The first EU Cyber Defence Policy Framework dates back to 2014. The latest update was released in 2018 (see below).
The 2014 document provides a framework for countering cyber threats and defines the cyber defence aspects of the EU Cyber Security Strategy. It also clarifies the roles of the different European actors and specifies five priority areas for CSDP cyber defence, namely:
- support for the development of Member States’ cyber defence capabilities related to CSDP;
- protection of CSDP communication networks;
- promotion of civil-military cooperation with EU cyber policies, EU institutions, agencies, and the private sector;
- improvement of training, education and joint exercise opportunities; cooperation with relevant international partners, notably NATO.
The Framework also puts forward more than forty proposals. Among such suggestions, one can find:
- enhanced voluntary cooperation between military CERTs of the Member States in the light of prevention and handling of incidents;
- promotion of real-time cyber threat information sharing between Member States and relevant EU bodies;
- exchange of best practice on exercise, training and other areas of possible civilian-military synergy;
- involvement of international partners such as NATO or OSCE;
- reinforced cooperation between the CERT-EU, relevant EU cyber defence bodies and the NATO Computer Incident Response Capability (NCIRC).
The 2018 update to the Cyber Defence Policy Framework identifies several priorities:
- the development of cyber defence capabilities;
- the protection of the EU CSDP communication and information networks;
- training and exercises;
- research and technology;
- civil-military cooperation and international cooperation.