In July-October 2017, the European Union took a number of important steps that could significantly enhance its capabilities in the field of cybersecurity. Firstly, it is a decision to establish a new Cybersecurity Agency in the European Union. Secondly, this is the holding of the first cyber-exercises in the history of the EU. Thirdly, it is the holding of an EU summit dedicated to the problems of the digital environment and the adoption of the «Tallinn Declaration» on e-government.
Establishment of the EU Cybersecurity Agency
On September 19, 2017, the European Commission proposed the establishment of the EU Cybersecurity Agency in the EU, which is intended to assist EU member states and their cybersecurity partners [1]. The new Agency will be formed on the basis of the European Agency for Network and Information Security functioning in Greece (ENISA). The staff of the new Agency will be increased from 84 to 125 people, and the budget is increased from € 11 million to € 23 million.
The Cybersecurity Agency will receive a permanent mandate to assist the Member States in preventing and responding to cyber attacks. The EU’s readiness for cyber attacks will be enhanced through annual cybersecurity exercises and the organization of effective data exchange. This will help implement the Directive on the Security of Network and Information Systems [2], which contains obligations to report to national authorities in the event of serious incidents.
In addition, a new EU-wide certification framework will be created, which will ensure the safety of the use of goods in the digital environment. These certificates should help European consumers recognize whether the products they plan to purchase are in compliance with European safety standards.
To strengthen the EU’s cybersecurity potential, the European Commission proposes the following measures:
- to establish a European Cybersecurity Research and Competence Center that will help develop and implement the tools and technologies needed to keep pace with the ever-evolving threats in cybersecurity;
- to consider, in the future, the possible establishment of a new Emergency Response Fund in cybersecurity for those Member States that have responsibly carried out all the cybersecurity measures required under EU law;
- to create in 2018 a platform for training and education in the field of cyber defense while the EU and NATO will jointly promote research and innovation cooperation in the field of cyber defense;
- to strengthen the EU response to cyber attacks by introducing the Framework for a Joint EU Diplomatic Response to Malicious Cyber activity, supporting a strategic framework for the prevention of conflicts and stability in cyberspace;
- to create more effective criminal legislation designed to identify, monitor and prosecute cybercriminals, etc. [3].
The first cyber defense exercise in the history of the European Union
On September 7, 2017, in Tallinn, the first in the history of the EU strategic cyber-games «EU CYBRID 2017», intended for the highest political leadership were held. The organizers of the exercise were Estonia’s presidency in the EU and the European Defense Agency. NATO Secretary General Jens Stoltenberg attended the exercise as an outside observer [4]. During the cyber-training, the defense ministers got acquainted with the consequences of cyber attacks on the EU and learned how to react politically to such incidents. According to the scenario of the exercises, the EU military structures were attacked in two directions: the EU headquarters in Brussels and industrial facilities in the territories of the member countries of the organization. The aggressor was a certain pseudo-democratic state of Froterra, which does not support Western values and has weak opposition within the country. Experts noted that a day before the «EU CYBRID 2017» in Helsinki, the European Centre of Excellence for Countering Hybrid Threats opened, which should become a gathering point for the scientific achievements of three think tanks engaged in the study of information wars: Cyber Defence Centre of Excellence in Estonia, the Strategic Communications Centre of Excellence in Latvia and the Energy Security Centre of Excellence in Lithuania [5].
European Union Digital Summit
On September 28-29, 2017 in Tallinn, the first ever European Union summit dedicated to the problems of the digital environment was held. Heads of EU countries discussed the question of how to turn the European Union into a global leader in the digital environment by 2025. The event was attended by 26 heads of state and government, European Commission President Jean-Claude Juncker, as well as the President of the European Parliament, Antonio Tajani.
Within the framework of the summit, two sessions were held. In the first of these, titled «The Future of Governments», EU leaders discussed the role of the European Union and its institutions in fostering public confidence on the Internet and enhancing security, which is considered a prerequisite for the formation of «digital Europe». The second session «The Future of Economy and Society» was devoted to the infrastructure that is necessary for building a new digital economy [6].
The leaders of the EU countries at the Tallinn Summit reaffirmed their commitment to the creation of a single digital market by the end of 2018. The goals of this strategy are to improve access to goods, services, and content, and create a legislative framework for the operation of networks and services. In general, this strategy can bring the EU economy about € 415 billion annually and create hundreds of thousands of new jobs [7].
During the Tallinn summit of the EU, Lithuanian President Dalia Grybauskaitė proposed the EU to create a so-called «Cybernetic Schengen area», within which cybernetic rapid reaction forces should be created. In her opinion, it is necessary not only to exchange information quickly but also to defend together. In general, D.Grybauskaitė believes that cybersecurity should become an integral part of the EU security and defense policy [8].
In his turn, the Prime Minister of Slovakia R. Fico said: «Some premieres at this summit openly said that Europe should be cautious about purchasing various information technologies and products, whether it is the US, China or other producer countries. Because God does not know what is contained in these products. The common desire was to establish a unified European policy in this area» [9]. R.Fico also noted: «Today there is no question of the quality of digital technology, the problem is how to protect the public from the abuses associated with it. The information environment is developing so rapidly that very soon everyone will know everything about each of us absolutely everything. And I’m definitely not happy about this because I believe that people have the right to privacy and must be protected from invasion by society» [10].
The «Tallinn Declaration» on e-Government
As TASS reported on October 6, 2017, the EU ministers, as well as the European Free Trade Association, responsible for the development of the digital environment, signed the «Tallinn Declaration» on e-government, designed to underscore the unanimous commitment to the goal of digital government development. In this regard, the Estonian Minister of Entrepreneurship and Information Technology Urve Palo reminded that the previous declaration on electronic management was signed in 2009 in Malmö (Sweden): «Everyone understands that the world has changed significantly during this time. Human security issues now relate not only to physical security, cybersecurity has become at least equally important. In the Tallinn Declaration, we also agreed that with the development of the state electronic services, the principles of security and privacy must meet the highest requirements» [11]. U. Palo stated: «We came to a common understanding that all European countries should create opportunities for their people and enterprises to use public services in a digital form and without having to leave their homes» [12]. For example, if a resident of Estonia has registered a car in his country, he should no longer be required to re-register if he moves to Belgium, that is, states should automatically exchange such information [13]. In turn, the Prime Minister of Estonia, Jüri Ratas, noted the importance of e-government technologies: «Thanks to e-government, last year alone, we saved 3,543 hours of working time. Moreover, this is a very significant saving of time and, hence, money» [14].
Analysis of the current situation in the EU allows us to draw a number of conclusions
Firstly, the EU is becoming more active in the field of strengthening cybersecurity. It is not always said directly, but it is implied that the main risks and threats in the field of cybersecurity stem from Russia and China.
Secondly, the European Union considers issues of cybersecurity together with the issues of creating a digital economy and e-government. Furthermore, in this sphere, Kazakhstan and the EAEC have much to learn from the EU.
Thirdly, it should be noted that a small Estonia deals with many common European issues related to cybersecurity, digital economy, and e-government. Thus, Estonia has set an example of a rational use of its rather limited resources to achieve the maximum international effect.
________________________
[1] European Commission – Press release State of the Union 2017 – Cybersecurity: Commission scales up EU’s response to cyber-attacks Brussels, 19 September 2017. //http://europa.eu/rapid/press-release_IP-17-3193_en.htm.
[2] DIRECTIVE (EU) 2016/1148 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 6 July 2016 //http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2016.194.01.0001.01.ENG&toc=OJ:L:2016:194:TOC.
[3] European Commission – Press release State of the Union 2017 – Cybersecurity: Commission scales up EU’s response to cyber-attacks Brussels, 19 September 2017. //http://europa.eu/rapid/press-release_IP-17-3193_en.htm.
[4] Таллин занял кибероборону //https://topwar.ru/124493-tallin-zanyal-kiberoboronu.html.
[5] Ibid.
[6] Премьер Эстонии: руководство ЕС заинтересовано в построении цифрового общества //http://tass.ru/mezhdunarodnaya-panorama/4602040.
[7] Страны ЕС подписали декларацию о развитии электронного госуправления //http://tass.ru/ekonomika/4625334.
[8] Грибаускайте предложила ЕС идею создания «кибернетического Шенгена» //https://www.rubaltic.ru/news/29092017-gribauskayte-predlozhila-es-ideyu-sozdaniya-kiberneticheskogo-shengena.
[9] Премьер Словакии: нельзя доверять информационным технологиям из Китая и США //https://ria.ru/world/20170930/1505900904.html.
[10] Ibid.
[11] Европейские министры подписали Таллиннскую декларацию об электронном управлении //http://www.baltic-course.com/rus/es_baltija/?doc=133902.
[12] Ibid.
[13] Ibid.
[14] Страны ЕС подписали декларацию о развитии электронного госуправления //http://tass.ru/ekonomika/4625334.