The European Commission laid out on Wednesday (23 June) its vision for a Joint Cyber Unit to tackle evolving cyberthreats and to increase European resilience.
The Joint Cyber Unit will serve as a platform for cooperation for cybersecurity communities across the EU, enabling them to draw on each other’s support and to create a cybersecurity shield to detect cyberthreats before they can cause damage.
“The Joint Cyber Unit is a very important step for Europe to protect its governments, citizens and businesses from global cyberthreats,” said EU High Representative Josep Borrell, presenting the plan.
“When it comes to cyberattacks, we are all vulnerable and that is why cooperation at all levels is crucial,” he added.
Commission President Ursula von der Leyen put the establishment of a Joint Cyber Unit on her agenda to facilitate information sharing between member states when she first entered office in 2019, stating in her political guidelines that “digitalisation and cybersecurity are two sides of the same coin.”
Since then digitalisation has rapidly accelerated, sped on by the coronavirus pandemic, leaving the EU’s private and public sectors increasingly vulnerable to cyberattacks.
The number and ferocity of cyberattacks have skyrocketed in the last year, with the most recent example being the full-scale attack in Belgium, which affected more than 200 organisations.
The number of significant malicious attacks against critical sectors has more than doubled in 2020 from 146 incidents in 2019 to to 304 in 2020. More dramatic still is the rise in the number of phishing attacks, the frequency of which increased 667% during the first months of the pandemic, an ENISA spokesperson told EURACTIV.
How the EU is tackling the problem
The Joint Cyber Unit was designed to tackle these rising numbers of serious cyber incidents. It is a “building block to protect ourselves from growing and increasingly complex cyberthreats,” said Commissioner for the Internal Market Thierry Breton.
The unit will form the “operational arm of the European Cyber Shield,” he added.
The Joint Cyber Unit aims to pool the operational resources and the expertise of EU institutions, bodies and agencies as well as member states.
The Commission says the Joint Cyber Unit is an important step “towards completing the European cybersecurity crisis management framework” and that it addresses the gap currently left by a lack of structured cooperation between civilian, diplomatic, law enforcement and defence cybersecurity communities.
The Joint Cyber Unit is planned to enter the operational phase by June 2022 and should become fully operational a year later.
Additional measures on cybersecurity
The proposal for the Joint Cyber Unit was released alongside a progress report, where the European Commission took stock of its achievements under each of the 26 initiatives that were set out in the European Cybersecurity Strategy in December.
Most notably, the Commission urged the EU Council and Parliament to swiftly adopt the revised Directive on Security of Network and Information Systems (NIS 2) to ensure the cyber resilience and operational capacity of the EU.
The NIS 2 directive aims at more stringent supervision measures and includes means to support coordinated management of large-scale cybersecurity incidents as well as increased cooperation between member state authorities.
The legislative proposal was adopted by the European Commission in December 2020 and is currently going through the ordinary legislative process.
At the same time, EU countries have made significant progress on the implementation of the 5G Toolbox, which tries to mitigate risks from 5G suppliers. Almost all of the member states already have frameworks in place to impose restrictions on 5G suppliers.
The Commission also reported positive developments in other areas, such as the improvement of cyberdefence cooperation, the EU’s cyber diplomacy toolbox, and the tackling of hybrid threats.
[Edited by Luca Bertuzzi and Josie Le Blond]