The European Commission yesterday announced a joint cybersecurity unit to protect EU member states from attacks on their national infrastructure. The proposals have been welcomed as a positive step towards creating a united front against the skyrocketing threat of cybercrime, though some have questioned elements of its approach. Coordinating with security companies in the private sector and fostering information sharing between member states may prove big challenges for the new organisation.
Yesterday’s announcement comes against the backdrop of a massive increase in cyberattacks across Europe in 2020. Commissioner Thierry Breton said 756 large scale cyber attacks were reported in 2020 across the EU, an increase of 75% from 2019. The new unit, Breton said, will be operational by June 2022 and will aim to combine elements of the existing cybersecurity resources within the EU; the European Network and Information Security Agency (ENISA), Europewide police service Europol and cybercrime specialists EC3.
The Joint Cyber Unit will be focused on combatting attacks on national infrastructure, commission vice president Margaritis Schinas said at the launch of the unit. “If you look at the Colonial Pipeline incident, that was precisely the scenario we are preparing for, a cyberattack that transcends into critical infrastructure like a pipeline,” he said.
What will the EU joint cybersecurity unit do?
Bringing together information at pace will be central to the success of the new unit says Sneha Dawda, a research fellow in cyberthreats and cybersecurity at the Royal United Services Institute (RUSI) think tank. “The kind of road that they’re going down with the cyber unit is incident response and being able to tie together the different information pools that not only exist across different EU agencies like ENISA and EC3 but also in actual domestic information gathering,” Dawda says.
The Joint Cyber Unit will be a change from the current approach, which keeps key resources separate. This can slow down incident response, Dawda explains. “The current approaches at European Union level are much less operational and technical at the moment,” she says. “Europol and EC3 do operations and technical work, however, their mission is very clear, they handle cybercrime. And then ENISA, the European Union’s agency for cybersecurity, is much more policy driven. They produce a lot of guidance around governance.”
Potential problems for the EU joint cybersecurity unit
Bringing these agencies together is a positive step, but Rajesh Muru, principal analyst in cybersecurity and digital transformation at GlobalData Technology, says there may be challenges ahead. “Success is going to be in the detail,” he says. “The first thing is getting everybody to participate in this.”
The kind of road that they’re going down with the cyber unit is incident response and being able to tie together the different information pools. Sneha Dawda, RUSI
While convincing governments the new unit will boost their security should be relatively simple, involving private sector businesses may be trickier, Muru says. “You can put a joint committee together, but the technology infrastructure to fight cybercrime needs to come from somewhere,” he says. “To really tackle this, you’ve got to bring in the service providers.” Security companies may be reluctant to work closely with companies they consider rivals, Muru says. “They all have their own initiatives, the footprints around their own cybersecurity defences,” he adds. “How can you make these players work together in a more homogeneous manner?”
The unit will also need to address greater transparency between different countries. “I think a big challenge is around information sharing by member states,” says Muru. “Can you make that happen and how is it going to pan out?”
Despite the potential drawbacks, Muru says the unit is a positive step, and shows the EU is ready to present a united front against cybercrime. RUSI’s Dawda says greater collaboration is the only way to fight what is a cross-border threat. “It’s an acknowledgement that working together and collaborating is much more effective than trying to solve regional cyberattacks as singular nations,” she says.
Join Our Newsletter
Want more on technology leadership?
Sign up for Tech Monitor's weekly newsletter, Changelog, for the latest insight and analysis delivered straight to your inbox.