3 minute read
4.5 Overlaps with cyber security and influence operations
The EU has developed a cluster of instruments in recent years that aim to strengthen the Union’s ability to withstand various types of digital influence operations from third countries. This is a different agenda to support for human rights and democracy within third countries, which this report covers. Nevertheless, these two agendas have begun to overlap in places. A number of the new and emerging instruments in this area have begun to develop in a way that are relevant, at last at the margins, to this report’s subject matter.
4.5.1 Stratcom
Advertisement
One very politically driven area of external funding activity has been carried out under the so-called Stratcom initiative, set up in 2015 by the External Action Service. With a very specific remit to counter Russian disinformation in the countries of Eastern Europe, the initiative worked to correct Russian disinformation and contribute to spreading good news stories about the EU in these countries. In this sense, the initiative has indirect relevance to this report’s concern with digitally-driven repression in third countries. Stratcom was mobilised as a tool mainly to protect against disinformation within the EU and some non-EU Eastern Partnership states; it followed a security agenda, rather than aiming directly at human rights and democracy within the source countries of disinformation. Still, the lines between these two agendas have been somewhat blurred. Stratcom’s budget increased from EUR 1.1 million in 2018 to 5 million in 2019, and its remit was extended into the Balkans, North Africa, and the Middle East. Of direct relevance to this report, Stratcom operations in the south and the Balkans focus more on building local capacities to resist digital distortions to democratic processes and disinformation, in particular, than they have done in the east362 .
4.5.2 Cyber funding
In recent years, the EU put in place a large number of initiatives in the realm of cybersecurity. While these are designed to protect the EU’s security from outside influence operations, a number of the new initiatives in this field have taken on at least some elements related to digital repression in third countries. An initial EU Cybersecurity Strategy in 2013 was designed mainly to draw together the large number of fragmented areas of cybersecurity work in the EU, and better connect these to foreign policy. The Cybersecurity Emergency Response Team initiative was one of the largest projects funded under PESCO, while the European Cybersecurity Research and Competence Centre also gained influence. In 2017, the EU introduced the Cyber Diplomacy Toolbox. The issue was ostensibly mainstreamed into core defence policy through the 2014 Cyber Defence Policy Framework; this was updated and significantly expanded in 2018. Overall EU spending on cybersecurity increased exponentially, equating to billions by the end of the 2010s363 .
The EU Agency for Network Information Security (ENISA) morphed into a more institutionalised Agency for Cybersecurity, gaining powers and resources. In 2019, its budget doubled from around EUR 10 million to over EUR 20 million per year. The EU agreed a framework for a Joint EU Diplomatic Response to Malicious Cyber Activities. By 2019, cybersecurity accounted for half the workload of the Security Union364. The EU introduced cybersecurity dialogues into all of its main strategic partnerships and, in 2018, the High Representative convened a Global Tech Panel to examine the geostrategic implications of digital technology.
362 Interview with representatives of EU institution, 27 November 2020. 363 European Court of Auditors, ‘Challenges to effective EU cybersecurity policy’, Briefing paper, 2019. 364 C. Mortera-Martinez, ‘The EU’s security union: a bill of health’, CER, London, 21 June 2019. p.6.
