The EU Commission wants to make Europe more resilient to threats from the Internet. To this end, it launched a cyber solidarity law for the EU on Tuesday. With this, the Commission wants to set up a “European cyber protection shield”. By this she understands an infrastructure consisting of security operations centers in all member states. An emergency mechanism is also to be set up to improve responsiveness to cyber incidents. There are also plans to set up an academy for cyber security skills in order to close the skills gap in the area of IT security.
The Commission is planning 1.1 billion euros for the entire package of measures. She considers the tasks necessary because the increasing scope and frequency of incidents in the field of cyber security and their increasing effects “pose a significant threat to the trouble-free operation of network and information systems and the European internal market”. Russia’s military aggression against Ukraine has exacerbated this threat. A “numerous state-related, criminal and hacktivist actors who are involved in the current geopolitical tensions” cavort in the cyber field.
AI and big data in action
The deployment centers for the protective shield should therefore identify and ward off cross-border cyber threats at an early stage. For example, the use of artificial intelligence (AI) and big data analyzes are planned. Authorities and other institutions should thus be able to react more efficiently and effectively to major cyber incidents. According to the Commission, this mechanism could be activated as early as the beginning of 2024, since this month it has already selected three consortia for transnational security operations centers as part of the Digital Europe programme. Public authorities from 17 Member States and Iceland have joined forces.
Linked to the emergency procedure are precautionary measures such as tests to identify potential vulnerabilities in facilities in particularly critical sectors such as healthcare, transport and energy, according to the proposal. Common risk scenarios and methods should form the basis for this. In addition, an EU cybersecurity reserve with pre-contracted emergency services from trusted certified providers will act as a rapid deployment force. Individual EU countries should be able to provide each other with administrative assistance. According to the outline, the resilience of the community will also be strengthened by retrospectively checking and evaluating major relevant incidents.
Margaritis Schinas, Commission Vice President for the Promotion of the European Way of Life, campaigned in the EU Parliament for the project with the image of the EU as a team player: In the field of cyber security, there is no Christiano Ronaldo who can design a game alone. Tobias Bacherle, chairman of the Greens in the Bundestag’s Digital Committee, and Konstantin von Notz, Vice President of the Greens parliamentary group, welcomed the initiative: “Our democracy and our constitutional state are currently inadequately protected against threats to IT security, as security policy risks have been criminally neglected for years. ” Because attacks on IT infrastructures, such as malware, do not stop at national borders, “in addition to consistent action at national level, common European approaches are needed”.