View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
June 24, 2021updated 07 Jul 2022 9:05am

The EU joint cybercrime unit is a positive step but faces significant hurdles

A joint approach across the bloc has been proposed to tackle hacking groups. But convincing the private sector of its merits might be tricky.

By Claudia Glover

The European Commission yesterday announced a joint cybersecurity unit to protect EU member states from attacks on their national infrastructure. The proposals have been welcomed as a positive step towards creating a united front against the skyrocketing threat of cybercrime, though some have questioned elements of its approach. Coordinating with security companies in the private sector and fostering information sharing between member states may prove big challenges for the new organisation.

Yesterday’s announcement comes against the backdrop of a massive increase in cyberattacks across Europe in 2020. Commissioner Thierry Breton said 756 large scale cyber attacks were reported in 2020 across the EU, an increase of 75% from 2019. The new unit, Breton said, will be operational by June 2022 and will aim to combine elements of the existing cybersecurity resources within the EU; the European Network and Information Security Agency (ENISA), Europewide police service Europol and cybercrime specialists EC3.

EU joint cybercrime unit

The European Commission yesterday announced a joint cybersecurity unit to protect EU member states from attacks on their national infrastructure. (Photo by Maksim Shmeljov/Shutterstock)

The Joint Cyber Unit will be focused on combatting attacks on national infrastructure, commission vice president Margaritis Schinas said at the launch of the unit. “If you look at the Colonial Pipeline incident, that was precisely the scenario we are preparing for, a cyberattack that transcends into critical infrastructure like a pipeline,” he said.

What will the EU joint cybersecurity unit do?

Bringing together information at pace will be central to the success of the new unit says Sneha Dawda, a research fellow in cyberthreats and cybersecurity at the Royal United Services Institute (RUSI) think tank. “The kind of road that they’re going down with the cyber unit is incident response and being able to tie together the different information pools that not only exist across different EU agencies like ENISA and EC3 but also in actual domestic information gathering,” Dawda says.

The Joint Cyber Unit will be a change from the current approach, which keeps key resources separate. This can slow down incident response, Dawda explains. “The current approaches at European Union level are much less operational and technical at the moment,” she says. “Europol and EC3 do operations and technical work, however, their mission is very clear, they handle cybercrime. And then ENISA, the European Union’s agency for cybersecurity, is much more policy driven. They produce a lot of guidance around governance.”

Potential problems for the EU joint cybersecurity unit

Bringing these agencies together is a positive step, but Rajesh Muru, principal analyst in cybersecurity and digital transformation at GlobalData Technology, says there may be challenges ahead. “Success is going to be in the detail,” he says. “The first thing is getting everybody to participate in this.”

The kind of road that they’re going down with the cyber unit is incident response and being able to tie together the different information pools.
Sneha Dawda, RUSI

Content from our partners
Green for go: Transforming trade in the UK
Manufacturers are switching to personalised customer experience amid fierce competition
How many ends in end-to-end service orchestration?

While convincing governments the new unit will boost their security should be relatively simple, involving private sector businesses may be trickier, Muru says. “You can put a joint committee together, but the technology infrastructure to fight cybercrime needs to come from somewhere,” he says. “To really tackle this, you’ve got to bring in the service providers.” Security companies may be reluctant to work closely with companies they consider rivals, Muru says. “They all have their own initiatives, the footprints around their own cybersecurity defences,” he adds. “How can you make these players work together in a more homogeneous manner?”

The unit will also need to address greater transparency between different countries. “I think a big challenge is around information sharing by member states,” says Muru. “Can you make that happen and how is it going to pan out?”

Despite the potential drawbacks, Muru says the unit is a positive step, and shows the EU is ready to present a united front against cybercrime. RUSI’s Dawda says greater collaboration is the only way to fight what is a cross-border threat. “It’s an acknowledgement that working together and collaborating is much more effective than trying to solve regional cyberattacks as singular nations,” she says.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.