From: Eidgenössische Technische Hochschule Zürich | Department of Humanities, Social and Political Sciences | Center for Security Studies
By Annegret Bendiek, Raphael Bossong and Matthias Schulze for Stiftung Wissenschaft und Politik (SWP)
In September 2017, the EU updated its Cyber Security Strategy with the objective of increasing the Union’s resilience in the cyber domain. However, Annegret Bendiek et al contend that the reformed strategy was only a half-hearted attempt to achieve this aim
and that it fell short of addressing notable problems. For instance, the EU failed to define resilience or deterrence sufficiently in the update and the proposed measures to increase cybersecurity lack legal force. As a result, our authors contend it’s time for the EU tackle the issue of cybersecurity head-on.
This article was originally published by the German Institute for International and Security Affairs (SWP) in September 2017.
In September 2017 the EU updated its 2013 Cyber Security Strategy. The new version is intended to improve the protection of Europe’s critical infrastructure and boost the EU’s digital self-assertiveness towards other regions of the world. But the reformed strategy leaves open a number of questions as to how its objective of an “open, safe and secure cyberspace” will be credibly defended, both internally and externally. The EU has neither properly defined resilience or deterrence nor made sufficiently clear how it intends to overcome institutional fragmentation and lack of legal authority in cybersecurity issues. Moreover, controversial topics – such as the harmonisation of criminal law or the use of encryption – have been entirely omitted. Member states should abandon their stand-alone efforts and speed up the legal regulation of cybersecurity at the EU level.
It has been obvious for some time that China is increasingly sealing off its nation-al Internet, Russia is trying to spread its authoritative understanding of information sovereignty, and the USA is engaged in a military-offensive form of cyber-defence. Experts already speak of the era of “data nationalism” and the end of the global Internet. In view of these strategic challenges, the EU’s member states are seeking a path to digital self-assertiveness. “Cyber-attacks can be more dangerous to the stability of democracies and economies than guns and tanks”, Commission President Jean-Claude Juncker said in his State of the Union speech in mid-September 2017. At the digital summit in Tallinn in late September, European Heads of State and Government restated their determination to complete the digital single market to replace the currently existing patchwork of rules in all 28 member states. In the run-up to the summit, Germany, France, Italy and Spain were particularly ambitious. Inter alia, they called for a common tax on US Internet giants and the creation of a secure environment that protects citizens, businesses and governments in exerting their rights.
Leave a Reply