Cyber-attacks on businesses and government agencies have increased the Russian invasion of Ukraine, with the risk of spillover cyber-attacks against non-primary targets becoming highly widespread. Since 2017, NotPetya attack is an instance of a cyber-attack that underscores the spillover risk to entities outside of Ukraine. That attack initially targeted Ukrainian government and financial entities but ultimately affected computer systems across the globe, costing billions of dollars in damages.
The security of the European Union is biggest challenged like never before. Central tenets of the international system that Europeans helped build are eroding and even disintegrating one by one. Great power competition is increasingly shaping Europeans’ security environment, while other security threats are also on the rise, from terrorism and cyber-attacks to climate change. The EU now faces security threats from its east and south and an uncertain ally in the West.
Europeans are understandably worried about this picture. But they are divided on how to handle it. Since 2015, the political crisis around immigration into the EU from onwards has revealed fundamental divisions in the way member states of their security. As Ivan Krastev has argued, ‘the refugee crisis exposed the futility of the post-Cold War paradigm and especially the incapacity of Cold War institutions and rules that deal with the problems of the contemporary world’.
There are divisions not only between but also within member states. In currently, the national elections across the EU have resulted in intense battles between political movements that favour an open, progressive agenda and global engagement and those that prefer a nationalist, inward-looking approach i.e, ultimately, anti-EU. In this unstable political environment, the need to keep citizens safe a basic responsibility of any government has taken on even greater importance. Safety is central to the nationalists’ increasingly popular arguments. They argue that mainstream EU governments have failed to protect citizens. In power, nevertheless, they face the inescapable dilemma that small European nations can’t effectively respond in today’s threats through national policies alone.
The results EU that is fairly united in its understanding of the threats it faces, but that diverges significantly in the vulnerability it feels to those threats. France feels relatively resilient across the range of threats, while Germany thinks of itself as relatively vulnerable. There are also important variations among the member states on what role the EU should play as a security actor. There is unanimous consensus that NATO must remain the backbone of European security, but EU member states differ significantly on the extent to which, within the NATO framework, Europe should begin to develop autonomy from the United States.
Finally, there is no shortage of real threats for Europeans to be concerned about; our research paints a picture of an EU that is in some ways its own worst enemy. The responses on the preoccupation with immigration highlight the extent to which it is the political fallout of the migration crisis; its potential to increase support for populist parties and its use as a weapon in European domestic politics and not migration itself that currently threatens the EU.
The strong cyber-security response to build an open or secure cyberspace cans create greater trust among citizens in digital tools and services.
In 2020 October, EU leaders called for stepping up the EU’s ability to:
The EU is also working on two judicial proposals to address present/future online and offline risks such as:
EU Cyber-security Act
The EU Cyber-security Act entered into force in 2019 June:
Certification plays a vital role in ensuring high cyber-security standards for ICT products, services and processes. The fact that different security certification schemes are currently used by different EU countries generates market fragmentation and regulatory barriers.
With the Cyber-security Act, the EU has introduced a single EU-wide certification framework that will:
The framework will provide a comprehensive set of rules, technical requirements, standards and procedures.
The new EU Agency for Cyber-security builds on the structures of its predecessor, the European Union Agency for Network and Information Security, but with a strengthened role and a permanent mandate. It has also adopted the same acronym (ENISA).
The EU institutions and other stakeholders in dealing with the cyber-attacks.
Network and information systems directive
Since 2016, the directive on the security for network and information systems (NIS) was introduced as the first ever EU-wide legislative measure with the purpose of increasing cooperation between member states on the vital issue of cyber-security. It laid down security obligations for operators of essential services (like energy, health transport and finance) and for digital service providers (search engines, online marketplaces or cloud services).
In December 2020, the European Commission proposed a revised NIS directive (NIS2) to replace in 2016 directive. The new proposal responds to the evolving threat landscape and takes into account the digital transformation, which has been accelerated by the COVID-19 crisis. In 2021 December, the Council has reached a general approach on the new directive.
The new rules will:
Lorem ipsum viverra feugiat. Pellen tesque libero ut justo, ultrices in ligula. Semper at. Lorem ipsum dolor sit amet elit. Non quae, fugiat nihil ad. Lorem ipsum dolor sit amet. Lorem ipsum init dolor sit, amet elit. Dolor ipsum non velit, culpa! elit ut et.
Lorem ipsum dolor sit amet elit. Velit beatae rem ullam dolore nisi esse quasi, sit amet. Lorem ipsum dolor sit amet elit.
