Critical sectors such as transport, energy, health and finance have become increasingly dependent on digital technologies to run their core business. While digitalisation brings enormous opportunities and provides solutions for many of the challenges Europe is facing, not least during the COVID-19 crisis, it also exposes the economy and society to cyber threats.
Cyberattacks and cybercrime are increasing in number and sophistication across Europe. This trend is set to grow further in the future, given that 41 billion devices worldwide are expected to be linked to the Internet of Things by 2025.
A stronger cybersecurity response to build an open and secure cyberspace can create greater trust among citizens in digital tools and services.
In October 2020, EU leaders called for stepping up the EU’s ability to:protect itself against cyber threats provide for a secure communication environment, especially through quantum encryption ensure access to data for judicial and law enforcement purposes
EU cybersecurity strategy
In December 2020, the European Commission and the European External Action Service (EEAS) presented a new EU cybersecurity strategy. The aim of this strategy is to strengthen Europe’s resilience against cyber threats and ensure that all citizens and businesses can fully benefit from trustworthy and reliable services and digital tools. The new strategy contains concrete proposals for deploying regulatory, investment and policy instruments.
On 22 March 2021, the Council adopted conclusions on the cybersecurity strategy, underlining that cybersecurity is essential for building a resilient, green and digital Europe. EU ministers set as a key objective achieving strategic autonomy while preserving an open economy. This includes reinforcing the ability to make autonomous choices in the area of cybersecurity, with the aim to strengthen the EU's digital leadership and strategic capacities.Council adopts conclusions on the EU's cybersecurity strategy (press release, 22 March 2021) The EU is also working on two legislative proposals to address current and future online and offline risks:an updated directive to better protect network and information systems
What is cybersecurity?
Cybersecurity includes the activities necessary to protect network and information systems, the users of such systems, and other persons affected by cyber threats.
(EU Cybersecurity Act)
EU Cybersecurity Act
The EU Cybersecurity Act entered into force in June 2019 and introduced:an EU-wide certification scheme
EU-wide cybersecurity certification scheme
Certification plays a critical role in ensuring high cybersecurity standards for ICT products, services and processes. The fact that different security certification schemes are currently used by different EU countries generates market fragmentation and regulatory barriers.
With the Cybersecurity Act, the EU has introduced a single EU-wide certification framework that will:build trust
increase the cybersecurity market's growth
ease trade across the EU
The EU cybersecurity marketEuropean countries occupy 18 of the top 20 places in the global cybersecurity index
The value of the EU cybersecurity market is estimated at more than €130 billion and it is growing at a rate of 17% a year
The EU has more than 60 000 cybersecurity companies and more than 660 centres of cybersecurity expertise
EU Agency for Cybersecurity
The new EU Agency for Cybersecurity builds on the structures of its predecessor, the European Union Agency for Network and Information Security, but with a strengthened role and a permanent mandate. It has also adopted the same acronym (ENISA).
Network and information systems directive
The directive on the security of network and information systems (NIS) was introduced in 2016 as the first ever EU-wide legislative measure with the purpose of increasing cooperation between member states on the vital issue of cybersecurity. It laid down security obligations for operators of essential services (in critical sectors such as energy, transport, health and finance) and for digital service providers (online marketplaces, search engines and cloud services).
In December 2020, the European Commission proposed a revised NIS directive (NIS2) to replace the 2016 directive. The new proposal responds to the evolving threat landscape and takes into account the digital transformation, which has been accelerated by the COVID-19 crisis.
The Council and the European Parliament reached a provisional agreement on the new measures in May 2022. The new legislation will: ensure stronger risk and incident management and cooperation
Your life online: how is the EU making it easier and safer for you?
The EU is actively working on improving the digital environment for the benefit of all Europeans. Our digital life needs to be safe, easy and respectful of basic freedoms.
Read our feature story to discover how the EU protects users online, ensures cybersecurity and facilitates the exchange of information between EU member states' e-justice systems.Check out our feature story
EU fight against cybercrime
Cybercrime takes various forms and many common crimes are cyber-facilitated. For example, criminals can:gain control over personal devices using malware
steal or compromise personal data and intellectual property to commit online fraud
use internet and social media platforms to distribute illegal content
use the 'darknet' to sell illicit goods and hacking services
Some forms of cybercrime, such as child sexual exploitation online, cause serious harm to their victims.
€5.5 trillion
global annual cost of cybercrime
A specialised European cybercrime centre has been created within Europol to help EU countries investigate online crimes and dismantle criminal networks. European cybercrime centre (Europol)
The European multidisciplinary platform against criminal threats (EMPACT) is a security initiative driven by member states to identify, prioritise and address threats posed by organised international crime. Countering cyberattacks is one one of its priorities.The EU's fight against organised crime (background information) Tackling non-cash payment fraud
Fraud and counterfeiting involving non-cash means of payment pose a serious threat to the EU’s security and provide a significant income for organised crime. Moreover, this kind of fraud affects the trust of consumers in the security of digital technologies.
Improving the safety of children online
In May 2022, the European Commission proposed a new legislation to tackle online child sexual abuse and exploitation. The new rules are currently being discussed at the Council.
In the meantime, the EU has adopted temporary rules, as a derogation to articles 5(1) and 6(1) of the ePrivacy directive, to allow providers of web-based email and messaging services to continue detecting child sexual abuse online.
Justice and law enforcement
EU rules and policies also tackle other justice and law enforcement aspects of the fight against cybercrime and crime in general, such as access to e-evidence, encryption and data retention.
Access to e-evidence
Criminals exploit digital technology to commit offences and to hide illicit activities. Law enforcement and judicial authorities therefore rely more and more on electronic evidence, such as texts, e-mails or messaging apps, for their criminal investigations and prosecutions.
To further facilitate cross-border access to e-evidence for criminal proceedings, the EU:is negotiating an agreement with the US – the country where most service providers are located
Encryption
The EU is striving to establish an active discussion with the technology industry to strike the right balance between ensuring the continued use of strong encryption technology and guaranteeing the powers of law enforcement and the judiciary to operate on the same terms as in the offline world.
Data retention
To fight crime effectively today, it is important that service providers retain certain data that can be disclosed under certain strict conditions for the purpose of fighting crime. However, data retention can infringe individual fundamental rights, in particular the rights to privacy and to protection of personal data.
The Council adopted conclusions with regard to the retention of electronic communication data for the purpose of fighting crime. The Council tasked the Commission with gathering further information and organising targeted consultations as part of a comprehensive study on possible solutions for retaining data, including the consideration of a future legislative initiative.Data retention to fight crime: Council adopts conclusions (press release, 6 June 2019) Boosting cyber diplomacy
The European Union and its member states strongly promote an open, free, stable and secure cyberspace where human rights, fundamental freedoms and the rule of law are fully respected for the social stability, economic growth, prosperity and integrity of free and democratic societies.
The EU invests much effort in protecting itself against cyber threats coming from third countries, especially through a joint diplomatic response called the ‘cyber diplomacy toolbox’. This response includes diplomatic cooperation and dialogue, preventative measures against cyberattacks, and sanctions.
The EU cybersecurity strategy adopted by the European Commission and EEAS in December 2020 reinforces the EU’s diplomatic response to cyberattacks.
Sanctions against cyberattacks
In May 2019, the Council established a framework which allows the EU to impose targeted sanctions to deter and respond to cyberattacks which constitute an external threat to the EU or its member states.
More specifically, this framework allows the EU for the first time to impose sanctions on persons or entities that are responsible for cyberattacks or attempted cyberattacks, who provide financial, technical or material support for such attacks or who are involved in other ways. Sanctions may also be imposed on other persons or entities associated with them.
Restrictive measures include:a ban on persons travelling to the EU
an asset freeze on persons and entities
Cooperation on cyber defence
Cyberspace is considered as the fifth domain of warfare, as critical to military operations as land, sea, air, and space. It is a domain encompassing everything from information and telecommunication networks, infrastructure, and the data they support, to computer systems, processors and controllers.
The EU cooperates on defence in cyberspace through the activities of the European Defence Agency (EDA), in collaboration with the EU cybersecurity agency and Europol. The EDA supports member states in building a skilled military cyber-defence workforce and ensures the availability of proactive and reactive cyber-defence technology.
The EU cybersecurity strategy adopted in December 2020 by the Commission and the EEAS reinforces:cyber defence coordination
cooperation and building cyber defence capabilities
Funding and research
Recovery plan
Horizon Europe
Reaching innovative solutions that can protect us against the latest, most advanced cyber threats is crucial. For this reason, cybersecurity is an important part of the EU research and innovation funding framework programmes Horizon 2020 and its successor Horizon Europe. In May 2020, the EU committed €49 million to boost innovation in cybersecurity and privacy systems.Horizon Europe (European Commission) Digital Europe
Cybersecurity competence centre
In December 2020, the Council and European Parliament reached an informal agreement on the proposal to set up the European Cybersecurity Industrial, Technology and Research Competence Centre, backed by a network of national coordination centres.
The new centre aims to:further improve cyber resilience
contribute to the deployment of the latest cybersecurity technology
support cybersecurity start-ups and SMEs
enhance cybersecurity research and innovation
contribute to closing the cybersecurity skills gap
Cybersecurity of critical infrastructure
Secure connected devices
Connected devices, including machines, sensors and networks that make up the Internet of Things (IoT), will play a key role in further shaping Europe’s digital future, and so will their security.
In December 2020, the Council adopted conclusions acknowledging the increased use of consumer products and industrial devices connected to the internet and the related new risks for privacy, information security and cybersecurity. The conclusions set out priorities to address this crucial issue and to boost the global competitiveness of the EU’s IoT industry by ensuring the highest standards of resilience, safety and security.Cybersecurity of connected devices – Council adopts conclusions (press release, 2 December 2020) Protecting 5G networks
5G networks are crucial not only for digital communication but also for critical sectors such as energy, transport, banking, and health. Ensuring that 5G networks are resilient is therefore essential to our society.
With worldwide 5G revenues estimated at €225 billion in 2025, 5G is a key asset for Europe to compete in the global market and its cybersecurity is crucial for ensuring the strategic autonomy of the Union.
No comments:
Post a Comment