European Commission Cyber Security Package – Joint Communication on Resilience, Deterrence and Defence: Building Strong Cybersecurity for the EU
On 12 September 2017, European Commission President Jean-Claude Juncker announced a Cyber-Security package setting out measures; to respond to the changed cyber-threats landscape.
The purpose of these measures is;
- to strengthen the EU's cybersecurity structures and capabilities.
- to develop more cooperation between the Member States and the different EU structures concerned.
- to ensure that the EU is better prepared to face the ever-increasing cybersecurity challenges that exist.
In the aftermath of the "Wannacry2" and "NotPetya" attacks, the EU has identified the need for more robust and effective structures;
- to ensure strong cyber resilience
- to promote cybersecurity
- to respond to cyber-attacks aimed at the Member States and at the EU's own institutions, agencies and bodies.
Strong cybersecurity for the Single Market, and particularly the Digital Single Market, is a cornerstone of these proposals. It reflects the need for major advances in the EU's technological capability and a broader understanding of the role of all the stakeholders involved in countering cyber threats. In response, the Joint Communication suggests new initiatives to further improve EU cyber resilience and response in the three key areas of resilience, deterrence and defence.
The Commission Package consists primarily of a series of previously signalled initiatives. It can be considered ambitious and far reaching, on the basis of its overall scope and how the various elements are configured and aligned.
The measures announced include:
- A legislative proposal to strengthen the Agency for Network and Information Security (ENISA), establishing a stronger European Union Cybersecurity Agency, built on ENISA, with a mandate to assist Member States in dealing with cyber-attacks
- An implementation toolkit for the Network and Information Security Directive
- The creation of an EU-wide cybersecurity certification scheme that will increase the cybersecurity of products and services in the digital realm
- A Blueprint for how to respond quickly, effectively, operationally and in unison in cases of large scale cyber-attacks affecting several Member States
- A network of competence centres in the Member States and a European Cybersecurity Research and Competence Centre that will help develop and roll out the tools and technology needed to keep up with the ever-changing threat environment and ensuring that defence is as strong as possible, enhancing the EU's strategic autonomy by boosting research capacity and building effective cyber-defence
- A new Directive on the combatting of fraud and counterfeiting of non-cash means of payment to provide for a more efficient criminal law response to cybercrime