The European Union (EU) has rolled out updated recommendations to enhance its approach to cyber security crisis management and incident response. This change comes as the security landscape becomes more volatile, posing greater threats to not just the 27 member states but also candidate countries and nearby nations like the UK.
The Cyber Blueprint isn’t a legal mandate; it works alongside existing national policies. Its main goal is to guide EU entities and networks on how to effectively respond to significant cyber incidents that might affect individual member states or the entire bloc. A cyber incident, depending on its origin and severity, could disrupt the internal market and pose serious risks to public safety for millions. As Hanna Virkkunen, the executive vice-president for tech sovereignty, security, and democracy, pointed out, “In an increasingly interdependent Union economy, disruptions from cyber incidents can have far-reaching impacts across various sectors.”
The blueprint clarifies what constitutes a cyber crisis and outlines the triggers for activating crisis response mechanisms at the EU level. It details various available tools, including the Cybersecurity Emergency Mechanism, to facilitate preparation, response, and recovery during incidents.
There’s growing apprehension in Brussels that a major cyber incident could intertwine with broader geopolitical tensions, particularly concerning Russia and the US, with potential flashpoints in Ukraine, Moldova, or the Baltics, potentially leading to a military response from NATO. The revisions emphasize the need for better cooperation between civilian and military sectors.
To that end, it advocates for initiatives like the European Cyber Crisis Liaison Organization Network (EU-CyCLONe) and the EU Cyber Commanders Conference. It also supports the collaboration of military Computer Emergency Response Teams (MICNET) and the Computer Security Incident Response Teams (CSIRTs) Network, alongside plans for a new EU Cyber Defence Coordination Centre. All these efforts aim to enhance situational awareness in both civilian and military cyber domains.
The blueprint encourages building on existing agreements, like the CERT-EU/NATO technical arrangement from nine years ago, to create effective contact points with NATO during a cyber crisis. It suggests that the EU should find ways to improve information-sharing with NATO, such as connecting their respective communication systems.
Brussels is also calling for joint exercises between European Commission services, the European External Action Service (EEAS), and NATO to test collaboration during a large-scale cyber incident that may invoke Articles 4 and 5 of the NATO Treaty. Article 5 asserts that an attack on one member is an attack on all and has only been invoked once since the treaty’s inception, right after the 9/11 attacks. Article 4, although less well-known, facilitates discussions when a member feels its security is at risk. It has been called upon seven times, mainly in relation to events post-2000, particularly regarding the conflicts in Iraq and Syria and ongoing aggression from Russia.
Given the vulnerabilities of candidate countries and the possibility of cyber threats spilling over from neighboring areas, the EU emphasizes the importance of including these nations in joint exercises. For those interested, the EU’s full set of recommendations is available for download.