Cyber Defence: EU boosts action against cyber threats

Today, the Commission and the High Representative put forward a Joint Communication on an EU Cyber Defence policy and an Action Plan on Military Mobility 2.0 to address the deteriorating security environment following Russia’s aggression against Ukraine and to boost the EU’s capacity to protect its citizens and infrastructure.  

With its new cyber defence policy, the EU will enhance cooperation and investments in cyber defence to better protect, detect, deter, and defend against a growing number of cyber-attacks. 

Cyberspace has no borders. Recent cyber-attacks on energy networks, transport infrastructure and space assets show the risks that they pose to both civilian and military actors. This calls for more action to protect citizens, armed forces, as well as the EU’s civilian and military missions and operations, against cyber threats.  

The EU Policy on Cyber Defence aims to boost EU cyber defence capabilities and strengthen coordination and cooperation between the military and civilian cyber communities (civilian, law enforcement, diplomatic and defence). It will enhance efficient cyber crisis management within the EU and help reduce our strategic dependencies in critical cyber technologies, while strengthening the European Defence Technological Industrial Base (EDTIB). It will also stimulate training, attracting, and retaining cyber talents and step up cooperation with our partners in the field of cyber defence. 

The EU Policy on Cyber Defence is built around four pillars that cover a wide range of initiatives that will help the EU and Member States:  

Act together for a stronger EU cyber defence: The EU will reinforce its coordination mechanisms among national and EU cyber defence players, to increase information exchange and cooperation between military and civilian cybersecurity communities, and further support military CSDP missions and operations.  

Secure the EU defence ecosystem: Even non-critical software components can be used to carry out cyber-attacks on companies or governments, including in the defence sector. This calls for further work on cybersecurity standardisation and certification to secure both military and civilian domains.  

Invest in cyber defence capabilities: Member States need to significantly increase investments in modern military cyber defence capabilities in a collaborative manner, using the cooperation platforms and funding mechanisms available at the EU level, such as PESCO, the European Defence Fund, as well as Horizon Europe and the Digital Europe Programme.

Partner to address common challenges: Building on existing security and defence as well as cyber dialogues with partner countries, the EU will seek to set up tailored partnerships in the area of cyber defence.  

Next steps 

The Commission and the High Representative, including in his capacity as Head of the European Defence Agency (EDA), will present an annual report to the Council of the EU to monitor and assess the progress of the implementation of the actions in the Joint Communication on the EU Policy on Cyber Defence. Member States are encouraged to contribute with their inputs on the progress of the implementation measures taking place in national or in cooperation formats. An implementation plan could be set up in cooperation with Member States.

Background

The 2020 EU Cybersecurity Strategy highlighted the need for a review of the EU’s cyber defence policy framework. Furthermore, President von der Leyen called for the development of a European Cyber Defence Policy in her 2021 State of the Union address. This is also an ambition of the Strategic Compass for Security and Defence approved by the Council in March this year. In May, in the Council conclusions on the development of the European Union’s cyber posture, Member States invited the High Representative together with the Commission to table an ambitious proposal for an EU Cyber Defence Policy in 2022.