

Preparedness (by June 30, 2022) – In parallel with the development of the National Incident and Crisis Response Plan, conduct joint preparedness activities to clarify the roles and responsibilities of unit participants.

Operationalizing the joint network unit by mobilizing the EU Rapid Response Team (until 31 December 2022)

Engage private sector partners (by June 2023), especially to increase information sharing with users and providers of cybersecurity solutions and services.

The unit is primarily involved in four categories: Resilience, Law Enforcement, Diplomacy, and Defense.

The proposal comes against the backdrop of a growing number of serious cyber incidents that are affecting critical services in the EU and other parts of the world. Recent examples include a ransomware attack on the Irish health service and the theft of official COVID-19 vaccine data from the European Medicines Agency.

The industry has given positive comments on the move

Security experts were quick to welcome the proposal, but warned that it would require effective cooperation among member states in areas such as intelligence sharing.

Matt Lock, Technical Director at Varonis, commented: “Any new initiative to combat cybercrime is welcome, so the launch of the Joint Cyber ​​Sector is good news and shows that the EU is taking the issue seriously.” “However, organisations should not assume that They can take their eyes off the road. Once a ransomware attack or another breach occurs, it’s usually too late — the damage has already been done.

“Organizations need to take responsibility for their own cybersecurity and lock down their data securely to avoid falling victim to hackers.” Notably, the EU sees this passive force as a ‘advice’ to governments and institutions. “So the launch of this initiative should be a message for every business, big or small. Prepare for the worst and strengthen your defenses because cybercriminals won’t give up.”

Nominet’s government cybersecurity expert Steve? “The new effort includes deploying rapid response teams in the event of an attack, as well as a game-changing platform for EU-wide collaboration, including intelligence, resources and expertise,” said Steve Forbes. is needed to curb the wave of attacks, which will only become more unscrupulous and sophisticated.

“So far, there have been reports that countries are hesitant to relinquish any control over their national security, which is entirely surprising given that cyber is increasingly integrated with traditional defenses such as the Army, Navy and Air Force.” Understandable. However, there is a middle ground where countries can benefit from centralized intelligence, overarching strategies and broad tactics. As the entire EU faces similar threats – especially to critical infrastructure – and often are the same adversary, joining together will enable the EU to make significant changes in cyber defence. “The new cyber unit will set a strong precedent for international cooperation as the core of our future global cyber defence. “

Margaret Vestager, Executive Vice President, Adapting Europe to the Digital Age, said: “Cybersecurity is the cornerstone of a digital and connected Europe. In today’s society, a coordinated approach to threats is critical. Joint cyber units will Contribute to making it happen. Together we can change the world.”

Josep Borrell, EU High Representative for Foreign Affairs and Security Policy, said: “Joint Cyber ​​Units is a very important step for Europe to protect its governments, citizens and businesses from global cyber threats. We are all vulnerable to cyber attacks, so cooperation at all levels is necessary. Crucial. There is no big or small. We need to defend ourselves, but we also need to be a beacon for other nations to promote a global, open, stable and secure cyberspace.”

“The recent ransomware attack should serve as a warning that we must protect ourselves from threats that could undermine our security and the European way of life,” said Margaritis Schinas, vice president of promoting the European way of life. Today , we can no longer distinguish between online and offline threats. We need to focus our efforts on preventing cyber risks and improving our operational capabilities. Building a trusted and secure digital world based on our values ​​requires commitment from all, including law enforcement. “

Internal Market Commissioner Thierry Breton said: “The Joint Cyber ​​Sector is the cornerstone of protecting us from growing and increasingly sophisticated cyber threats. “We have clear milestones and timelines that will allow us to Work with member states to effectively improve crisis management cooperation within the EU, identify threats and respond more quickly. It is the operational arm of the European Cyber ​​Shield. “

Home Office Commissioner Ylva Johansson said: “Countering cyberattacks is a growing challenge. Law enforcement across the EU can best face this new threat by coordinating together. Joint Cyber The Unit will help police officers in Member States share expertise. This will help build law enforcement capacity to combat these attacks.”

The relationship between the joint network agency and ENISA, CERT-EU

According to Politico, the agency is likely to be regulated by the European Union’s Information Security Agency (ENISA) and headquartered in Brussels. Its main responsibilities will be to prepare/test crisis responses, maintain a threat incident reporting mechanism, establish information sharing mechanisms between cybersecurity firms and regulators, and publish Open RAN 5G cybersecurity risk analysis. This task force is very similar to the ransomware task force recently proposed by Washington, but the EU version would coordinate current work among cyber agencies/authorities across the EU.

Considering that the new Joint Cyber ​​Agency also deals with cyberspace security, how does it differ from the other two agencies working in the field of cybersecurity at EU level (ENISA and CERT-EU)? This requires clarifying the roles and responsibilities of ENISA and CERT-EU.

CERT-EU was established on November 11, 2012 by the decision of the European Commission. Its mission is to contribute to the security of the information and communications technology (ICT) infrastructure of all EU institutions, entities and sectors (“components“) by helping to prevent, detect, mitigate and respond to cyber-attacks.

CERT-EU acts as the cybersecurity information exchange and incident response coordinating centre for all EU institutions, entities and sectors. It collects information about threats, vulnerabilities and incidents to alert its members when necessary. Additionally, CERT-EU is responsible for coordinating the response of the entire constituency in the event of a cyber incident. Strengthening the capacity of all EU institutions, ENISA and CERT-EU to respond to cyber threats and vulnerabilities targeting their ICT infrastructure remains a high priority, as functioning ICT networks and systems are critical to their ability to carry out their missions.

The role of ENISA is to support business cooperation between Member States, Alliance agencies, entities, offices and sectors. ENISA’s mission is to ensure an effective framework for cooperation between business actors within the EU in the event of large-scale cross-border cyberattacks and crises. ENISA provides the secretariat for the CSIRT network and supports its work by providing advice. The agency also responds to requests for special assistance from member states and provides information and analysis to support policymakers in ensuring that cybersecurity is integrated into all areas of EU policy. ENISA’s work also entails helping and guiding Member States to implement relevant legislation. It is designed to provide strategic foresight and intelligence against cyber threats. The agency works on situational awareness, sharing information and knowledge with relevant stakeholders, and researching solutions to improve the efficiency of cyber response in key European industries.

The CSIRT network is a network of CSIRTs and CERT-EU designated by EU member states. The European Commission participates in the network as an observer, with Eurostat as the secretariat. The CSIRT network helps develop confidence and trust among member countries and facilitates swift and effective business cooperation.

In February 2021, ENISA and CERT-EU signed a cooperation agreement, allowing ENISA and CERT-EU to explore and exploit synergies. Cooperation shall include activities necessary to assist Member States and EU institutions, entities and sectors in the following areas: capacity building, operational cooperation, knowledge and information.

It is foreseeable that the new joint cyber agency, under the leadership of ENISA, will conduct a comprehensive response to cyber security incidents across the EU. The coordinated response network among the CERT agencies of the member states, which previously used CERT-EU as the center of charge coordination, also faces insufficient capabilities, which also highlights that it is difficult to rely on ENISA and CER-EU alone to deal with the complex and severe situation of current cyber attacks.

The Links:   7MBR30NF060 SKKH75-16E