Cybersecurity in the EU Common Security and Defence Policy

This report is the result of a study conducted by the European Union Agency for Network and Information Security (ENISA) for the European Parliament’s Science and Technology Options Assessment (STOA) Panel with the aim of identifying risks, challenges and opportunities for cyber-defence in the context of the EU Common Security and Defence Policy (CSDP). Acceptance of cyber as an independent domain calls for the investigation of its integration with the EU’s current and future policies and capabilities. ENISA analysed the related literature and work on cybersecurity, including its own publications, to form the basis for this study. In addition, a number of stakeholders, experts and practitioners, from academia, EU institutions andinternational organisations, were consulted. The study revolves around three thematic areas, namely: policies, capacity building, and the integration of cyber in the CSDP missions, with the last one being the main focus of the study. For each thematic area, we compile a set of policy options, covering different levels, starting from the EU’s political/strategic level and progressing down to the operational and even tactical/technical levels of the CSDP’s supporting mechanisms.