A free and open Internet is at the heart of the Cyber Security Strategy, designed by High Representative Catherine Ashton and the European Commission. The Communication is the first comprehensive policy document that the European Union has produced in this area. It addresses the internal market, justice and home affairs and the foreign policy aspects of cyberspace issues.
The Strategy is accompanied by a legislative proposal (a Directive) from the European Commission to strengthen the security of information systems in the EU. This would encourage economic growth as people's confidence in buying goods online and using the Internet would increase.
How can the EU’s core values be ensured on the worldwide web?
One example is human rights, which also applies online – the European Union will promote cyberspace as an area of freedom and fundamental rights. Expanding access to the internet should advance democratic reform worldwide. The EU believes that increased global connectivity should not be accompanied by censorship or mass surveillance.
What EU norms and laws should be used in cyberspace?
The responsibility for a more secure cyberspace lies with all players in the global information society, from people to governments. The EU supports efforts to define norms of behaviour in cyberspace that all stakeholders should adhere to. Just as the EU expects citizens to respect civic duties, social responsibilities and laws online, so should states abide by norms and existing laws. An important pre-condition for a free and open internet that brings political and economic benefits to societies worldwide, is the maintenance of a multi-stakeholder governance model for the internet.
Will there be new laws to address cyber threats?
No, the EU believes we already have many international legal instruments in place that should also be applied in cyberspace. However, some governments have proposed new treaties and conventions addressing cyber issues that the EU cannot support. We fear that the argument of cyber security will be used as a pretext to justify limiting freedom of expression and access to information. For instance, the Budapest Convention includes all the elements needed to assist in investigation, prosecution and international cooperation to address cybercrime.
At present, 49 countries have signed the Convention and many countries outside Europe have introduced its principles into their legislation. The EU has assisted the Council of Europe in disseminating the principles of this Convention worldwide, and we are currently financing new programmes to promote the Budapest Convention and increase the rule of law in this area.
What does the Strategy say about capacity-building?
The EU is deepening its engagement with international partners and organisations, the private sector and civil society to support global capacity-building in third countries. This includes improving access to information and to an open internet, and preventing cyber threats. The EU also helps with donor coordination for activities supporting capacity-building. These actions focus on enhancing criminal justice capabilities by training prosecutors and judges, and introducing the Budapest Convention (Cybercrime Convention) principles in recipient countries’ legal framework, building law enforcement capacity to advance cybercrime investigations and assisting countries in addressing cyber incidents.
How does the Strategy contribute to international cooperation in cyberspace?
To preserve an open, free and secure cyberspace is a global challenge, which the EU should address together with the relevant international partners and organisations, the private sector and civil society. The EU is placing a renewed emphasis on dialogue with third countries and international organisations, with a special focus on like-minded partners that share EU values. At bilateral level, cooperation with the United States is particularly important and will be further developed.
What the EU is doing on cyber defence issues?
Within the Common Security and Defence Policy, the European Defence Agency (EDA) is supporting EU Member States in developing cyber defence capabilities and technologies, improving cyber defence training & exercises. Given that threats are multifaceted, synergies between civilian and military approaches in protecting critical cyber assets should be strengthened. These efforts should be supported by research and development, as well as closer cooperation between governments, the private sector and academia in the EU.
The EU is also promoting the early involvement of industry and academia in developing solutions and in strengthening Europe’s defence industrial base and associated R&D innovations in both civilian and military organisations. The EDA promotes civil-military dialogue and contributes to coordination between all actors at EU level – with particular emphasis on the exchange of good practices, information exchange and early warning, incident response, risk assessment and establishing a cyber-security culture.
In December 2013, the European Council called for an ‘EU Cyber Defence Policy Framework’, on the basis of a proposal from the High Representative, in cooperation with the Commission and the European Defence Agency. The Council Conclusions call for the development of a roadmap and concrete projects focused on training and exercises, improving civil/military cooperation on the basis of the EU Cybersecurity Strategy as well as the protection of assets belonging to EU missions and operations. On this basis, the EU is currently developing an EU Cyber Defence Policy Framework.
Why does the Strategy address civilian and military issues?
Given that threats are multifaceted, synergies between civilian and military approaches in protecting critical cyber assets should be enhanced. These efforts should be supported by research and development, and closer cooperation between governments, the private sector and academia in the EU. To avoid duplication, the Union will explore possibilities on how the EU and NATO can complement their efforts to heighten the resilience of critical governmental, defence and other information infrastructures on which the members of both organisations depend.
Are the EU and NATO cooperating in cyber security?
Cooperation between experts is ongoing. Since the Strategy was adopted, the EU has intensified its cooperation with NATO in cyber security. Further dialogue with NATO should ensure effective defence capabilities, identify areas for cooperation and help avoid duplication of efforts.