Inspiring People. Shaping the Future.
WASHINGTON, DC 1101 New York Avenue, NW Suite 901 Washington, DC 20005 USA Contact: Tyson Barker Contact: Tyson E-mail: tyson.barker@bertelsmanntyson.barker@bertelsmann- foundation.org Tel: (+1) 202.384.1993 Tel: www.bertelsmann-foundation.org
BRUSSELS Résidence Palace Rue de la Loi 155 1040 Brussels, Belgium Contact: Thomas Fischer Contact: Thomas E-mail: E-mail: thomas.fischer@bertelsmannthomas.fischer@bertelsmann- stiftung.de Tel: (+32 2) 280.2830 Tel: www.bertelsmann-stiftung.de/brussels www.bertelsmann-stiftung.de/brussels
EuroWire is a joint publication of the Bertelsmann Foundation offices in Washington, DC and Brussels. It connects Capitol Hill to European Union policy and politics and contributes to a common trans-Atlantic political culture. EuroWire is an occasional publication that highlights issues, legislation and policymakers relevant to the Congressional legislative cycle. This publication looks at the European Union from the point of view of Capitol Hill staffers and offers timely operational analysis.
The Growing Pains in EU Cyber Security Policy KEY POINTS • The EU has been slow to put together a comprehensive approach to cyber security. The Commission and ENISA are the chief interlocutors for cyber policy and work closely with European member-states. • Within the EU, the big three member-states (France, Germany and the UK) have begun to establish national cyber security doctrines in the face of mounting threats. • US President Barack Obama and EU President José Manuel Barroso announced the creation of a working group on cyber security at the US-EU Summit in Lisbon in November 2010.
binding agreement on cyber security issues, by all 27 member-states has been slow. Eight member-states (Austria, the Czech Republic, Greece, Ireland, Luxembourg, Malta, Sweden and Poland) have been reluctant to sign due to concerns about data protection and privacy, among other issues.
The EU is laboriously attempting to stitch together a holistic approach to cyber security to address these challenges. But despite the interconnectedness of European critical information infrastructure (CII) and the increasing sophistication of attacks, the common issues faced by member-states have yet to lead to a unified approach.
The Commission has nevertheless taken some tangible steps forward to craft a panEuropean policy. Charged with leading that effort, Home Affairs Commissioner Cecilia Malmström and Digital Agenda Commissioner Neelie Kroes are pasting together an EU strategy. In addition, the Commission in 2010 implemented a Digital Agenda for Europe that includes actions to improve Europe’s capability to prevent, detect and respond to network and information-security problems. In
Ratification of the 2001 Budapest Convention
on cyber crime, the only internationally
accordance with the agenda, Kroes’ team established in June 2011 the first fullscale computer emergency response pre-configuration team (CERT) for EU institutions. The European Network and Information Security Agency (ENISA), created in 2004 under EC Directive No. 460/2004 as an advisory body for member-states and EU institutions on network and informationsecurity issues, has rapidly established itself as an actor in the European cyber security community. ENISA saw its mandate extended by the Council after overseeing in November 2010 the coordination of the first pan-European cyber security exercises. But the agency has come under criticism for its location on Crete, a distant 1,500 miles (2,500 kilometers) from Brussels, making it hard to attract qualified IT personnel. With a
ABOUT THE BERTELSMANN FOUNDATION: The Bertelsmann Foundation is a private, nonpartisan operating foundation, working to promote and strengthen trans-Atlantic cooperation. Serving as a platform for open dialogue among key stakeholders, the Foundation develops practical policy recommendations on issues central to successful development of both sides of the ocean. ©Copyright rights reserved. reserved. ©Copyright 2011, 2010,Bertelsmann Bertelsmann Foundation. All rights
J U LY 2 0 1 1
From the 2007 wave of distributed denial of service (DDoS) attacks to hit Estonia to the 2008 Russian cyber attacks on Georgia during the brief South Ossetian war, Europe has become a primary theatre for cyber warfare. It has also emerged as a primary target of e-espionage, cyber crime, fraud, and “hacktivism”.