Cybersecurity and European politics  

Cybersecurity has now become one of the major challenges in Europe. In this article, I will first explain why cybersecurity is so important in geopolitics. Afterwards, I will present the position and actions taken by the European Union in this area. Finally, we will look at what direction it could hang in the future in this matter.

How is cybersecurity a key element in geopolitics?

The applications of cybersecurity in terms of geostrategy have multiplied. Indeed, wars no longer take place only on a battlefield, but also in cyberspace. Nowadays, with a computer one can carry out actions ranging from espionage to the paralysis of state institutions and strategic targets. 

Here are some application examples: first of all the distributed denial of service (DDoS) attack, which involves overwhelming  a computer network with large volumes of data traffic. Another type of attack is the  phishing attack,  which is designed  to paralyse a web network. These attacks can be directed at institutions and companies, but also electrical networks and communication services,  generally driven by  espionage purposes. Additionally,  there are ransomware attacks that, once triggered, block the target’s internet network and demand payment in exchange for restoring access. . Another application, in terms of espionage, is the use of phishing campaigns, which also aims to paralyse an Internet network in order to be able to collect a large amount of data. In this case, this method is specifically aimed at individuals. Finally, there is the so-called wiper attack, which erases a computer’s hard drive and deletes data. The information collected during computer attacks can range from indications on the military capabilities of a country as well as justifications for intervention for other countries. This was particularly the case at the onset  of the war between Russia and Ukraine.

Indeed, Shane Huntley, Director of Google’s Threat Analysis Group, told Euronews that “When we did our analysis, we saw evidence that Russia had access to Ukrainian government sites] for some time. number of months before the invasion. (…) Russia massed troops on the border many months before the invasion. Knowing this, one would expect a state intelligence agency to take the time to gain initial access so they can execute an attack later.” Accordingly, this pushes countries to invest massively in the field of cybersecurity and to create real cyber-armies. However,  the public sector is not the only one to invest in the field, with several private companies also partaking in the  matter, such as Cisco – with its Talos branch – being one of the most important Western companies fighting against cyberattacks.

On a related topic : 5G as the next security challenge for the European Union

Sanctions, Market Growth, and Funding

In May 2019, the EU introduced a sanctions regime specifically designed to address cyberattacks. This legal framework allows the EU to impose sanctions on persons or entities who have carried out cyberattacks or attempts, who provide financial, material or technical support for cyberattacks. These sanctions include travel bans to the EU against the persons and entities concerned and the freezing of their assets. To accompany these various political measures, the EU has also created its own cybersecurity market. Indeed, members of the European Union occupy 18 of the top 20 places in the index of the most developed countries in terms of cybersecurity in the world. The European cybersecurity market has a value of 130 billion euros and is growing by 17% per year. This market is composed of more than 60,000 companies and more than 660 centres of expertise. 

To help develop this market, the European Union funds various research projects such as Horizon Europe, including a budget of 49 million euros to promote innovation in the field of privacy protection systems and cybersecurity. In addition, under the Digital Europe project, a substantial investment of 1.6 billion euros has been earmarked for the period of 2021-2027. This funding is dedicated to enhancing the EU’s response capabilities and facilitating the widespread implementation of infrastructure and cybersecurity measures in the face of eventual cyberattacks. 

On a related topic : EU’s digital transition – What’s in it for women ?

Legislation, Strategies, and Cooperation

As demonstrated, cybersecurity has become an important factor  in geopolitics. Yet, what is the European Union’s position on this issue? First of all, it should be noted that since 2020, the members of the European Union have been called upon to strengthen protection against computer threats and cyber security defences. To do this, the European Commission is therefore seeking to strengthen its legislative arsenal.

The Directive on the Security of Networks and Information Systems, (NIS Directive, 2016), was the first piece of legislation adopted by the EU to improve cooperation between Member States. It has put in place security obligations for operators providing services in the energy, transport, health and finance sectors, and for digital service providers. In December 2020, the European Commission proposed a revised NIS Directive. The new proposal is an updated version of the first one. This new version, accompanied by new legislation, was  adopted in May 2022 which strengthened the risk and incident management as well as cooperation among the Member States.

To accompany these legislative texts, a European cyber defence strategy has been implemented in parallel by the European Commission and the European External Action Service (EEAS), in December 2020, with the objective to strengthen Europe’s resilience to cyber threats and ensure safe internet access for all European users.

Furthermore, on 22 March 2021, the Council of the EU adopted conclusions on the cybersecurity strategy. The objective here is to acquire strategic autonomy, taking different measures in the sector. These measures include the creation of a network of security operations centres  across the EU to anticipate and monitor possible cyber attacks; the creation of a joint cybersecurity unit, which would make it possible to give precise orientations concerning the European framework for the management of cybersecurity crises; the application of an EU 5G toolkit, aimed at rapidly completing the implementation and ensuring the security of these networks; support for the development of strong encryption, which better protects user data; strengthening the diplomatic cyber toolbox, aimed at preventing and countering cyberattacks; the establishment of a working group on cyber intelligence, which will strengthen the specific capacity of the European Union Situation and Intelligence Centre, until now was the only body responsible for solving problems in this area. Strengthening cooperation with international organisations and partner countries in the fight against cyber threats; and finally, the creation of an external cyber capacity building program for the EU.

Another important text, under the framework of cybersecurity in Europe, is the cybersecurity regulation of June 2019. This document set up a certification scheme for computer defence software, at the level of the European Union and the creation of a new mandate aimed at broadening the competences of the European Union Cybersecurity Agency. The EU Agency for cybersecurity will setup and maintain the certification framework by preparing the technical ground and it will be in charge of informing the public on the certification schemes and the issued certificates. Its goals are to increase cooperation between members, helping EU Member States to handle their cybersecurity incidents, and creating coordination of the EU in case of large-scale cross-border cyberattacks and crises.

On a related topic : Le cyberespace : quelle coopération au sein de l’Union Européenne ?

Navigating the new landscape of Cybersecurity in Europe ?

For Europe, cybersecurity is both a major issue in its foreign policy, but also a potential economic opportunity linked to the opening of a whole new market. For the moment, the EU seems to balance its actions between a political pole and an economic pole. However, technologies, especially in terms of cybersecurity, are constantly evolving. It is therefore necessary to constantly renew the legislative tools, economic policy and material in order to remain up to date. Therefore this article will end e with a broader question: Should the EU approach the new challenges of cybersecurity, considering the interplay between political objectives and economic opportunities in Europe’s evolving landscape?

[This article was first published in the issue 38 of the magazine]