Resilience, Deterrence and Defence: Building strong cybersecurity for the EU

This Joint Communication to the European Parliament and the Council builds calls for several key actions in order to build strong cybersecurity for the EU.

Regarding EU cyber resilience, such measures include:

• full implementation of the Directive on the Security of Network and Information Systems;
• swift adoption by the European Parliament and the Council of the Regulation setting out a new mandate for ENISA and a European framework for certification;
• a joint Commission/industry initiative to define a “duty of care” principle for reducing product/software vulnerabilities and promoting “security by design”;
• swift implementation of the blueprint for cross-border major incident response;
• launch of an impact assessment to study the possibility for a Commission proposal in 2018 to set up a Network of Cybersecurity competence centres and a European Cybersecurity Research and Competence Centre, building on an immediate pilot phase;
• support of Member States in identifying areas where common cybersecurity projects could be considered for support by the European Defence Fund;
• set up of an EU-wide one-stop-shop to help victims of cyber-attacks, providing information on latest threats and bringing together practical advice and cybersecurity tools;
• mainstream cybersecurity into skills programmes, egovernment and awareness campaigns;
• action by industry to step up cybersecurity-related training for their staff and adopt a “security by design” approach for their products, services and processes.

As for cyber deterrence:

• a Commission initiative for cross-border access to electronic evidence (early 2018);
• swift adoption by the European Parliament and the Council of the proposed Directive on combatting fraud and counterfeiting of non-cash means of payment;
• the introduction of requirements on IPv6 in EU procurement, research and project funding;
• voluntary agreements between Member States and Internet Service Providers to drive up the uptake of IPv6;
• a renewed/expanded focus in Europol on cyber forensics and monitoring the darknet;
• implementation of the framework for a joint EU diplomatic response to malicious cyber activities;
• Enhanced financial support to national and transnational projects improving criminal justice in cyberspace;
• cybersecurity-related education platform to address the current skills gap in cybersecurity and cyber defence in 2018.

In order to strengthen international cooperation and cybersecurity:

• a the strategic framework for conflict prevention and stability in cyberspace;
• a new Capacity Building Network to support third countries’ ability to address cyber threats and EU Cybersecurity Capacity Building Guidelines to better prioritise EU efforts;
• further cooperation between EU and NATO, including participation in parallel and coordinated exercises and enhanced interoperability of cybersecurity standards.