Today, the Commission and the High Representative put forward a Joint Communication on an EU Cyber Defence policy and an Action Plan on Military Mobility 2.0 to address the deteriorating security environment following Russia's aggression against Ukraine and to boost the EU's capacity to protect its citizens and infrastructure.
With its new cyber defence policy, the EU will enhance cooperation and investments in cyber defence to better protect, detect, deter, and defend against a growing number of cyber-attacks.
Cyberspace has no borders. Recent cyber-attacks on energy networks, transport infrastructure and space assets show the risks that they pose to both civilian and military actors. This calls for more action to protect citizens, armed forces, as well as the EU's civilian and military missions and operations, against cyber threats.
The EU Policy on Cyber Defence aims to boost EU cyber defence capabilities and strengthen coordination and cooperation between the military and civilian cyber communities (civilian, law enforcement, diplomatic and defence). It will enhance efficient cyber crisis management within the EU and help reduce our strategic dependencies in critical cyber technologies, while strengthening the European Defence Technological Industrial Base (EDTIB). It will also stimulate training, attracting, and retaining cyber talents and step up cooperation with our partners in the field of cyber defence.
The EU Policy on Cyber Defence is built around four pillars that cover a wide range of initiatives that will help the EU and Member States:
- Act together for a stronger EU cyber defence: The EU will reinforce its coordination mechanisms among national and EU cyber defence players, to increase information exchange and cooperation between military and civilian cybersecurity communities, and further support military CSDP missions and operations.
- Secure the EU defence ecosystem: Even non-critical software components can be used to carry out cyber-attacks on companies or governments, including in the defence sector. This calls for further work on cybersecurity standardisation and certification to secure both military and civilian domains.
- Invest in cyber defence capabilities: Member States need to significantly increase investments in modern military cyber defence capabilities in a collaborative manner, using the cooperation platforms and funding mechanisms available at the EU level, such as PESCO, the European Defence Fund, as well as Horizon Europe and the Digital Europe Programme.
- Partner to address common challenges: Building on existing security and defence as well as cyber dialogues with partner countries, the EU will seek to set up tailored partnerships in the area of cyber defence.
The Commission and the High Representative, including in his capacity as Head of the European Defence Agency (EDA), will present an annual report to the Council of the EU to monitor and assess the progress of the implementation of the actions in the Joint Communication on the EU Policy on Cyber Defence. Member States are encouraged to contribute with their inputs on the progress of the implementation measures taking place in national or in cooperation formats. An implementation plan could be set up in cooperation with Member States.
Members of the College said:
Executive Vice-President for a Europe Fit for the Digital Age, Margrethe Vestager, said: "The EU Policy on Cyber Defence shows that by bringing our civilian and military instruments together we can make a stronger impact against cyber threats."
High Representative Josep Borrell said: "Cyber is the new domain in warfare. To be up to the challenges and threats ahead of us, we need modern and interoperable European armed forces equipped with latest cyber defence capabilities. The new EU Policy on Cyber Defence will increase cooperation among the EU's cyber defence actors and develop mechanisms to use capabilities at the EU level, including in the context of CSDP missions and operations. By doing so, we will step up our ability to prevent, detect, deter and defend against cyber-attacks, as called for by the Strategic Compass."
Vice-President for Promoting our European Way of Life, Margaritis Schinas, said: "Cyber- attacks are often part of wider hybrid campaign, cross-border in nature and may have an impact on civil and defence systems and infrastructure. Significant cybersecurity incidents can be too disruptive for a single or several affected Member States to handle alone. The EU must become a stronger and more credible security provider, including in cyberspace. We are facing more hybrid attacks, therefore better cooperation between civil, security and defence communities, improves our ability to act together and ensure the EU security.
Commissioner for the Internal Market, Thierry Breton, said: "The return of a high- intensity conflict obliges us to review our approach to Europe's security. It is time to enhance our cooperation on cyber defence to protect, detect, defend, and deter. With a wide array of new initiatives on cybersecurity, we want to boost relentlessly our cyber defence capabilities and strengthen cooperation between cybersecurity communities. A stronger EU security is the foundation of our EU technological sovereignty."
The 2020 EU Cybersecurity Strategy highlighted the need for a review of the EU's cyber defence policy framework. Furthermore, President von der Leyen called for the development of a European Cyber Defence Policy in her 2021 State of the Union address. This is also an ambition of the Strategic Compass for Security and Defence approved by the Council in March this year. In May, in the Council conclusions on the development of the European Union's cyber posture, Member States invited the High Representative together with the Commission to table an ambitious proposal for an EU Cyber Defence Policy in 2022.
Together with the Security and Defence package, the Commission is also publishing today the first progress report on the Action Plan on synergies between civil, defence, and space industries, available here.
For More Information