ISSN 2192-6921
Independent Review on European Security and Defence − A product of ProPress Publishing Group
Volume N° 27
Cybersecurity We need to establish a proactive and responsible culture of cybersecurity across the Europen Union to protect our societies and economies from criminal cyberattacks
Malta’s efforts to resolve the refugee crisis
Galileo: Public service of general interest in the EU
Dr George Vella, Minister of Foreign Affairs of Malta, Valetta
Monika Hohlmeier MEP, European Parliament, Brussels/Strasbourg
www.magazine-the-european.com A magazine of the Behörden Spiegel Group
Edition 1/2017
Editorial
Cyberwar is already a reality!
The cyberworld is neither good nor bad. Neither are the people who create algorithms and artificial intelligence. All manner of limits can be imposed on their activities and it is therefore difficult to imagine that individuals who master the Internet can wield so much influence that they can decisively influence democratic action, human existence and the exercise of social responsibility. On the plus side, the digital world can give impetus to growth, be a factor for economic and social progress and prosperity and thereby for peace. Used properly it can be a tool for peace and security. But in the wrong hands it can be used to propagate violence. If digitalisation is not properly regulated it can exacerbate inequality. This revolutionary technology thus also constitutes a potential threat to freedom and democratic values. The Internet is becoming a political weapon. It can be used to ride the wave of populism in order to win over and destabilise broad swathes of the population, even influencing election results and upsetting the deli-
Impressum The European − Security and Defence Union ProPress Publishing Group Bonn/Berlin
Headquarters Berlin: Kaskelstr. 41, D-10317 Berlin Phone: +49/30/557 412-0, Fax: +49/30/557 412-33 Brussels Office: Hartmut Bühl Phone/Fax: +33/684806655 E-Mail: hartmut.buehl@orange.fr Bonn Office: Friedrich-Ebert-Allee 57, D-53113 Bonn Phone: +49/228/970 97-0, Fax: +49/228/970 97-75 Advertisement Office Bonn: Sarah Schröter Phone: +49/228/970 97-28 E-Mail: advertisement@euro-defence.eu
cate democratic balance. This cannot go unchallenged. If we are to durably protect and develop our freedom and sovereignty we must give serious thought to the range of different threats facing us in the digital world and adopt countermeasures in order to be able to respond immediately to cyberthreats and maintain control of the Internet.
Photo: © Hofmann, Adelsheim
The digital revolution is marked by its speed and diversity. It took only two decades for the internet to reach half of the world’s population. Yet only a few people – with very different objectives – fully master it. Control of data is thus beginning to become a determining factor in our political, social and economic lives. All sectors of knowledge and activity have entered the digital era. Artificial intelligence has robbed man of his place in the “hierarchy”: instead of being the master of technology he now faces the risk of losing control of his art.
Hartmut Bühl
So what is to be done? Firstly, we need to strengthen our democratic institutions, ensure the transparency of political action and teach people the proper skills for dealing with the Internet and the new media. Secondly, we must make ourselves less vulnerable by bolstering our defences against cyberattacks. We must be unfailing in our efforts to do so. We must give top priority to infrastructure protection, bring our cyberdefence structures up to a maximum level of efficiency and encourage industry to innovate. But political action is also required in order to find allies from all over the world to join us in our cybercombat. Common defences make it much less easy to engage in the cyberattacks that can paralyse infrastructure, drastically disrupting a country and peoples’ lives.
Publisher and Editor-in-Chief: Hartmut Bühl, Brussels Deputy Editor-in-Chief: Nannette Cazaubon, Paris; E-Mail: nannette.b@gmx.net Publishing House: ProPress Verlagsgesellschaft mbH President ProPress Publishing Group: R. Uwe Proll Layout: SpreeService- und Beratungsgesellschaft mbH, Berlin Print: Heider Druck GmbH, Bergisch Gladbach The European − Security and Defence Union Magazine is published by the ProPress Publishing Group. The ProPress Publishing Group is the organizer of the congress on European Security and Defence (Berlin Security Conference), the European Police Congress and the European Congress on Disaster Management. For further information about the magazine and the congresses please visit www.magazine-the-european.com Subscription: This magazine is published in Brussels and Berlin. The copy price is 16 Euro: 3 copies for one year: 42 Euro (EU subscription) 3 copies for one year: 66 Euro (International subscription) including postage and dispatch (3 issues) © 2017 by ProPress Publishing Group Bonn/Berlin A magazine of the Behörden Spiegel Group
3
THE EUROPEAN – SECURITY AND DEFENCE UNION
THE EUROPEAN – SECURITY AND DEFENCE UNION Vol No 27
MAIN TOPIC:
Cybersecurity
Content
21–50
3 Editorial 6 NEWS: 60 years of the Rome Treaties
New rules for the digital world
22 Arne Schönbohm, Berlin
8–20 In the Spotlight 8
10
12
13
14
Dr George Vella, Valetta Malta’s efforts to resolve the refugee crisis Moving forward after the Malta Declaration Gerald Knaus, Berlin Ex meridie lux – a Malta Plan for the Mediterranean The EU needs a credible border and asylum policy Guest Commentary: Jean-Dominique Giuliani, Paris Europa first!
19
No successful digitalisation without cybersecurity National efforts and the preparedness to cooperate
24
Roberto Viola, Brussels The EU’s efforts to protect the digital society and economy The Union needs to review its Cybersecurity Strategy
26
29
34
Commentary: Hartmut Bühl, Brussels 29 March 2017 – beginning of the end of the UK?
Julian King, Brussels Europe needs an effective and sustainable Security Union The new dimension of cyberthreats
16 Michael Gahler MEP, Esteban González Pons MEP, Brussels/Strasbourg Making the EU fit for defence tasks Unleash the potential of the Lisbon Treaty 18
Jacques Favin-Lévêque, Versailles European defence – time to leave hesitations behind One swallow does not a summer make
36
38
40
Andreas Schwab MEP, Brussels/Strasbourg The NIS Directive – a European approach to cyber security risks To go beyond national solutions Rob Wainwright, The Hague A European strategy to counter cybercrime New possibilities to forge effective synergies Koen Gijsbers, Brussels Strength in partnership Recognise cyber as an operational domain Peter Round, Bedale Cooperation in cyber is a must Think integrated cyber Andy Francis Stirnal, Berlin Time for demand-driven supply of cyber innovation Strategic cyber research priorities Christoph Erdmann, Düsseldorf Telecommunications need protection The crucial need for tighter security
Rachel Suissa, Haifa Brexit – rethinking the European Neighbourhood Policy How Brexit will influence the CSDP
Photos (cover): © mopic, Fotolia.com; Ministry for Foreign Affairs of Malta (left); Fred Marvaux, European Union 2017 Audiovisual Service (right); page 4: Juan F.
4
Content
51–60 Third Dimension How to heal Europe’s operational blindness 42
44
47
Markus A. Zoller, Thun Challenges in international security Interdisciplinary solutions are required Peter Martini, Bonn Cyberwar – will it take place? Resilience is not sufficient Interview with Florian Lindemann, Berlin Cybersecurity preparedness – an educational approach Ensure a sufficient level of IT security
52
54
56
58
Monika Hohlmeier MEP Galileo: Public service of general interest in the EU Turn ambitions to concrete outcomes Karim Michel Sabbagh, Luxembourg Satellite communications for security and defence solutions Rapid connectivity, agility, security Bernd Kreienbaum, Bonn Are Europe’s space defence ambitions on the rise? More autonomous and coherent capabilities
Jim Edge, Brussels NATO Alliance Ground Surveillance (AGS) AGS is a force multiplier
61
Authors 2016
“The European − Security and Defence Union” is the winner of the 2011 European Award for Citizenship, Security and Defence Segal, CC BY 2.0, Flickr.com; page 5: ESA-P, Carril, esa.int
5
THE EUROPEAN – SECURITY AND DEFENCE UNION
NEWS
60 years of the Rome Treaties – time to take stock
EU leaders posing with Pope Francis in front of Michelangelo’s “Last Judgement” in the Vatican’s Sistine Chapel, Rome, 24 March 2017
On the eve of the celebration of the Rome Treaties’ 60th anniversary, EU leaders gathering in the Italian capital had an audience with Pope Francis in the Vatican’s Sala Regia. The Holy Father started his address with a rather pessimistic view on the current state of the European Union: “The world has changed greatly in the last sixty years. If the founding fathers, after surviving a devastating conflict, were inspired by the hope of a better future and were determined to pursue it by avoiding the rise of new conflicts, our time is dominated more by the concept of crisis. There is the economic crisis that has marked the past decade; there is the crisis of the family and of established social models; there is a widespread ‘crisis of institutions’ and the migration crisis. So many crises that generate fear and profound confusion in our contemporaries, who look for a new way of envisioning the future.” But Pope Francis also gave solace by stating that the term crisis “is not necessarily negative. It does not simply indicate a painful moment to be endured. The word “crisis” has its origin in the Greek verb kríno, which means to discern, to weigh, to assess. Ours is a time of discernment, one that invites us to determine what is essential and to build on it. It is a time of challenge and opportunity.” Four days before the British government was to trigger negotiations to exit the Union, the 60th anniversary was indeed the occasion to conjure up unity to face this time of challenges. During the audience in the Vatican, the President of the European Parliament, Antonio Tajani, said: “We can defeat terrorism, solve the problem of immigration and banish the lingering economic crisis, with the scourge of youth unemployment, only if we are able to rediscover and appreciate the reasons that brought us together.” At the end of the audience in the Vatican, Pope Francis convened
6
photo: © European Union , 2017, Source: EC – Audiovisual Service
the EU Leaders for a family picture in the Sistine Chapel – in front of Michelangelo’s “Last Judgment”. In his speech on the next day’s official anniversary ceremony in the Orazi and Curiazi Hall of the Capitol, the same venue as in 1957, Jean-Claude Juncker also evoked the spirit of the founding fathers. The Commission President said: “It is now exactly 60 years ago that the Treaties of Rome – signed in this very room – sealed our Union forevermore. It is a Union that rose from the ashes of two world wars, shaped by the hands and by the iron will of those who had returned from battlefields and concentration camps only a few years earlier. It is they – this war generation of our fathers and grandfa-
Jean-Claude Juncker signing the Rome Declaration with a historic pen, Rome, 25 March 2017 photo: © European Union , 2017, Source: EC–Audiovisual Service
NEWS
thers – who turned the cry of ‘never again war’ into an ambitious political project that has changed our lives for the better from that day onwards.” And he added: “We – the humble heirs to these great ones – are gathered once again in this very same room. We do so to solemnly renew our vows and reaffirm our commitment to our undivided and indivisible Union. But we do so not out of nostalgia. We do so because only by staying united can we rise to the challenges we can face together.”
“And so tell me: why should we lose our trust in the purpose of unity today? Is it only because it has become our reality? Or because we have become bored or tired of it?”
Mr Juncker, who recently outlined a Whitepaper on the future of the European Union*, underlined his reverence to the past with a symbolic gesture when he was signing the joint Rome Declaration. The pen he drew out of his pocket with a smile was used in 1957 by the Luxembourg delegate in Rome when six founding fathers approved the treaty, as Mr Juncker later tweeted. Also Donald Tusk, President of the European Council, highlighted the courage of the founding fathers: “At that time they did not discuss multiple speeds, they did not devise exits, but despite all the tragic circumstances of the recent history, they placed all their faith in the unity of Europe. They had the courage of Columbus to enter unchartered waters, to discover the New World”, Tusk said… …before asking a question that deserves reflection:
UK Prime Minister Theresa May’s official “farewell letter” to the European Union
Source: European Council
> Web White Paper on the Future of Europe: https://tinyurl.com/ krcd6yw by Nannette Cazaubon, Deputy Editor-in-Chief, The European – Security and Defence Union, Paris
documentation
Rome Declaration (Excerpt:)
“In these times of change, and aware of the
3. A social Europe: a Union which, based on
concerns of our citizens, we commit to the
sustainable growth, promotes economic
Rome Agenda, and pledge to work towards:
and social progress as well as cohesion
1. A safe and secure Europe: a Union where
and convergence, while upholding the
all citizens feel safe and can move freely,
integrity of the internal market; a Union
where our external borders are secured,
taking into account the diversity of na-
with an efficient, responsible and sustain-
tional systems and the key role of social
able migration policy, respecting interna-
partners; a Union which promotes equal-
tional norms; a Europe determined to fight
ity between women and men as well as
Donald Tusk, President of the European
terrorism and organised crime.
rights and equal opportunities for all; a
Council, speaking at the Rome Summit, 25
2. A prosperous and sustainable Europe: a
Union which fights unemployment, dis-
March 2017
Union which creates growth and jobs; a
crimination, social exclusion and poverty;
Union where a strong, connected and de-
a Union where young people receive the
veloping Single Market, embracing tech-
best education and training and can study
industry; a Union committed to strength-
nological transformation, and a stable and
and find jobs across the continent; a Union
ening its common security and defence,
further strengthened single currency open
which preserves our cultural heritage and
also in cooperation and complementarity
avenues for growth, cohesion, competitive-
promotes cultural diversity.
with the North Atlantic Treaty Organisa-
photo: © EU, 2017, Source: EC–Audiovisual Service
ness, innovation and exchange, especially
4. A stronger Europe on the global scene: a
tion, taking into account national circum-
for small and medium-sized enterprises; a
Union further developing existing partner-
stances and legal commitments; a Union
Union promoting sustained and sustaina-
ships, building new ones and promoting
engaged in the United Nations and stand-
ble growth, through investment, structural
stability and prosperity in its immediate
ing for a rules-based multilateral system,
reforms and working towards completing
neighbourhood to the east and south, but
proud of its values and protective of its
the Economic and Monetary Union; a Un-
also in the Middle East and across Africa
people, promoting free and fair trade and
ion where economies converge; a Union
and globally; a Union ready to take more
where energy is secure and affordable and
responsibilities and to assist in creating a
> Web Rome declaration: https://tinyurl.
the environment clean and safe.
more competitive and integrated defence
com/lt8kdh3
a positive global climate policy.”
7
THE EUROPEAN – SECURITY AND DEFENCE UNION
In the Spotlight
+++ Maltese Presidency of the EU+++
Effective and fair immigration management is key for the Maltese Presidency of the EU
Malta’s efforts to resolve the refugee crisis by Dr George Vella, Minister of Foreign Affairs of Malta, Valetta
The year 2016 saw the highest rate of migrant deaths at sea along the Central Mediterranean route since 2013. Regretfully, Malta is very much aware of the human tragedy behind these statistics. We have for decades now been exposed to the phenomenon of irregular migration, primarily from sub-Saharan countries of origin through North African transit countries, most notably Libya.
Dr George Vella was re-appointed Minister of Foreign Affairs in 2013. Born in 1942 at Zejtun, he graduated in medicine at the University of Malta in 1964. Dr Vella started his parliamentary career within the La-
Malta’s experience The first years of the 21st century brought with them unprecedented pressures on the Maltese infrastructure due to soaring figures of migrant arrivals by boat. By way of illustration of the burden that Malta was exposed to for years on end, if one considers area, population and GDP, the arrival to Malta in any given year of 1,000 immigrants in those years would have been equivalent to more than half a million in Germany and Sweden. Suffice it to point out that in 2008 alone, close to 3,000 migrant arrivals by boat were registered in Malta. We did not remain silent in the face of this scenario, and in close cooperation with a number of other EU Southern Member States that were encountering the same difficulties, we tried very hard to bring these realities to the fore of the agenda of the European Union. The response was unfortunately quite a lukewarm once and repeated calls for joint action and, above all, solidarity and burden-sharing were given the proverbial cold shoulder.
The EU’s responsibility to act The flare-up of migratory pressures on what became known as the Western Balkan route and the drowning of several hundred migrants off the Libyan coast in April 2015 sensitised the Union and individual Member States to the seriousness and complexity of migration and to its immediate impact on Europe itself.
“ 8
Photo: Ministry for Foreign Affairs of Malta
bour Party in 1978. He was subsequently elected Member of Parliament at the general elections held in 1981, 1992,
1996, 1998, 2003, 2008 and 2013. Dr Vella was appointed Deputy Prime Minister and Minister for Foreign Affairs and Environment in October 1996, a position which he kept up to the 1998 general elections. During his career, he held several representative positions within and towards the Council of Europe and the European Parliament and led many delegations abroad.
The international community was brought face-to-face with the responsibility to act and Malta immediately took the cue. We took centre stage in revisiting the staggered and rather random take with which migration was addressed for years and called for a holistic approach based on addressing root causes, protecting displaced persons, the nexus between development and migration and, above all, a sense of partnership with African countries.
Developments since the Valetta Action Plan The resulting Valletta Summit that took place in November 2015 was a landmark on this front. There have since been several key developments and the progress made on the implementation aspects of the Joint Valletta Action Plan has been encouraging. A regenerated political momentum took shape and yielded hands-on action. The outcomes of the 2015 Summit were in fact duly assessed and further reinforced during a Senior Officials Meeting that Malta once again hosted on 8-9 February of this year. Dr George Vella Malta continued to focus its attention on the external dimension of migration and in particular fully supported the EU’s Part-
It is unrealistic to harbour the illusion that the solution to illegal migration is anywhere within immediate reach. The key to its effective and fair management however is attainable.”
+++ Maltese Presidency of the EU +++
“Family picture” at the informal meeting of EU heads of state or government, 3 February 2017, Valetta (Malta)
nership Framework, which builds on the Valletta Summit itself, and which led to the five pilot Compacts with crucial actors like Ethiopia, Mali, Niger, Nigeria and Senegal. This results-oriented drive has mobilised Malta’s migration policy, as President of the Council of the European Union for the first six months of this year.
The Malta Declaration No time was wasted and, on 3 February 2017, Malta hosted another Summit, this time for EU heads of state and government, which resulted in the adoption of the Malta Declaration. This document alone will certainly not resolve the intricate combination of factors encountered on the Central Mediterranean migration route, but it is another fundamental step in the right direction. The Declaration places Libya in the right focus if we are to witness a long-term solution to the issue. It is very important that we look at and resort to available tools to deliver consistent and clear messages on migration. The recently launched EU Global Strategy is a further mechanism through which the Union can very effectively concretise its vision on migration. The comprehensive approach which features development, diplomacy, mobility, legal migration, border management, readmission and return and cooperation with specialised UN agencies is very close to Malta’s own stance.
European Union/Maltese Presidency 2017
illusion that the solution to illegal migration is anywhere within immediate reach. The key to its effective and fair management however is attainable. It is towards this goal that Malta will continue to work assiduously in the months and years to come.
documentation
Malta Declaration In their declaration adopted at the informal meeting in Malta on 3 February 2017, EU leaders focused on measures to reduce migratory flows along the Central Mediterranean route. Priority is given to the work with Libya as the main country of departure as well as with its North African and sub-Saharan neighbours. Main measures mentioned in the declaration are: • training, equipping and supporting the Libyan national coast guard and other relevant agencies • further efforts to disrupt the business model of smugglers through enhanced operational action by involving Libya and relevant international partners • improving the socio-economic situation of local communities in Libya, especially in coastal areas and at Libyan land borders on the migratory routes • seeking to ensure adequate reception capacities and conditions in
Migration is here to stay Over the last few years, I have repeatedly made the point that migration is here to stay. The hardship conditions and other root causes that give rise to both the desire and the compulsion to migrate, uproot oneself and literally risk one’s life to secure better prospects for oneself and one’s family will not be disappearing anytime soon. It is unrealistic to harbour the
Libya for migrants, together with the UNHCR and IOM (International Organization for Migration) • supporting IOM in stepping up voluntary return activities • enhancing information campaigns aimed at migrants > Web Malta Declaration: http://tinyurl.com/hpot2sq
9
THE EUROPEAN – SECURITY AND DEFENCE UNION
In the Spotlight
+++ Migration +++
A humane and effective European border and asylum policy is possible
Ex meridie lux – a Malta Plan for the Mediterranean by Gerald Knaus, Founder and Chairman of the European Stability Initiative (ESI), Berlin*
The European Union urgently needs a credible policy on asylum and border management. It must combine effective control of its external sea borders with respect for existing international and EU refugee law. It must respect the fundamental ethical norm of the rule of rescue, not to push individuals in need into danger, which is at the heart of the UN Refugee Convention (and its key article 33 on no push-backs or non-refoulement). Such a policy must deter irregular migration while treating asylum seekers respectfully.
What to learn from the EU-Turkey agreement The current EU Presidency (Malta), supported by the countries which suffer most from the status quo (Greece and Italy) as well as countries where broad publics still support the goal of a humane asylum policy, such as Germany and Sweden, should build consensus for a concrete proposal before this summer. A new system should replace the current Dublin procedures whose reform is currently debated in the EU with little prospect for a successful outcome. What the EU needs instead is a Malta Plan for the Mediterranean: effective, humane, and politically acceptable to majorities in key countries. One year ago, the EU-Turkey agreement laid the basis for
diffusing the refugee crisis in the Aegean. Its lessons need to be applied to African migrants arriving by sea in Italy. This agreement has had a dramatic and immediate impact on refugee movements in the Eastern Mediterranean. Crossings in the Aegean Sea fell from 115,000 in the first two months of the year 2016 to 3,300 in June and July. The number of people who drowned in the Aegean fell from 366 people in the first three months of the year to seven between May and July 2016. This was achieved without pushing refugees to more dangerous routes. There have not been any mass expulsions from Greece either. In fact, more people had been sent back from Greece to Turkey in the three months preceding the agreement (967) than in the twelve months since it was concluded (918).
Australia for sure is not a model
This stands in stark contrast to the situation off the coast of North Africa. Here the EU has no credible strategy. The status quo is unacceptable from a humanitarian point of view: in 2016 an unprecedented number of people (some 4,500) drowned in the Central Mediterranean. The situation is politically explosive, lending ammunition to those across Europe who argue that the only way to control migration is by abolishing the Schengen open borders regime, or by looking to Australia for inspiration. The Australian government puts everyone who arrives via the sea in camps on the Pacific island of Gerald Knaus Nauru or on Manus Island in Papua New Guinis ESI’s founding chairman. He spent five years working for ea. Asylum seekers held in Nauru in recent NGOs and international organisations in Bulgaria and Bosnia years have been forced to wait many years for and Herzegovina. From 2001 to 2004, he was the director of their applications to be decided. Conditions the Lessons Learned Unit of the EU Pillar of the UN Mission in of detention are intentionally harsh to deter Kosovo. further arrivals. And once asylum is granted, In 2011, he co-authored, alongside Rory Stewart, the book Photo: private it remains unclear where refugees might “Can Intervention Work?” He has also co-authored more than go. The European far-right has long praised 80 ESI reports as well as scripts for 12 TV documentaries on a model whereby anyone reaching the EU south-eastern Europe. He is a founding member of the European Council on Foreign by sea should simply be denied the right to Relations and for five years he was an Associate Fellow at the Carr Center for Human apply for asylum and be returned to North Rights Policy at Harvard University’s Kennedy School, where he was a Visiting Fellow Africa. in 2010/2011 lecturing on state building and intervention. In fact, as a policy for the Central MediterTwitter; @rumeliobserver. ranean this is a fantasy. Taken together Nauru and Manus island have never hosted more than 2,500 people at any given time,
10
+++ Migration +++
under inhumane conditions, and with no clear sense of what should happen to those whose asylum claims are eventually recognized as valid after many years of unnecessary delay. The notion that the EU might outsource the detention of tens of thousands of asylum seekers to camps across North Africa for long periods under similar conditions is a recipe for failure, logistically impossible, already rejected by governments in the region, and inhumane.
The impact of the Malta Plan
However, a humane and effective border and asylum policy is possible, and it does not involve emulating the Australian model. Greece and Italy should call on the EU immediately to send seriously organised European asylum missions that should be able to take binding decisions on asylum claims. The key lies in quickly processing asylum applications of anyone who arrives. Both of these tasks should become European responsibilities. This would require provisions that any decision taken by such missions could be suspended by a chief Greek or Italian legal officer – a sovereignty clause. All those who are given protection should then be relocated across the EU, without delay. This would require that there is an EU asylum mission in Italy able to process all claims within weeks. Developing the ability for EU Asylum Missions to deal with claims within four weeks, while ensuring the quality of decisions through quality control mechanisms and trained staff, backed up by competent interpreters and with available legal aid, should be the top priority for the EU in the coming weeks. This is above all else a matter of resources and competent management.
What would be the impact of such a policy on arrivals? They would almost certainly fall sharply. Nigerians were the largest group of arrivals in Italy in 2016, and the majority would be unlikely to risk their lives crossing the deadly Sahara, unstable Libya and the Central Mediterranean and spending thousands of Euros on smugglers when the probability of being returned to Nigeria within four weeks of arrival in Italy is almost 70 percent. Quick decisions and rapid readmission based on Takeback Agreements with countries of origin would bring down sharply the number of people who stay in the EU after their applications are rejected. The number of irregular arrivals will become manageable – with less business for smugglers and far fewer deaths at sea. Such a system would also address the many implementation problems that persist with the EU-Turkey agreement. In the past year conditions on the Greek Aegean islands where asylum seekers have landed have been shameful for the EU. The Greek asylum service has been overwhelmed by the challenges it faces, both on the mainland and in the Aegean, deciding fewer than 1,000 asylum claims per month. No serious effort has been made to address legitimate questions whether and how Turkey can demonstrate that it is truly a safe third country for those who might be returned there from the Greek islands. And instead of sending a signal that rhetoric about alternative, safe and legal ways to the EU for Syrian refugees is serious, less than 3,000 refugees have been resettled from Turkey to EU member states since April 2016. Greece too requires a serious and long-term European engagement.
Specific “take back” agreements
Replace the ineffective Dublin system
Those whose claims are rejected should be returned quickly to their countries of origin. Here too one can learn from the EU-Turkey agreement. African countries are understandably suspicious of readmission agreements under which they would have to take back an unlimited number of their citizens who arrived in the EU in the past. Ensuring that Nigeria, Senegal and other countries take back their nationals who do not qualify for protection after an agreed date should be the chief priority in talks between the EU and African countries of origin – similar to the commitment Turkey made to take back without delay people who arrive in Greece after 20 March 2016. There is a need for specific “take back” agreements between the EU and African countries of origin which focus only on those who arrive in Italy after these agreements enter into force. This would have no impact on current remittance flows from nationals of these countries to their families. In addition the EU should offer these countries concrete benefits, from scholarships to visa facilitation and schemes for regular work migration. EU member states should also support UNHCR to resettle identified refugees from these countries to the EU directly. This would offer safe and legal ways, both for those in need of protection and for some who are looking to migrate.
A Valletta system, based on EU asylum missions in border states, should replace the current Dublin system, which never actually worked even before the recent crisis. To implement this Malta Plan in the first year the EU should appoint a high-level special representative, a former prime minister or foreign minister, perhaps based in Rome. The immediate aim should be to reduce the number of all irregular arrivals by sea to below 80,000, a manageable number for an EU of over 500 million people. It is realistic, close to the average number of arrivals in the years 2009-2014. A humane and effective policy is possible, but there is no time to lose. Every week that passes the death toll in the Mediterranean is rising. Malta, Italy and Greece should put such a proposal on the table soon. It would not be the first time in history that Mediterranean countries show the rest of the continent the way forward.
An effective and humane policy is possible
> Web More on the ESI Malta Plan, presented to governments across Europe in recent weeks: www.esiweb.org/refugees
* In collaboration with Katharina Knaus, Senior Analyst at ESI, Berlin
11
THE EUROPEAN – SECURITY AND DEFENCE UNION
In the Spotlight
+++ Global Policy +++
GUEST Commentary
Europa first!
by Jean-Dominique Giuliani, Chairman, Robert Schuman Foundation, Paris
For a long time now there have been numerous calls for the European Union to assert itself as a powerful entity on the international stage. The latter is rapidly changing and Europe does not carry the weight it should. The new strategic and political context demands that Europe make this a top priority. Its security, its economy and its political balance are at stake.
Defence: a European treaty The argument is that the European Union, with its divisions and due to its history, competences and treaties, is incapable of meeting today’s rapidly increasing security challenges. A strong diplomacy, to be credible, requires a strong military apparatus. Lasting peace can only prevail if there is a will to fight to maintain or impose it. However, only a few Member States seem to share this vision and have the capacity for military action. Most states rely on the alliance with the United States provided through NATO. With BREXIT and the American election it has become clear that an alliance, however strong and useful, is no substitute for the independent thinking that is the foundation for self-reliance. A European defence treaty is needed in order to rebuild a genuine collective security with objectives, means and a strategy. The matter is so urgent that it makes no sense to insist on waiting for the finalisation of community instruments that will only work, at best, after total political union has been attained. It is vital, as of now, to generate the necessary political will and the requisite capabilities.
Economy: open to the world The same reasoning applies to the economy. Europe is a continent whose power by far exceeds its demographic strength and geographic size. It has no other option than to be open to the rest of the world. It must be strong enough to keep at bay the nationalistic and isolationist tendencies that are emerging all over. It can only do this by being an autonomous and efficient entity able to live up to its peoples’ expectations. This is why it needs to rethink its competition and trade policies, to intro-
12
duce more free trade, reciprocity and European preferences. Its single currency is a great asset; it boasts race-winning trading skills that could be used as weapons at the service of a policy.
Immigration: a common EU policy As for the issue of migration, which is not about to go away any time soon, it raises many identity-related, economic and social questions to which Member States on their own no longer have the answers. A practical solution might be for some of them to take the lead within a trailblazing group that would draw up a common asylum policy in keeping with our values, together with an adapted economic migration policy – one that takes on board, in other words, the differing needs of the Member States.
European integration: at a turning-point To move forward in the three vital areas of European integration, security, the economy and immigration, Europeans can now have common institutions that they can rely on in order to facilitate cooperation. Mr Juncker’s “turning-point” is a reality. It is a conscious political decision. However, this does not absolve the heads of state and government of their responsibilities. It is up to them to show the way. Integration should no longer be brought about by legislating, but by example. Some could set an example for others whilst remaining open to any other states wishing to join. They are being asked, as it were, instead of showing their usual indifference to the process of European integration and engaging in their all-too easy and not very courageous criticism of common policies, to seize the political initiative, to wield their decision-making powers and in turn to proclaim loud and clear: “Europa first!”
The Robert Schuman Foundation published in March 2017 its State of the Union Report 2017. The publication is available via the foundations’ website: www.robert-schuman.eu
+++ EU after Brexit+++ Commentary
29 March 2017 – beginning of the end of the United Kingdom? by Hartmut Bühl, Brussels
With the triggering on 29 March 2017 of the British application to exit the European Union, for the first time in the EU’s existence a state will be leaving the Union. This decision by the London Government, feared since the British referendum in June 2016, but which it was hoped would not come about, will transform the European political landscape and be a critical test for the United Kingdom of Great Britain and Northern Ireland. Theresa May, a perfectly “normal” minister in David Cameron’s cabinet, did not give the impression in the run-up to the referendum of being pro-Brexit. But with the power vacuum that arose in the Conservative party following the Brexit vote, she leapt in to fill the gap, positioning herself as the Prime Minister who would follow the will of the people. Brexit was supposed to take place quickly and cheaply and open new doors towards independence for the UK Government. A partnership with the EU would, she claimed, lead to a win-win situation for both.
But the country remains divided and the United Kingdom’s component nations, above all Scotland, are in turmoil. Brexit is making the Scots rebellious. First Minister of Scotland Nicola Sturgeon wants to keep her country in the EU and is calling for a second referendum on Scottish independence that Theresa May will doubtless be helpless to prevent. Northern Ireland is about to take the leap and why not also Wales, if Brexit has negative economic consequences, which it must be feared will be the case. Stormy times lie ahead. The Brexit legislation was adopted amazingly clearly by both Houses of Parliament, paving the way for Theresa May to trigger the exit procedure on 29 March 2017 under Article 50 of the EU Treaty. Theresa May will go down in history. Will it be as the Prime Minister who ushered in the process of disintegration of the United Kingdom of Great Britain and Northern Ireland?
Signing of the Treaty of Accession 1972 by the United Kingdom. (From left to right:) Sir Alex Douglas-Home, Secretary of State for Foreign and Commonwealth Affairs, Edward Heath, British Prime Minister, and Geoffrey Rippon, Chancellor of the Duchy of Lancaster in charge of the Accession Negotiations to the EC
photo: © EC, audiovisual service
“
Our intention is to reach an agreement in the negotiations. We will be firm, we will be friendly, but we will never be naive.”
Michel Barnier, EU Chief Negotiator for the Preparation and Conduct of the Negotiations with the United Kingdom, during the plenary session of the European Committee of the Regions, Brussels, 22 March 2017
> Web Read Mr Barnier’s full speech: http://europa.eu/rapid/press-release_SPEECH-17-723_en.htm
13
THE EUROPEAN – SECURITY AND DEFENCE UNION
In the Spotlight
+++ Security +++
The Union needs to plan for the future, because cyberthreats are not going to go away
Europe needs an effective and sustainable Security Union
by Sir Julian King, Commissioner for the Security Union, DG Migration and Home Affairs, European Commission, Brussels
The threats we face from terrorism, radicalisation, and organised crime are in flux. But there is a virtual threat with real consequences that is growing in strength, in impact and in prevalence. Cyberattacks, cybersecurity and cyberresilience are issues that have leapt from the shadows to the foreground of national, European and global security.
A new dimension of cyberthreats It is the scale and diversity of cyberthreats that is something new – a new normal to which we must adapt. The perpetrators are not just criminals – using ransomware, malware and phishing – driven by a profit motive; but others who see cyber as a valuable and deniable weapon. As Eric Schmidt and Jarad Cohen noted recently ”in future all wars will begin as cyberwars”. Half of all companies in Europe have experienced at least one cybersecurity incident. Globally, the cost to society of cyberattacks and cyberhacking in 2015 has been estimated to be around $315 billion. A capacity for cyber to be used to manipulate democratic processes should be a primary concern for us, in a year with so many important European elections. Our first line of defence is to shine a light on these activities – because those who commit them want to stay in the shadows. In the Commission, we saw an increase of 20% in the attacks on our servers in 2016 compared to 2015.
How to reduce vulnerability We need to make ourselves less vulnerable by strengthening our protection and resilience to attacks. We also need to be able to manage and mitigate attacks when they do happen, prosecute those who carry them out and be prepared to respond. Deterrence means having the ability and tools ready to turn from defensive to offensive mode when faced by largescale cyberattacks which threaten cities and systems. So we have strengthened our cyber resilience through the Network Information System (NIS) Directive, which will ensure that all EU Member States have a national cybersecurity strategy, a national authority responsible for network and information security, and Computer Security Incident Response Teams (CSIRTs) in place by the time the Directive enters fully
14
into effect by May 2018. Implementation of this directive by all Member States is the most important step we can take to ensure greater protection of our key infrastructure, and a greater shared understanding and cooperation.* The European Cybercrime Centre (EC3) at Europol has a key role to play in stepping up the fight against cybercrime. On 30 November 2016, law enforcement authorities took down a vast international criminal infrastructure known as Avalanche.The operation involved the law enforcement and judicial authorities of 30 countries – and was coordinated by Europol and Eurojust. Setting up an appropriate legal framework at an EU level is also necessary because access to evidence is vital in the fight against cybercrime. The European Commission has launched a consultation to discuss solutions to facilitate this access, including by working more closely with online service providers. The issue of encryption is a sensitive but an important one in this context. Encryption is essential in terms of data protection but in the context of criminal investigations, in particular relating to terrorist cases, judicial authorities also legitimately need access to data – both potentially to prevent further attacks and in prosecution cases. We need to think about solutions to that effect, of course fully respecting the protection of fundamental rights and individual freedoms.
Sir Julian King was appointed Commissioner for the Security Union in September 2016. A graduate from Oxford University, he joined the Foreign & Commonwealth Office in 1985. Sir King has held various positions, including: UK Ambassador to France (2016); Director General Economic & Consular (2014); DG of Northern Ireland Office London and Belfast (2011); UK Ambassador to Ireland (2009); EU Commission Chef de Cabinet to Commissioner for Trade (2008); UK Representative on EU Political and Security Committee (2004).
+++ Security +++
must be ready for “ We whatever the future holds.”
Commissioner Julian King in his office in Brussels, 25 January 2017
”Security by design” If we want to be better protected against cyberthreats, we need to build in ”security by design” and we must support and assist companies operating and innovating in the field of cybersecurity. The European Commission supports cyber capacity building in third countries as well as international cooperation in the field of cybersecurity. The European Union is a founding member of the Global Forum on the expertise of cybercrime (GFCE), a multi-country platform enabling countries, international organisations and participating companies (currently 55 participants, including 11 EU Member States and Europol) to exchange good practices and expertise in order to facilitate the establishment of partnerships to build capacity.
© European Union , 2017 / Source: EC - Audiovisual Service / Photo: Lukasz Kobus
documentation
European Agenda on Security The European Agenda on Security was adopted by the European Commission on 28 April 2015. The Agenda implements the Political Guidelines of President Jean-Claude Juncker in the area of security and replaces the previous Internal Security Strategy (2010-2014). In September 2016 President Juncker created a specific Commissioner portfolio for the Security Union, held currently by Sir Julian King, to ensure an effective implementation of the commitments made. The European Agenda on Security sets out how the Union can bring added value to support the Member States in ensuring security. The Agenda prioritises terrorism, organised crime and cybercrime as interlinked areas with a strong cross-border dimension, where EU action
Resilience and innovation
can make a real difference. The Agenda sets out a number of targeted
The interconnected world in which we live today offers many opportunities for citizens, governments and public and private actors. However, it also offers unprecedented opportunities to criminals, terrorists, and hostile states. That is why it is essential to work together to build resilience and to drive technological innovation, at a European level and in the context of our relations with third countries, in order to strengthen our collective efforts to combat cybercrime and cybersecurity threats. Finally, we need to plan for the future – because cyberthreats are not going to go away. The EU’s Cybersecurity Strategy dates back to 2013. It’s ancient history in a world that is moving so fast. We must be ready for whatever the future holds.
actions to be taken at EU level, to step up the fight against terrorism, organised crime and cybercrime. All actors involved are to work together based on five key principles: • Ensure full compliance with fundamental rights; • Guarantee more transparency, accountability and democratic control; • Ensure better application and implementation of existing EU legal instruments; • Provide a more joined-up inter-agency and a cross-sectorial approach; • Bring together all internal and external dimensions of security. > Web European Agenda on Security – State of play (March 2017): https://tinyurl.com/mx5v2yz Source: European Commission
*
See also the article by Andreas Schwab MEP, pages 26–27
15
THE EUROPEAN – SECURITY AND DEFENCE UNION
In the Spotlight
+++ CSDP +++
Improving the CSDP through the possibilities offered by the Lisbon Treaty
Making the EU fit for defence tasks
by Michael Gahler MEP and Esteban González Pons MEP, EPP Group, European Parliament, Brussels/Strasbourg*
Against the background of external turmoil and internal discussions on the future of the European Union, we drafted a report on making the EU fit for defence tasks. We did this on the assumption that the current Lisbon Treaty provides constructive provisions on how to improve the security of our citizens and the Union. We outlined suggestions to improve the current Common Security and Defence Policy (CSDP). The report on “Constitutional, legal and institutional implications of a common security and defence policy: possibilities offered by the Lisbon Treaty” was voted by the European Parliament during the session in Strasbourg mid-March. The final text served as a parliamentary input to the 60th anniversary of the Rome Treaties on 25 March 2017, in which security and defence was a top priority of discussion. The report includes detailed proposals on the way towards a European Defence Union.
Towards a European Defence Union
A future European Integrated Force The CSDP should be an effective, structured common policy that generates a benefit, and not a mere sum of the national policies of the Member States or their lowest common denominator. We need the best capabilities of each Member State. Therefore, Member States have to maintain momentum in progressively framing a common Union defence policy, which might lead to common defence as foreseen by the Treaty. In this regard, the report asks for a future European Integrated Force that Member States should build on protocol 10 of the Lisbon Treaty as a multinational force. This is not about creating now the European Armed Forces, but set the path improving the existing islands of ad hoc military cooperation and bringing them under one EU umbrella institution. In this regard, the decision to start the Military Planning and Conduct Capability (MPCC) of 6 March was a milestone on this way. With the establishment of this new military capability, the Member States implemented finally one of parliament’s longstanding demands.
Operational phase vs. peacetime cooperation In the report, parliamentarians further clarified their position on the differentiation between an operational phase and peacetime cooperation. The Lisbon Treaty (TEU) introduced this
photos: © European Union 2017, Source: EP/Michel Christen
The report starts with a realistic assessment of Europe’s strategic landscape making it necessary to stay united against an increasing number of risks and threats. The text highlights that the Lisbon Treaty delivers an excellent starting point to solidify unity within a European Defence Union. In order to achieve it, Member States have to generate sufficient political will and implement decisions, as the only way to deliver concrete and tangible results. We need a common defence policy, which reinforces unity, strategic autonomy and integration in order to
promote peace, security and stability in Europe’s neighbourhood and in the world.
“Unleash the potential of the European Defence Agency and start Permanent Structured Cooperation.” Michael Gahler MEP/ Esteban González Pons MEP 16
+++ CSDP +++
distinction to EU primary law. The first set of military engagement are the well-known CSDP overseas operations according to article 43 TEU and the mutual defence clause, article 42 (7) TEU. In general, Member States fund directly these activities based to the principle of cost-lie-where-they-fall. Military operations: Since 2003, the EU conducted military operations in several countries in three continents (Europe, Africa, and Asia). Now, the EU deploys military personnel in six operations; among others at the Horn of Africa and in the Mediterranean. The parliamentarians want to see an operational security and defence policy in order to promote peace, security and stability in Europe’s neighbourhood and in the world. They call for a reform of the so-called Athena mechanism “in view of enlarging its potential for cost sharing and common funding”. Peacetime cooperation: The notion of peacetime cooperation derives out of articles 42 (2 and 3) TEU and refers to the EU support for armament and capability development. Parliamentarians regret that Member States have not yet launched the envisaged policy in this area. Despite this failure, the European Parliament is ready to fund or co-fund defence activities. Except operations, the EU could finance peacetime cooperation in the areas of training and education, procurement and maintenance, infrastructure or research and technology.
Unleash EDA’s potential and start PESCO Parliamentarians come up with innovative ideas on using qualified majority vote as well as EU funding for defence activities. This might be new for some observers but this demand is perfectly in line with the Lisbon Treaty: decisions under the Common Security and Defence Policy (CSDP) at the European Defence Agency (EDA) or under the Permanent Structured Cooperation (PESCO) shall be taken by a qualified majority. Against the background of the benefit and the positive experiences with the European External Action Service, the report suggests to establish EDA and PESCO as Union institutions sui generis. This would mean that they would benefit in the future from the legislative and budgetary procedures of the European Parliament and the Council. That means also to unleash the potential of the EDA and start PESCO. European Defence Agency (EDA): Now, Member States regularly block themselves within EDA by taking decisions by consensus. However, they could overcome this self-chosen blockade by implementing qualified majority votes as foreseen in article 45 (2) TEU. Indeed, in previous years, EDA continued to lag behind its constitutional potential. In changing this old habit, parliamentarians call for reforming the Agency, which has to serve Member States better to help them improve their capabilities. According to parliamentarians, one reform element is that we stop using the Political and Security Committee (PSC) as a tool
Michael Gahler MEP has been a Member of the European Parliament since April 1999. Born in 1960 in Frankfurt/Main, he is currently a member of the Foreign Affairs Committee, serves as the EPP Group Coordinator in the Subcommittee on Security and Defence, and is a substitute member of the Transport and Tourism Committee.
Esteban González Pons MEP has been a Member of the European Parliament since 2014. Born in 1964 in Valencia, he is VicePresident of the EPP Group and is currently a member of the Committee on Constitutional Affairs and of the Budget Committee. He is a substitute member of the Committee on Women’s Rights and Gender Equality.
towards a common defence. The report suggests a narrow interpretation of article 38 TEU, according to which the mandate of the PSC only covers “the situation and missions outside the Union as well as certain aspects of the implementation of the solidarity clause”. Instead of using the PSC, the report suggests to upgrade EDA’s steering board to act as the Union’s third permanent representatives’ committee. This step would give ministers of defence the chance to jointly shaping Europe’s defence future. Permanent Structured Cooperation (PESCO): So far, Member States have not yet touched upon PESCO although they could establish it easily with a qualified majority vote. In addition, Member States finance EDA out of a separate intergovernmental budget and future funding of PESCO remains unclear. In doing so, nations ignore the fact that the funding of their administrative and operating expenditures for EDA and PESCO from the Union budget is the only option under the Treaties. Because of these claims, parliamentarians are requesting a revision of the Council Decisions concerning EDA and the PSC, the establishment of PESCO and some changes to the financial regulation for these purposes.
* The authors of this article are the co-rapporteurs for the European Parliament resolution on “Constitutional, legal and institutional implications of a common security and defence policy: possibilities offered by the Lisbon Treaty”, adopted on 16 March 2017. > web https://tinyurl.com/k38p9c2
17
THE EUROPEAN – SECURITY AND DEFENCE UNION
In the Spotlight
+++ CSDP +++
0ne swallow does not a summer make
European defence – time to leave hesitations behind*
by Gen (ret) Jacques Favin-Lévêque, Member of the Bord of EuroDéfense-France, Versailles
When the European Council met on 15 December 2016, the main item on the agenda was the defence issues facing the European Union: “(...) the High Representative will present proposals in the coming months as regards the development of civilian capabilities, the parameters of (…) the process of developing military capabilities taking into account Research and Technology (R&T) and industrial aspects, the establishment of a permanent operational planning and conduct capability at the strategic level, the strengthening of the relevance, usability and deployability of the EU’s rapid response toolbox, elements and options for an inclusive Permanent Structured Cooperation (PESCO) based on a modular approach and outlining possible projects, and the covering of all requirements under the Capacity Building in Security and Development (CBSD).”
ing 65% of the population) in the European Council. It was expected that this proposal, would be approved, or, at the very least, dismissed on 15 December 2016. Hopes were, however, bitterly dashed, in that the issue was apparently barely raised, probably for fear of rejection. The European Council, in its greater wisdom, chose to entrust to the albeit broad and responsible shoulders of Federica Mogherini the decision on further action be taken.
Where is the pragmatism?
Yet it would surely be easy to make swift decisions on ways of moving towards a common defence, if only by building on what already exists and adapting it pragmatically to the requirements of a more efficient European defence system. Why not exploit the initiative, led by France and Germany, in 1992, resulting in the creation of the Eurocorps as we know it today, with its HQ in Strasbourg, its six participating countries A complex and complicated decision making (France, Germany, Spain, Belgium, Luxembourg and Poland), This quotation rather unfortunately highlights the complexities its four associated nations ( Austria, Greece, Finland, Romania) and torpor typical of the EU decision-making processes at the its dedicated forces and its combined Franco-German Brigade? highest level for its short, medium and long term defence in a What is there to prevent the European Council from deciding world so fraught with danger. to deploy the 60,000 men concerned to give the EU a lasting and independent defence? Why not make the Eurocorps Operational HQ into a permanent operaJacques Favin-Lévêque tional and leadership body. Similarly, why not commit at European Council level to actually engage the Battle Groups in the EU’s external operaAs it happens, one of the provisions of the Treaty of Lisbon, tions, even if this means giving them permanent organisationwhich has been available to EU Member States since 2009 but al status and bringing the different units to a joint location? never enforced, could be the answer to the desire to give meaningful impetus to the Common Security and Defence Policy (CSDP). This provision refers to PESCO, behind which lurks the A defence force of its own notion of creating, within the Union, a core group of countries All this could be done in the short or medium term, and the determined to take the operational integration of their armed EU would finally have a defence force of its own. There is no forces and the cooperation between their defence industries to need to wait to make European defence a reality – and indeed, a higher level. the European Council used the opportunity of Brexit (for over a decade Brits have blocked all proposals for a EUHQ), and decided to build a “Headquarters”, the Military Planning and A French-German initiative Conduct Capability (MPCC). This is certainly a move in the right In a joint letter on 11/9 2016, signed by their respective direction. Now we are waiting for the Council’s decision to set Defence Ministers, France and Germany expressed the wish up the above-mentioned Permanent Structured Cooperation. to instigate a cooperation process of this type. The European treaties stipulate that decisions on such proposals only * Translation from French with the original titel: Défense Européenne...surtout n’allez pas trop loin require qualified majority (55% of Member States represent-
“
There is no need to wait to make European defence a reality.”
18
+++ CSDP +++
Will Brexit weaken or empower the CSDP: Thesis – Antithesis – Synthesis
Brexit – rethinking the European Neighbourhood Policy by Dr Rachel Suissa, Haifa University, Haifa*
At this moment of writing this article, Brexit reflects a position rather than a clear-cut final decision. The process going from the British Referendum in June 2016 to the UK Government bill seeking Parliament’s approval in order to trigger Article 50 is the full Brexit process. It should not be ignored when contemplating exogenous and endogenous events as an evaluator compass of the relationship between the CSDP and Brexit. Before engaging in a responsible debate, a consensual assumption should be taken into account. Historically, the CSDP has been one of the most argumentative pillars between the EU and Britain and has harbored most of the popular tensions: European Integration versus Atlantic Soli darity, Civilian Power versus Military Power, Intergovernmental Approach (CFSP/CSDP) versus Community Approach, External Objectives versus Inter-relational, Integration and Identity Objectives. Indeed, the Obama presidency seems to have shifted from the traditional American-British bond and to move closer to Angela Merkel and the EU. This is an indication that these tensions are connected with a liberal approach. Nevertheless, the Thesis-Antithesis to follow rests on a most argumentative pillar revealing crucial gaps between Britain and the EU ever since.
THESIS: Brexit is a constitutive and transformative event This thesis presents Brexit as a constitutive and transformative event for Britain, the European Union, Europe and the international arena. The comeback of the geopolitical approach Brexit has brought back all these levels of foreign and security analysis to the narrow local-national level with a neo-realistic approach and with critical implications on the CSDP. Indeed, due to the gaps that existed so far between Britain and the EU’s CSDP, this might be seen as normalcy so far. However, the structural strategic impacts that the CSDP has had on all its Member States in the prevention, mitigation, containment and restrain in conducting their foreign and security policy reveals new challenge: Britain loses the diplomatic asset she benefited from when she could speak with ”two voices” – one as Britain and another as a Member State, thus having flexible diplomacy and international political maneuvering. These shifts expose the CSDP to the return of the geopolitical approach, which would directly impact the new processes in EU’s neighborhood. When Britain eventually recovers from Brexit, her traditional diplomatic preferences, such as the Atlantic Alliance, might
Commission President Jean-Claude Juncker and British Prime Minister Theresa May during the informal meeting of the EU heads of state or government, Valetta (Malta), 3 February 2017
photo: European Union 2017, Source_EC Audiovisual Service © Etienne Ansotte
19
THE EUROPEAN – SECURITY AND DEFENCE UNION
In the Spotlight
“
In Brexit neither Britain nor the EU should burn their bridges behind them.” Dr Rachel Suissa
bring back historical European tensions and possibly increase those already existing between the EU’s CSDP and its other Member States. The influence of local party politics While bringing back neorealism at the level of local party politics, the rise of the right in the EU becomes an intervening factor between Brexit and the CSDP. Since not all right-wing parties in EU Member States will necessarily desert the Union, their demands for radical reforms in EU foreign policy and security will have their impact on the CSDP pillars, mostly dictated by national party politics. Thus, as such, Brexit might plant the seed of instability in the consolidation of possible reform processes in CSDP. At organizational and bureaucratic levels, the EU will no longer be in stable inter-governmental relations, but in party-politics in which a supra-national platform interacts with unstable local politics causing asymmetry in strategic planning as well as in the implementation of the CSDP elements. As for a rising political right-wing demanding exit from the EU: it would very much depend on the Members States’ identity. Since not all Member States possess equivalent influence on the CSDP, only those that can be clearly identified as sharing similar strategic culture features with that of the EU might jeopardize the coherence and comprehensive aspects of a multilateral cooperation needed for the European Security Strategy, even if they all share similar threat perceptions.
ANTITHESIS: Brexit will empower the CSDP The antithesis limits the implications of Brexit on the CSDP to specific contexts in which the EU manages to contain this development as an opportunity and evolves as a more differentiated powerful international organization, even if euroscepticism persists. One assumption is that Brexit would empower the CSDP to a proactive consolidated element among its Member States. Without Britain, the EU external politics would lead to massive changes to the EU internal framework. A shared security agenda in the EU would get its legitimacy from external successes of the EU’s CSDP. Thus, the Brexit effects on the CSDP will very much depend on EU successes in its involvement in the international arena and its preparedness in threats such as those to critical dependencies (gas, oil, rare earth etc.); threats to communication and mobility; strategic cyber threats; chemical, nuclear, radiological, and nuclear risks crises resulting from climate change power shifts on a global
20
+++ Brexit +++
Antonio Tajani, President of the European Parliament (right), and Michel Barnier, EU Chief Negotiator for Brexit, meeting in Brussels, 2 March 2017
Photo: © European Union 2017, Source: EP
scale (geopolitical drifts). These specific threats, extremely neo-realistic in their pattern, form direct linkages between the EU’s responsibility and European individuals’ security. Success in this context will protect the EU from the consequences of local and national party politics.
SYNTHESIS: Brexit bringing about a smart and open CSDP The synthesis necessitates a balanced CSDP that Brexit would bring about for a smart integration of a neo-realist and neo-liberal security and defense policy in three dimensions: • Brexit implications on the role of NATO in the CSDP due to the traditional alliance between Britain and America; • Brexit as an urgent modifier for a new European Neighbourhood Policy (ENP), and the rise of war scenarios in Europe. This very dimension rests on the assumption that war etiology is not an instant episode. The seeds for a future war in the region is extremely connected to the previous United States’ presidency, with the Obama laissez-faire policy towards Russia in Europe and the Middle East. If Trump’s policy fails to reverse those sequential processes created by Obama, war might become real. In this context, both Britain and the EU will need to prioritize cooperation for European Security. • In Brexit neither Britain nor the EU should burn their bridges behind them.
* Dr Rachel Suissa is a teaching professor on the National Security Program at the University of Haifa’s School of Political Sciences, and a senior research fellow at the Haifa Center for German and European studies. Dr Suissa has engaged in research activities with different European research consortia. Her current work is focused on cybersecurity and examines the relevance of Kinetic Security Strategy in virtual environments.
MAIN TOPIC:
In our global and digital age, modern societies rely on the internet infrastructure in order to interact, trade, provide basic services or exert democratic rights and duties, etc. However, the computer-based systems, which store and process our confidential and sensitive information, and keep our economy up and running are vulnerable to attacks exploiting weaknesses at the technical, social, and policy level. Cybersecurity has therefore many dimensions: it includes i.a. the prevention of and protection against cybercrime, attacks and espionage, the secure and responsible handling of personal data as well as applying our laws also in cyberspace.
photo: Š European Union , 2015, Source: EC – Audiovisual Service, Photo: Cristof Echard
Cybersecurity
THE EUROPEAN – SECURITY AND DEFENCE UNION
Partnerships are an essential element of a forward-looking cybersecurity strategy
No successful digitalisation without cybersecurity
by Arne Schönbohm, President of the Federal Office for Information Security (BSI), Bonn
Powerful and secure communication systems are the central nervous system of 21st century society. Hardly any part of society can do without reliable and secure IT and communication systems. They are essential for a functioning economy and for many other areas of our closely networked society. They create the prerequisites for mobility and data exchange as well as for the transfer of capital, goods and services. They ensure the networking of medical devices in an operating theatre and are a pre-requisite for Industry 4.0, the energy revolution and the operation of critical infrastructures.
Cyberspace is an arena for criminals But at the same time, the level of threat is increasing as a result of vulnerabilities within these systems. The number of IT attacks increases every year. They are becoming ever more professional, and their consequences ever more serious. Successful attacks on communication systems, hospitals and companies, on democratic institutions such as the German Bundestag, on media and on media campaigns, such as election campaigns, show us just how vulnerable our society is and how sophisticated the perpetrators are. Parties involved in crime, terrorism and in intelligence systems use cyberspace as an arena for their activities. This means that IT security has become one of the central requirements of information and communication technologies. Successful digitalisation will not happen without cybersecurity. The instigators of these attacks are organised on an international basis; they profit from global networking and the camouflaging opportunities provided by the Internet. Their tracks
Arne Schönbohm
are often difficult to follow, attempts to do so quickly come up against national borders. The openness and extent of cyberspace allows them to carry out disguised attacks by hijacking vulnerable victim systems and making them into tools for their attacks. Too often, neither the identity nor the background of the attacker can be established.
Increase resilience and foster partnerships The more important digitalisation becomes for our lives and businesses, the more important it is to increase Germany’s resilience to cyberthreats of all kinds. It is necessary to interlink stakeholders in the state, the economy and in society at national and international level, as only a common approach will lead to success. In the future, maintaining partnerships with other states and organisations will become an essential element of a forward-looking cybersecurity strategy. In addition to cooperation in the United Nations, this also includes cooperation in the EU, the Council of Europe, the OSCE and other multinational organisations. The aim must be to improve the international community’s coherence and ability to act in order to protect cyberspace by means of international coordination and appropriate networking. That is why the BSI is also the national cyberdefence authority for Germany towards NATO. Strengthening cybersecurity also requires the enforcement of international behaviour rules, standards and norms. The first step towards better cybersecurity is to develop some common minimum rules (code of conduct) with allies and partners. This requires overcoming the discrepancy between increasing multi-lateralisation and sovereign assessment and decision-making. Proven German and European IT and data security standards must be strengthened and maintained in the globalised world.
has been President of the Federal Office for Information Security (Bundesamt für
The German solution
Sicherheit in der Informationstechnik – BSI) since February 2016. Born in 1969
The German Federal Office for Information Security (BSI) has been Germany’s state competence centre for IT and cybersecurity for more than 25 years. Its professional expertise is recognised far beyond the world of public administration. The BSI as the national cybersecurity authority shapes information security in the digital world for government, business and society, with a clear legal mandate, which was expanded once again by the IT Security Act in 2015. When the BSI was founded, the decision was to separate
in Hamburg, Germany, he studied International Management in Dortmund, London and Taipeh. Mr Schönbohm worked in different positions at EADS, inter alia as Vice-President for commercial and defence solutions. In 2008, he became Chairman of the board of the BuCET Shared Services AG (BSS AG). Prior to his current position, Mr Schönbohm was President of the Cyber-Security Council Germany. Throughout his career, he was security expert and advisor for several political decision-makers on the regional, federal and European level.
22
MAIN TOPIC: Cybersecurity
“
IT security has become one of the central requirements of information and communication technologies.”
Arne Schönbohm in his office in Bonn
the “codebreakers” from the “codemakers”. This proved to be a very smart and forward-looking decision. As a result, the BSI has been able, over the years, to build up great public trust, especially in the economy. As Germany’s national cybersecurity authority, the BSI is engaged at a European level and is involved with the relevant European bodies. In the past, the BSI also launched joint initiatives with other Member States. At European level, there is a network of government CERTs (Computer Emergency Response Teams) in which there is trusting exchange and mutual support. The effectiveness of the international cooperation was evidenced by the successful dismantling of the Botnet infrastructure “Avalanche”. Germany’s activities were successfully coordinated by the National Cyber Response Centre.
© BSI
► publications
BSI papers With the report The State of IT Security in Germany 2016 BSI provides information about current risks for IT security in Germany as well as countermeasures and an overlook of the services provided by BSI for state and administrative bodies, for business and for society. > web https://tinyurl.com/mhfh6fj
Private parties are involved At international level, as well as at European level, private parties are increasingly involved in cybersecurity measures. These include cybersecurity exercises, public-private partnerships for network stability, cost-effectiveness analyses and risk assessments as well as campaigns to raise awareness concerning the dangers of the Internet among the population and SMEs. These forms of cooperation between the states and their security institutions, between the IT security authorities and the economy and between politics and society must be systematically and continuously expanded. They form an essential basis for successful measures in the fight against cybercrime.
With the magazine Security in focus BSI gives an overlook of projects, events and services provided by BSI for state and administrative bodies, for business and for society. > web https://tinyurl.com/mcm8ax5
23
THE EUROPEAN – SECURITY AND DEFENCE UNION
Protecting our cyberspace is a truly common challenge for Europe
The EU’s efforts to protect the digital society and economy by Roberto Viola, Director General, DG CONNECT, European Commission, Brussels
When the Juncker Commission entered office in 2014, it set itself a series of ambitious policy goals. Key among them is the creation of a Digital Single Market1, which could contribute 415 billion per year2 to our economy and create hundreds of thousands of new jobs. As we increasingly rely on digital services for both our social and economic development, we need a harmonised online environment to sustain the benefits of the Single Market.
A common challenge for Europe However opportunities and benefits come hand in hand with challenges posed by the digital revolution, such as large scale cyberattacks. With our daily life depending on digital technology when it comes to mobility, power supply, or healthcare, we are vulnerable to attacks and incidents affecting our critical infrastructures. Much more can and must be done to secure these critical infrastructures from acts of cyberwar or cyberterror, with the help of a ‘digital shield’. In particular, the cross-border nature of these attacks and incidents reminds us that protecting our cyberspace is a truly common challenge for Europe. For this reason, cybersecurity has been one of our key priorities since 2013, when the European Commission issued
Roberto Viola is Director General of the Directorate General of Communication, Networks, Content and Technology (DG CONNECT) at the European Commission. He holds a Doctorate in Electronic Engineering and Photo: provided by the EC
a Master’s degree in Business Administration (MBA). From 1985-1999 Mr Viola served in various positions including
its first Cybersecurity Strategy3 dedicated to the creation of an open, safe and secure cyberspace. Since then, we have aimed at establishing a proactive and responsible culture of cybersecurity across the European Union. Trust is essential to improve society’s uptake of digital technology, and it depends to a great extent on a secure cyberspace.
Measures to secure the cyberspace On the legislative side, the first building block has been the adoption of the first EU-wide cybersecurity law, the Directive on the Security of Network and Information Systems (NIS)4. The NIS Directive paves the way for strategic and operational cooperation on cybersecurity at EU level, based on improved national capabilities. To protect critical EU infrastructures, it requires operators in important economic sectors such as energy and transport, banking, healthcare, water supply, as well as providers of key internet services like search engines, cloud computing and online market places to adopt risk management measures and report important incidents to national authorities. We are committed to implement the NIS Directive as a matter of priority, but it is only a first step in the creation of a resilient and secure digital environment. The Commission is working on a number of tailored measures to reinforce the institutional framework dealing with cybersecurity, in order to address the challenges faced by Europe’s cybersecurity Single Market and to nurture our industrial capabilities. On the institutional side, we are in the process of evaluating the European Union Agency for Network and Information Security (ENISA). This assessment is likely to lead to a revision of ENISA’s mandate5, laying the foundations for an “ENISA 2.0”, which will be better equipped to tackle future challenges. Along with the re-shaping of ENISA, the Commission services want to introduce a coordinated approach to crisis management across the various elements of the cyber ecosystem. This is why we are developing a blueprint that should ensure a coherent response to large-scale cyber incidents.
as Head of Telecommunication and Broadcasting Satellite Services at the European Space Agency (ESA). From 1999 to 2004
A public-private cybersecurity partnership
he served as Director of Regulation Department and Technical
In order to build up our industrial capabilities, it is also vital to encourage the private sector to play its part in minimising the risk of cyberattacks and incidents. Thus, in July 2016 the Commission launched a public-private cybersecurity partnership6 to develop industrial and technological resources for cybersecurity. This PPP is expected to generate 1.8 billion
Director in AGCOM and held the position of Secretary General in charge of managing AGCOM from 2005 to 2012. Prior to his current post, he was the Deputy Director-General of DG CONNECT at the European Commission from 2012 to 2015.
24
MAIN TOPIC: Cybersecurity
Digital Economy and Society Index (DESI) 2017 ranking
graphic: European Commission
documentation
of investment by 2020. It should be complemented by an EUwide framework for the security certification of ICT products and services.
DESI 2017
Review of the EU Cybersecurity Strategy
The Digital Economy and Society Index (DESI) is a composite in-
Each of these policy initiatives constitute a step towards a more cyber-resilient society and economy and are a testimony of the Commission’s overall ambition to increase the internal security of the EU. However, it is important to highlight that cyberattacks are a constantly evolving global threat. Hence we see the need to review the EU Cybersecurity Strategy later this year. This revision will take into account developments since 2013 and will focus on delivering network security by directly tackling cybercrime and by working closely with our partners around the world.
dex that summarises relevant indicators on Europe’s digital performance and tracks the evolution of EU Member States in digital competitiveness. The DESI 2017 (see graphic above) shows that Denmark, Finland, Sweden and the Netherlands have the most advanced digital economies in the EU followed by Luxembourg, Belgium, the UK and Ireland. Romania, Bulgaria, Greece and Italy have the lowest scores on the DESI. In 2016, all Member States improved on the DESI. Slovakia and Slovenia progressed the most (more than 0.04 as opposed to an EU average of 0.028) while there was low increase in Portugal, Latvia and Germany (below 0.02).
COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE COUNCIL, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE AND THE COMMITTEE OF THE REGIONS A Digital Single Market Strategy for Europe /* COM/2015/0192 final */ http://eur-lex.europa.eu/legal-content/EN/TXT/?qid=1447773803386&uri=CELEX%3A52015DC0192 2 European Parliament Research Service, Mapping the cost of Non-Europe, 2014–19, 2015 3 Cybersecurity Strategy of the European Union: An Open, Safe and Secure Cyberspace - JOIN(2013) 1 final - 7/2/2013 https://ec.europa.eu/digital-single-market/en/news/eu-cybersecurity-plan-protect-open-internet-and-online-freedom-and-opportunity-cyber-security 4 Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union http://eur-lex.europa.eu/ legal-content/EN/TXT/?uri=uriserv:OJ.L_.2016.194.01.0001.01.ENG&toc=OJ:L:2016:194:TOC 5 Public consultation on the evaluation and review of the European Union Agency for Network and Information Security (ENISA) https://ec.europa.eu/ digital-single-market/en/news/public-consultation-evaluation-and-review-european-union-agency-network-and-information 6 European Commission - Press release. Commission signs agreement with industry on cybersecurity and steps up efforts to tackle cyber-threats. Brussels, 5 July 2016. http://europa.eu/rapid/press-release_IP-16-2321_en.htm 1
Andrus Ansip, Vice-President of the European Commission in charge of the Digital Single Market, during the press conference on the main results of the latest Digital Economy and Society Index (DESI), Brussels, 3 March 2017 Photo: © European Union , 2017, Source: EC – Audiovisual Service, Photo: Georges Boulougouris
25
THE EUROPEAN – SECURITY AND DEFENCE UNION
The NIS Directive establishes cybersecurity measures at European level for the first time
The NIS Directive – a European approach to cybersecurity risks by Dr Andres Schwab MEP*, European Parliament, Strasbourg/Brussels
In recent years, the frequency of cyberattacks on network systems in the European Union has increased dramatically. In February 2016, Telekom Austria’s mobile internet service was hit by a cyberattack that caused temporary access outages for millions of users in its home market. The cyberattacks on Sony PlayStation in December 2014, on the French TV Channel TV5 in 2015 and on the German Bundestag should not be forgotten. There also was a cyberattack on the Polish airline LOT in June 2015, where hackers attacked the ground computer systems, which are used to issue flight plans and around 1,400 passengers were grounded at the airport.
Dr Andreas Schwab MEP has been a Member of the European Parliament since 2004. Born in 1973, he studied law in Freiburg and at the Institut d’Etudes Politiques in Paris and obtained an L.L.M. from the University of Wales in Photo: © European Union, 2011 – EP
2000. He worked as a consultant for the European Convention in the Department of European Affairs of the Baden-Würt-
temberg State Ministry while obtaining a doctorate in law in 2002 and absolving his second state law exam in 2003. Prior
National solutions are not sufficient
to his election to the European Parliament, Mr Schwab was a
These cyberattacks show that an effective solution to face cybercrime and to guarantee cybersecurity is indispensable. Especially the possibility of attacks on operators of essential services poses a major threat to the European Union. Disruptions of infrastructures of services such as energy, water, transportation and health can have serious negative effects. This is especially true, since systems like the railway-system or the energy-network for example are transnationally connected in the European Union. So not only can disruptions of the different networks have an effect on the national economy and society, which should not be underestimated, but they are likely to
government assistant lawyer at the Ministry for Culture, Youth and Sport in Stuttgart and Private Secretary to the Minister. He is the EPP Group Coordinator in the Committee on the Internal Market and Consumer Protection (IMCO).
affect neighbouring states and the European Union as a whole. Hence, national solutions to the problem of threats for our IT-infrastructure are not sufficient with regard to cross-border networks, there has to be a common European strategy, which makes the European Union more resilient.
The NIS Directive was adopted by the European Parliament on 6 July 2016 under the Slovak Presidency of the European Union. From left to right: Ivan Korc˘ok, State Secretary of the Ministry of Foreign and European Affairs of the Slovak Republic, Rapporteur Andreas Schwab MEP, and Martin Schulz, at that time President of the European Parliament, at the signing ceremony
26
photo: © European Union 2016, source: EP
MAIN TOPIC: Cybersecurity
The NIS Directive sets new standards In 2016, the European Parliament therefore adopted the Directive on Security of Network and Information Systems (NIS Directive), which sets new standards for cybersecurity throughout the European Union. This directive enhances the creation of the Digital Single Market and guarantees security for our digital infrastructures. To achieve a European approach therefore, the NIS Directive requires Member States to adopt a national NIS strategy defining the strategic objectives and appropriate policy and regulatory measures in relation to cybersecurity, nominate a national competent authority for the implementation and enforcement of the directive and designate Computer Security Incident Response Teams (CSIRTs) responsible for handling incidents and risks. Operators of essential services now have to take appropriate security measures and notify serious incidents to the relevant national authority. The new rules concern, first and foremost, • providers of critical infrastructures in the sectors: energy, transport, banking, financial market infrastructures, health sector, drinking water supply, distribution, and digital infrastructures. • providers of digital services, namely “online marketplaces”, “online search engines” and “cloud computing services”. These digital service providers are required to take appropriate security measures and to notify incidents to the competent authority. To avoid imposing a disproportionate financial and administrative burden on operators of essential services and digital service providers, the requirements the directive imposes do not apply to micro- and small enterprises. The NIS Directive is thereby establishing cybersecurity measures on the European level for the first time. Departing from the tendency of Member States to want to keep security concerns as national matters, the directive has identified the necessity for a common European approach and we have established a majority to support this.
European approach to cybersecurity. Politics have to play a role, but the costs of establishing innovative cybersecurity solutions must also be carried by the business sector. As the real effects of the NIS Directive will only show once it has been transposed by the Member States, this process has to move forward as smoothly and as quickly as possible. * The author is the European Parliament Rapporteur for the NIS Directive.
> Web NIS Directive: https://tinyurl.com/mkkjelr
documentation
ENISA Study on the NIS Directive (ed/ak, Berlin) The NIS Directive, which entered into force in August 2016, provides legal measures to boost the overall level of cybersecurity in the EU. On 15 March 2017, the European Union Agency for Network and Information Security (ENISA) has issued a report identifying gaps and overlaps of standardisation in the context of implementing the NIS Directive. It recommends: to “adopt a standards based framework for the exchange of threat and defensive measure information that impacts the functioning of Network Information Infrastructure (NII). The capabilities from this framework underscore NII as Critical Infrastructure of the EU and its Member States.” The report further notes that provisions for NIS cannot be separated from provisions for NII and cybersecurity in general. In addition, it recommends to consider the embeddedness of NII in a global market.
> Web To access the full ENISA report: http://bit.ly/2n9EPv2
The European Union Agency for Network and Information Security set up in 2004 is a centre of expertise for cybersecurity in Europe.
A milestone towards resilience
Located in Greece, with its seat in Heraklion (Crete) and an oper-
Through the common approach, the NIS Directive is the way to overcome the fragmentation that currently exists in the European Union with regard to cybersecurity. We can say that the adoption of this legal act is a major milestone towards resilience on the European level. It’s real impact will however, largely depend on the success of its transposition and implementation in the Member States. In some countries, the transposition process is already quite advanced, whereas in some others it is just starting. The Cooperation Group, which is responsible for ensuring that the Directive is implemented in a consistent manner across different sectors as well as cross-border, has to ensure a coherent approach across the Union. Network and information security is one of the main security challenges that we are currently facing and we have a common responsibility in the European Union to establish an effective
ational office in Athens, the Agency works closely together with Members States and private sector to deliver advice and solutions. This includes, the pan-European Cyber Security Exercises, the development of National Cyber Security Strategies, CSIRTs cooperation and capacity building, but also studies on secure Cloud adoption, addressing data protection issues, privacy enhancing technologies and privacy on emerging technologies and identifying the cyber threat landscape, and others. ENISA contributes to the implementation of the NIS Directive, addressing topics like security requirements, incident notification and standardisation. In January 2017, the European Commission launched a public consultation for the review of the Agency in view of new challenges the EU faces in the cybersecurity field. > Web https://www.enisa.europa.eu/
27
MAIN TOPIC: Cybersecurity
The European Union needs an inventive and holistic network-based response strategy
A European strategy to counter cybercrime by Rob Wainwright, Director of Europol, The Hague
Combatting cybercrime is often depicted as a battle between the police and the cybercriminals. The exponential growth of cyber-enabled and cyber-facilitated crime in the past decade, coupled with the global, borderless and asymmetric nature of these threats, makes it easy to identify who is the David and who is the Goliath in this scenario, considering also already strained public resources. A flexible and innovative strategy, one that focuses on leveraging the same technologies that the criminals misuse to conduct their illicit activities and avoid detection, is therefore at the heart of winning, not least by ensuring equality of arms. But as the saying goes, “One should never innovate to compete; one should innovate to change the rules of the game.”1 Hence, a truly effective European strategy should look beyond the institutional responses that each agency could provide individually by addressing only a particular dimension of the problem2 and should aim at pioneering new tactics and exploiting powerful synergies by adopting a more holistic approach.
Cybercrime is a major threat On European level, a roadmap for achieving an open, safe and secure cyberspace3 has already laid the foundations for developing an overarching strategy to defeat the “cyber Goliath”. Furthermore, cybercrime has already been identified as one of the three top threats to the security of the European Union
The Europol headquarters in The Hague Photo: © European Union , 2016, Source: EC – Audiovisual Service, Photo: Marzia Cosenza
(EU) and a key obstacle to the development of a successful Digital Single Market.4 But as cybercriminals are constantly changing the rules of the game,5 complementarity, flexibility and innovation are paramount to the successful implementation of the Union’s blueprint for ensuring cybersecurity. The 2013 EU Cybersecurity Strategy specifies the key elements in achieving this by promoting the development of strong cyberresilience capabilities, ideally in the context of national cybersecurity strategies.
The European Cybercrime Centre (EC3) located at the Europol headquarters in The Hague was created in 2013
graphic: Europol
29
THE EUROPEAN – SECURITY AND DEFENCE UNION
“
As cybercriminals are constantly changing the rules of the game, complementarity, flexibility and innovation are paramount to the successful implementation of the Union’s blueprint for ensuring cybersecurity.” Rob Wainright has been Director of Europol since 2009. Born in 1967 in Carmarthen, Wales, he graduated from the London School of Economics with a BSc. Mr Wainwright worked for the following 10 years as an intelligence analyst in the fields of counter-terrorism and organised crime. Between 2000 and 2003, he was the Head of the UK Liaison Bureau at Europol. In 2003, Mr Wainwright was promoted to the position of Director International of the National Criminal Intelligence Service. Prior to his current position, he was Chief of the International Department of the UK Serious Organised Crime Agency. He is currently a member of the World Eco© Europol
nomic Forum’s Cybercrime Steering Committee.
Europol’s multifaceted response Europol, with its dedicated European Cybercrime Centre (EC3) launched in 2013 and its EU partners, is uniquely positioned to lead the way in tackling cybercrime. Europol’s technology-enabled platform connects over 750 law enforcement agencies from Europe and beyond and facilitates a level of secure information exchange between those partners that has tripled in less than five years. Operating on the basis that “it takes a network to defeat a network” and cognisant that in today’s interdependent world no country or agency is island or is immune to cyberthreats, EC3 leverages its network of public, private and academic partners to support EU Member States in effectively countering the hybrid threats posed by cybercrime to our collective security. The multifaceted response to cybercrime adopted by the Centre, which includes not only operational action but also prevention, awareness raising and capacity building, draws upon the EU Policy Cycle,6 and a multi-stakeholder governance model that includes the European Union Cybercrime Task Force (EUCTF)7, the EC3 Programme Board8, and its partnership networks with non-law enforcement actors.9 This model underlines the shift away from a strictly institutional and limited response strategy and exemplifies its collaborative and inclusive nature.
Successful operations supported by EC3 An operational example of EC3’s impact, is the Joint Cybercrime Action Taskforce (J-CAT),10 an innovative framework for
30
strengthened operational cooperation against transnational cybercrime. The Taskforce is actively supported by EC3 and has already jointly executed more than 20 successful largescale operations. The latest joint action in December 2016 targeted users of Distributed Denial of Service (DDoS) cyberattack tools spread across 13 countries worldwide.11 In addition to the 34 arrests, 101 suspects were interviewed, and a multi-language prevention campaign raised awareness of the risk of getting involved in cybercrime.12 As outlined by EC3’s Cybercrime Trichotomy model,13 such high-volume crimes can be contained by increasing the level of cyberawareness and the baseline cybersecurity. Therefore, defeating the proverbial Goliath calls for complementing the joint cyber detection and disruption activities with deterrence and prevention.
New possibilities to forge synergies The increasing “corporatisation of cybercrime”14 calls for an equally inventive and holistic network-based response strategy – a collaborative approach to policing15, which includes among other things the efficient and effective use of resources. In light of the reviewed priorities of the EU Policy Cycle and the new Europol Regulation16 which present new possibilities to forge effective synergies with a wider array of public and private partners worldwide, Europol’s and EC3’s focus is on increasing information flows, building greater levels of trust and utilising the digital revolution to derive new value from the use of technology and data in countering cybercrime.
MAIN TOPIC: Cybersecurity
documentation
SOCTA 2017 – Crime in the age of technology (ed/nc, Paris) Europol published the Euro-
gic partners outside the EU and institutional
property are growing in frequency and scale,
pean Union Serious and Organised Crime
partners as well as operational intelligence
with hundreds of millions of records compro-
Threat Assessment (SOCTA) 2017 entitled
held in Europol’s databases.
mised globally each year.
“Crime in the age of technology”. The report
Payment order fraud: Criminals use fraudu-
is a detailed analysis of the threat of serious
SOCTA 2017 findings:
lent transfer orders to defraud private and
and organised crime facing the EU providing
Cybercrime continues to grow as society be-
public sector organisations. Fraudsters heav-
information for practitioners, decision-mak-
comes increasingly digitised.
ily rely on social engineering techniques and
ers and the wider public.
Malware and ID theft: Malware typically
malware to carry out this type of fraud.
The SOCTA 2017 shows that the use of new
steals user data such as credit card num-
Payment card fraud: Compromised card
technologies by organised crime groups
bers, login credentials and personal informa-
data is readily available and easy to obtain
(OCGs) has an impact on criminal activities
tion from infected machines for subsequent
on forums, marketplaces and automated
across the spectrum of serious and organ-
use by criminals in fraud.
card shops in the deep web and Darknet.
ised crime. This includes developments on-
Cryptoware: Cryptoware (ransomware using
Online sexual exploitation: Child Sexual Ex-
line, such as the expansion of online trade
encryption) has become the leading mal-
ploitation Material is increasingly produced
and widespread availability of encrypted
ware in terms of threat and impact. It en-
for financial gain and distributed through the
communication channels.
crypts victims’ user generated files, denying
Darknet. Coercion and sexual extortion are
For the 2017 assessment, Europol has un-
them access unless the victim pays a fee to
increasingly being used to victimise children.
dertaken the largest-ever data collection on
have their files decrypted.
serious and organised crime in the EU, rely-
Network attacks: Network intrusions that
ing on thousands of contributions by Mem-
result in unlawful access to or disclosure of
> Web SOCTA 2017 https://tinyurl.com/
ber States, Europol’s operational and strate-
private data (data breaches) or intellectual
mgre2p5
1 David O. Adeife 2 For instance, at EU level - network and information security (ENISA), cyber defence (EDA), cybercrime (Europol), cybersecurity of institutions (CERT-EU), large-scale IT systems (EU-LISA), etc. 3 Cybersecurity Strategy of the European Union: An Open, Safe and Secure Cyberspace, JOIN (2013) 1, http://eeas.europa.eu/archives/docs/policies/ eu-cyber-security/cybsec_comm_en.pdf 4 The European Agenda on Security, COM (2015) 185, https://www.cepol. europa.eu/sites/default/files/european-agenda-security.pdf 5 Such as the growing criminal abuse of current and emerging technologies (encryption, cryptocurrencies, Internet of Things, cloud computing, etc.) and the progressive convergence between cybercrime, traditional serious and organised crimes and even terrorism 6 https://www.europol.europa.eu/crime-areas-and-trends/eu-policy-cycle-empact 7 EUCTF is composed of the Heads of the EU National Cybercrime Units (incl. Iceland, Norway, and Switzerland), which meet biannually to discuss strategic and operational matters and aim at developing a harmonised approach to address the criminal misuse of information and communication technology and the fight against cybercrime 8 The EC3 Programme Board is composed of a number of key agencies and institutions who play a role in the fight against cybercrime and plays an advisory role to EC3; it also serves as a platform for de-confliction and identifying synergies and possibilities to maximise resources and avoiding duplications; https://www.europol.europa.eu/about-europol/european-cybercrime-centre-ec3/ec3-programme-board 9 EC3 coordinates a number of partnership networks with private sector representatives of key industries (financial sector, internet security, telecoms and
Source: Europol
ISPs), academia, as well as cybercrime prevention and awareness national contact points and a forum for forensic experts. It also works closely with the CIRT/CERT community. 10 https://www.europol.europa.eu/activities-services/services-support/ joint-cybercrime-action-taskforce 11 https://www.europol.europa.eu/newsroom/news/joint-international-operation-targets-young-users-of-ddos-cyber-attack-tools 12 https://www.europol.europa.eu/publications-documents/cyber-crime-vscyber-security-what-will-you-choose-poster 13 https://www.europol.europa.eu/activities-services/main-reports/internet-organised-crime-threat-assessment-iocta-2015 and https://www. europol.euro pa.eu/activities-services/main-reports/internet-organised-crime-threat-assessment-iocta-2016 14 Cybercrime groups are increasingly operating like traditional businesses, with similar structure, business models, their own communication system, and event its own preferred currency for transactions, http://ww2.cfo.com/ cyber-security-technology/2017/02/corporatization-cyber-crime/ 15 Allowing competent authorities together with trusted third parties to develop the competitive advantage necessary to address the proliferation of cybercrime by using the combined power of the network 16 Applicable as of 1 May 2017, https://www.europol.europa.eu/publications-documents/regulation-eu-2016/794-of-european-parliament-and-ofcouncil-of-11-may-2016
31
THE EUROPEAN – SECURITY AND DEFENCE UNION
Hewlett Packard Enterprise is providing a broad portfolio of commercial and military Modular Data Center (HPE MDC)
HPE Modular Data Center (HPE MDC)
• The HPE MDC is a containerized datacenter equipped with power and coolin The HPE MDC can be deployed within weeks instead of months or years typi datacenters and offers advanced cooling infrastructure that is more energy• The HPE MDC delivers best-in-class technology data centers which can be sh HPE factory within 12 weeks – slashing the time for data center build-out an configurations optimized for power density and efficiency, as well as ruggediz • Is at 3 meters in length, contains (4) 50U racks and supports maximum IT ca • Our cooling solution is a resilient configuration with the ability to connect a s
• The also available MDC Power Module allows simple and efficient power feed
32
ng infrastructure, and IT power distribution. ically associated with brick-and-mortar -efficient than typical datacenter build-outs. hipped fully integrated and tested with IT from an nd IT deployment. The MDC portfolio offers zed version for military purposes. apacity with redundant feed of 44kW. secondary water loop.
Advertorial
Markus Linnenbrock HPE Defence Markus.linnenbrock@hpe.com
ds to streamline costs and speed up deployments.
33
THE EUROPEAN – SECURITY AND DEFENCE UNION
Only a broad perspective will make us successful in cyber
Strength in partnership
by Maj Gen (ret) Koen Gijsbers, General Manager, NATO Communications and Information Agency, Brussels
Today’s cyberthreat landscape is markedly different from that of a few years ago. Experts and officials agree that the speed, sophistication and diversity of attacks has changed dramatically. Cyberrisks threaten the benefits, whether economic, political or social that the human invention of cyberspace can offer. Given this context, it is not surprising that nations and international organisations are taking this very seriously with a tangible response. NATO has recognized cyberdefence as a top priority and member nations have made a wide ranging cyberpledge for all Alliance nations to improve and modernise their own cyberdefences. Nations have also agreed that cyberspace should be viewed as an operational domain, a decision that will have wide ranging impacts across the Alliance’s organisation and operations. Equally, the EU has created multiple initiatives to standardise defence arrangements and to share information between Member States.
NATO’s Warsaw Summit: a game-changer Many states who may be considered adversarial, now consider cybercapabilities as a legitimate and necessary part of their strategic toolbox alongside diplomacy, economic prowess and military might. Non-state actors continue to engage at many levels of sophistication and determination. The threat landscape continues to broaden and the level technical expertise necessary to operate in that landscape continues to drop. In the face of this threat, NATO is pursuing a number of positive and practical initiatives. As briefly mentioned above, at the last Summit the 28 nations that make up the Alliance have all made a pledge to improve their own cybersecurity and to keep pace with the fast evolving cyberlandscape. This is no hollow promise. Nations are devoting scarce resources to these improvements, actively reinforcing cooperation and information exchange amongst the Allies and prioritising education and training activities. Progress towards these improvements will be measured and reported annually. The decision to recognise cyber as an operational domain alongside the existing environmental domains of land, maritime and air, will change the way that NATO plans and conducts operations so that cyberdefence is built into the planning from the start. A roadmap to develop and implement these changes is now under way. These are examples of real and effective actions being taken by NATO in light of the stated Alliance priorities for cyberdefence.
signed a technical agreement with the Computer Emergency Response Team of the European Union (CERT-EU) to provide a framework for information exchange and to share best practice at the technical level of defence. A year on, this agreement is proving to be very productive and of benefit to both NATO and the EU. Information sharing is not only limited to international organisations. The Agency is facilitating a series of arrangements with NATO and non-NATO nations to exchange threat information and is also supporting the nations through wide ranging engagement using the framework of the NATO-Industry cyberpartnership. This initiative continues to grow and provide ever more information sharing and coordination between the Alliance and commercial organisations.
A comprehensive technological approach The NCIRC and the associated elements that provide the spectrum of cyber security activities are an integral part of NATO’s Communications and Information Agency (NCI Agency). The Agency was born through a merger of five disparate organizations precisely in order to allow NATO to take a comprehensive view of its IT and cyberlandscape. The work of the cyberteam is conducted alongside and wholly coordinated with the other critical activities necessary to provide robust and resilient network operations for deployed and static users at more than 50 locations across the NATO area. This close integration of all
Maj Gen (ret) Koen Gijsbers became the first General Manager of the NATO Communications and Information Agency in 2012. A graduate from the US Army Command and General Staff College (Fort Leavenworth), Mr Gijsbers was promoted to Colonel and deployed to Kosovo as commander of a regimental task force in 1999. Subsequently, he was appointed the Chief of Operations and Plans for the Netherlands Army Training and Doctrine Command, and the Chief of the General Policy Department. In 2003, he took command of the 11th Air Manoeuvre Brigade. Under his command, units were deployed to Iraq. In addition, he prepared units for deployment to Afghanistan, Congo and the EU Battle Group. Mr Gijsbers served as Assistant Chief of Staff for Command, Control, Communications, Computers and Intelligence
34
The power of sharing
of NATO’s Allied Command Transformation in Norfolk. Before
But it’s not just NATO on its own. The threats are faced by all international organisations including the EU. In February 2016, the NATO Computer Incident Response Capability (NCIRC)
heading up the NCI Agency, he was appointed the CIO of the Netherlands Ministry of Defence.
MAIN TOPIC: Cybersecurity
“
The decision to recognise cyber as an operational domain alongside the existing environmental domains of land, maritime and air, will change the way that NATO plans and conducts operations so that cyberdefence is built into the planning from the start.” Photo: NCI Agency
network operations is a very real and irreplaceable strength. A cyberattack doesn’t exist in a vacuum. The whole Agency responds to the variety of threats in a coordinated, planned and efficient manner – cyberdefence is built into NATO’s network from the very start. The benefits generated by this coordinated, integrated approach is not limited to real time operational defence but is applied across the whole cyberlifecycle of activities to prevent, assess, defend, inform and sustain. Whether Agency teams are designing security at the heart of new capabilities, reviewing NATO or (on request) national capabilities or raising awareness of the threat and facilitating information exchange, the whole really is greater than the sum of the parts. And – because of our funding regime – we can readily share this knowledge with Nations as they look to enhance their defences. As an example, the Agency is currently implementing the largest ever system change across NATO. Starting next year, a totally new communication and information system infrastructure will be deployed that will support, replace and harmonise the Alliance’s current information technology in a way that will fundamentally enhance cyberdefence, resilience and robustness. Again, cyberdefence will be built in at the outset.
Need for speed A critical point is the speed at which we can innovate. A number of NATO countries are pioneering new, innovative ways to partner with Industry, including small and medium enterprises, research centres and academia in order to speed up the introduction of cutting-edge technology into their defences. This for me is the next challenge – dramatically increasing the speed with which we can refresh and upgrade our technologies, so that we can stay ahead of the threat. Cyber evolves at the speed of fiber. We need to benefit from the pioneering examples of our member states that are fast-tracking cyberacquisition. In common with any modern large organisation, NATO needs command and control arrangements on which leaders can rely. There are organisations across the world whose aim is to attack and degrade the effectiveness of these arrangements. In order to provide the necessary mission assurance capabilities to NATO now and in the future, my Agency is developing and implementing world class capabilities. Part of our strength lies in the broad perspective we have on NATO IT, and a comprehensive technological approach. But no man is an island and the Alliance is no different. To succeed we must share information and cooperate with other organisations, nations and commerce.
documentation
International Cyber Conflict Conference 2017 This year’s Cyber Conflict Conference (CyCon)
The event is organised by the Tallinn-based
mation sharing among
will take place from 30 May to 2 June 2017,
NATO Cooperative Cyber Defence Centre of
NATO, its member na-
in Tallinn (Estonia). The international confer-
Excellence (CCDCOE), a multinational and
tions and partners in
ence will cover issues ranging from interna-
interdisciplinary hub of cyber defence ex-
cyberdefence.
tional cooperation and conflict in cyberspace
pertise.
to technical challenges and requirements,
The international military organisation es-
> Web More information on the CCDCOE
legal frameworks, regulations and standards
tablished in 2008 has the mission to en-
and CyCon 2017: https://ccdcoe.org/
under ”Defending the Core”.
hance the capability, cooperation and infor-
cycon- 2017.html
35
THE EUROPEAN – SECURITY AND DEFENCE UNION
Cyberresilience: Thinking cyber along entire value chains is essential
Cooperation in cyber is a must by Peter Round, Managing Director of PKR Solutions, Bedale
Divide and rule is an old principle and we don’t have to look far to find leaders using the principle. We are living in an increasingly challenging security environment, which is forcing Europe to rethink its posture, role and strategies in defence and security.
Peter Round is Managing Director of PKR Solutions, an International defence relations consultancy. Until recently he was Director
Is there already an undeclared digital war?
of Capability, Armament & Technology
Looking at some recent cyberattacks, Ukraine’s electricity grid, the German Parliament, German hospitals, DNS-services of the US West Coast and hacking of servers in the US elections, we can see that vital institutions for the functioning of the internet itself, critical services, infrastructures and society at large are no longer safe; they will be attacked whereever there is a possibility. Are we already in an undeclared digital war? The EU Global Strategy (EUGS) recognizes these challenges and the European Defence Action Plan (EDAP) aims to boost R&T and capability development for Defence in the European Union. Cyber is now a domain of warfare. Germany has cyber and information-space as a service like the Army and NATO has cyber as a domain of operations; cyber is crosscutting and pervasive and affects all the other domains. Weapon systems are packed with digital devices, these are connected to the global information grid and have very different levels of protection, which means varying degrees of vulnerability. Digitally ring-fencing our military systems is not an option. We must design systems
at the European Defence Agency (EDA).
► facts
The cPPP on cybersecurity As part of the EU Cybersecurity Strategy, the European Commission and the European Cyber Security Organisation (ECSO) signed a contractual Public-Private Partnership (cPPP) on 5 July 2016. The aim of the partnership is to foster cooperation between public and private actors at early stages of the research and innovation process in order to allow people in Europe to access innovative and trustworthy European solutions (ICT products, services and software). The cPPP will be instrumental in structuring and coordinating digital security industrial resources in Europe. It will include a wide range of actors, from innovative SMEs to producers of components and equipment, critical infrastructure operators and research institutes, brought together under the umbrella of ECSO. The
Photo: EDA
After graduating in defence from Kings College, London, Peter Round joined the Royal Air Force in 1979 and became Air
Commodore. He completed Joint Advanced Command and Staff Training in 1999 and served in various leading positions in UK supported UN operations, in particular Southern Iraq, Afghanistan, the Balkans. After a tour on the Policy Director’s staff in the MOD, he became the UK National Liaison Representative to NATO Supreme Allied Commander Transformation in Norfolk, Virginia, and joined EDA in 2012.
in a way that they can function even if compromised. Military technology will soon be semi-autonomous, autonomous or robotic. This causes challenges for on-board systems as well as C2 and data links. Technology is most secure when security is one of the design criteria from the earliest stages.
A risk-based approach to be followed We cannot stop cyberattacks, we have to follow a risk-based approach but today we still have: • Fragmentation (no or limited information exchange), • Compartmentalisation (“Thank goodness it was them and not me”), • Distorted perception (believing in the inherent secrecy of our own systems…all the while knowing COTS components are transparent to the ‘dark side’). Cyberspace today is characterised by “insecurity by design”. We have to change perceptions and attitudes to stop this getting worse. ‘Thinking cyber’ along entire value chains is key for effective cyberresilience. In the military, all command echelons need to be cyber-aware, but even that is not sufficient. ‘Thinking cyber’ has to be societal. This is reflected in the 2013 comprehensive EU Cybersecurity Strategy.
EU will invest up to €450 million in this partnership, under its research and innovation programme Horizon 2020. Cyberse-
Sovereignty is not an argument
curity market players are expected to invest three times more.
I often hear “cyber is very sensitive and is a sovereignty issue, we cannot cooperate.” How frustrating this is! While I can read about military capabilities in the press, the presence of
> see also Andy Stirnal’s article pages 38–39
36
MAIN TOPIC: Cybersecurity
a soldier on a private sector cyber course is too sensitive to share with friends! Sovereignty is not an argument for lack of cooperation in cyber. Clearly nobody can assume a Nation State’s responsibility for protecting and defending their information and infrastructures. But there are many different ways to establish the required capabilities and defending effectively. Going alone is not an option, the cyberworld moves so fast that Member States will not be able to establish, maintain and use a cyberdefence capability effectively without cooperation. A chain is only as strong as its weakest link and if we are to operate as coalitions then the capable will be affected by the weaknesses of others. We need to think ‘trust’ not ‘sovereignty’. Over the last five years EDA has built an environment to foster and increase trust and to identify common interests and requirements. In keeping with the mandate of the Agency, it supports Member States in building up and maintaining their national cyberdefence capabilities. Pooling and Sharing has also established a framework for doing more together without losing any sovereignty. The decision to cooperate, and with whom and how far, is clearly a sovereign one, which should be taken with trust and common interest as guiding principles.
documentation
EDA Annual Report 2016 – Cyber
Responding to orchestrated attacks Today, our strategic approach must be able to counter coordinated and orchestrated adversaries who may employ both symmetric and asymmetric tactics and techniques around a common strategy (Hybrid). Orchestrated campaigns need orchestrated responses based on reliable indicators and warnings. What I want to stress is that cyberspace, even as a domain in its own right, should not be regarded in isolation but as a set of new means – good and bad. Like in the air a war cannot be won in cyberspace alone. We must act three dimensions (Civil-Military, Military-Military, and Public-Private) to improve cooperation and Pooling & Sharing. We should strive in both cyber and hybrid to reach solutions where the strength of one entity is able to complement the limitations of another. Europe must also ensure its global competitiveness; we need to keep European Defence and the European Industrial Base competitive and relevant.
“CYBER DEFENCE Activities continue in the areas of education, training and exercises, in complementarity with the EUMS initiative on training & education. Ad hoc projects are underway in cyber ranges, for which the Project Arrangement signature process has started; the development of deployable cyber defence situational awareness packages for headquarters; the preparation of a new project dealing with Advanced Persistent Threat Detection project; and with pooling demand for cyber defence
Thinking beyond defence
training and exercise support by the private sector.
To maintain this ability thinking beyond defence is crucial for resilience. We are taking the right steps: • the Cyber Contractual PPP (Cyber cPPP) which has a value of 1.8 billion over three years; • the research elements of the EDAP: the European Commission is planning a substantial investment in defence research in the period 2021-2027; • the Capability Development elements of EDAP. How defence will benefit from Cyber cPPP and the amount of cyber in the EDAP windows is still to come. The EU Global Strategy has opened an interesting dialogue on Defence in Brussels. So don’t just “think cyber” but “think integrated cyber”. Cyber can never stand alone.
The objective is to promote the development of Member States’ cyber defence capabilities, research and technologies in line with the CDP. Finally, Member States provided direction on the organisational arrangements to develop collaborative cyber defence R&T projects in the Agency, and to explore with the European Security and Defence College the details of a Cyber Defence Centre to develop further, the education, training and exercise initiatives. “ Excerpt from the EDA Annual Report 2016 released in March 2017. Source: EDA > Web https://tinyurl.com/kgjbem9
37
THE EUROPEAN – SECURITY AND DEFENCE UNION
Joint definition of strategic cyber research priorities
Time for demand-driven supply of cyber innovation by Andy Francis Stirnal, EU grants and project consultant, Berlin
When preparing political or even administrative acts, the authors usually make sure to explain how the planned approach or activity will offer maximum benefit and efficiency, both for parties concerned and implementing authorities. In political science, this is called output legitimating. In the specific context of European legislation, this process of allowing stake-holders to sit at a table is referred to as structured dialogue. This term took the place of “stakeholder consultation” and was supposed to carry more appreciation. The underlying principle remains that requirements and demands are made clear to consumers and the challenges are openly identified.
Contract for Public-Private Partnership With the launch of a contracted Public-Private Partnership (cPPP) on cybersecurity in the summer of 2016, the European Commission took the subject of cybersecurity up to a top-notch level of collaboration with privileged treatment such as access to policy planning. A privileged treatment that is also intended to maximise the quality of input for administrative acting in an ecosystem that is defined by strong non-European competitors and sometimes opposing or even hostile game changer.
Interdependencies of interests In order to support and promote research and innovation in cybersecurity and foster the development of the European cybersecurity market, a cPPP was signed with partners such as the European Cyber Security Organisation (ECSO), a non-profit association of industries, also created under Belgium law in the summer of 2016. Pre-commercial procurement and public procurement of innovative solutions are possible leverages that this partnership might bring about for the industry, which in turn would be feeding into these public-private partnerships a clear-cut requirements analysis, excellent ideas and innovative technological approaches. The European Commission is about to channel up to 450 million in this partnership on cyber security through its research and innovation programme Horizon 2020, which represents by far the most significant source of innovation funding in Europe in aid of the development of security technology and solutions. It also has a capability-building side effect and will help to improve the competitiveness of the European security industry. Each Euro of public funding is expected to trigger additional investments of three or more Euros by the cybersecurity market players.
Launch of the contracted Public-Private Partnership (cPPP) on cybersecurity. Luigi Rebuffi (left), CEO of the European Organisation for Security (EOS), and Günther Oettinger, at that time Commissioner for the Digital Single Market
38
© European Union 2016, Source: EC–Audiovisual Service , Photo: Jean-François Badias
MAIN TOPIC: Cybersecurity
The basics of the joint programming process The desired consequence of this partnership approach is that industry actors – among them large as well as medium and small sized companies, industry associations and research clusters gladly cooperate in the joint preparation of work programmes for Horizon 2020 by providing crucial knowledge resources with which to align demand and supply within the Research, Development and Innovation process (RDI). The currently available so-called Scoping Papers for the work programme 2018–2020 in the Horizon 2020’s Societal Challenges chapter “Secure Societies” as well as in the chapter of Leadership in Enabling Industrial Technologies’ (LEIT), where the thematic cluster of Information and Communication Technologies outlines the key points of the official work programme that is to be presented in October 2017. For a large part, the Technology Readiness Level (TRL) expected to be reached by the projects handed in aims at 6 or 7 and upwards on a scale of 10. This is an indicator of the intention to develop innovative technologies of pre market-state of innovation, preparing grounds for marketable applications and services, that meet demand and requirements.
Cybersecurity as a cross-cutting challenge This is in clear alignment with the efforts to create a Digital Single Market, a secure and trusted networked environment for governments, businesses and individuals. Cybersecurity today touches upon all aspects of technological, social, economic and political life. Specific research topics will therefore be complemented by multidisciplinary research on essential and strategic cybersecurity paradigms and challenges, addressing non-technical aspects of cybersecurity and digital privacy such as economics and law as well as political science and international relations. The circulating relevant Scoping Papers reflect this imperative balance.
Topics to be addressed 2018-2020 The outlook to the 2018-2020 work programme prioritises firmly anchored values such as further reducing barriers to cross-border cooperation, promoting European standardisation, expanding collaboration between the public and private sector which includes both the transfer of responsibility to acquire and operate capability to the private sector and the emphasis on pre-commercial procurement where appropriate to stimulate market breakthrough. The strategic orientations for 2018–2020 will translate into calls for proposals that encompass topics such as security by design in terms of assurance and protection including privacy, identity, access and trust management, ICT infrastructure and innovative methods of the provision of cybersecurity services. But there is more to be envisaged: Setting up networks, test beds, EU “clusters” of industry and users, security “centres of excellence” as structural approaches balancing collective security and privacy technologies.
In addition to those pragmatic and result driven approaches, attention is assigned to emerging and disruptive technologies. The Internet of Everything (IoE), big data and cloud security, artificial intelligence, new materials like graphene, virtual reality applications for simulation as well as further miniaturisation and synthetic biology will very likely give rise to open and competitive calls for proposals. Furthermore, the Scoping Papers outline the following objectives: the linkage between the cyber sphere and non-cyber threats, the development, sophistication and implementation of tools for advanced analysis and profiling of social media content, including veracity and harmlessness assessments regarding crime and terrorism.
Current opportunities in Horizon 2020 Within the Secure Societies of Horizon 2020, the Focus Area Digital Security as well as the Focus Area Disaster Resilience and Critical Infrastructure Protection are currently offering different kinds of opportunities to co-found innovation with 70% (for-profit-legal entities) or even up to 100% funding rate (non-for-profit-legal entity). The topics addressed encompass: • Cryptography (Call reference: DS-06-2017: Cybersecurity PPP) • Advanced Cyber Security Threats and Threat Actors (Call ref.: DS-07-2017) • Privacy, Data Protection, Digital Identities (Call ref.: DS-082017) • Prevention, detection, response and mitigation of the combination of physical and cyber threats to the critical infrastructure of Europe – addressing communication, health and financial infrastructures. (Call ref.: CIP-01-2016-2017)
What to expect The types of action supported in these Calls for Proposal are both Research and Innovation Action that entail Technology Readiness Levels (TRL) of 3-5 – which spans from “experimental proof of concept” to “technology is validated in relevant environment”, as well as pure Innovation Action aiming at TLRs of 6–7, which in turn translates into “technology demonstrated in relevant environment” and “system prototype demonstration in operational environment”. These Calls should have a strong impact in stimulating the development of applicable technology. Therefore, the Commission considers proposals requesting a contribution of 3–5 million as suitable in order to address appropriately the specific challenges outlined in the Call for Proposals. Having in mind that the public-private arrangements have already got off the ground, one may expect that the cyber-related challenges will be addressed adequately also in 2018-2020, and will translate into a variety of opportunities to participate in the Research and Innovation Programme Horizon 2020. Andy Francis Stirnal is a certified EU grants consultant and project manager. Since 2014 he is the Berlin correspondent for The European – Security and Defence Union.
39
THE EUROPEAN – SECURITY AND DEFENCE UNION
Entire systems are dedicated solely to stealing data and listening in on telephone calls
Telecommunications need protection by Dr Christoph Erdmann, Managing Director of Secusmart, Düsseldorf
Terrorist attacks, mass shootings, and war – security is the defining issue of our time. It is a huge challenge for us all. Every man, woman, and child has an inherent need to feel safe. The floods of refugees currently entering Europe are a clear indication that this is an innate part of human nature that transcends borders. In the telecommunications sector, it was Snowden who brought the topic of security to the attention of the entire industry in 2013. The widespread outrage sparked when he revealed how easy it was to record conversations at will and to steal data was followed by a period of growing uncertainty. It was ultimately discovered that data thieves were not only acting covertly, but that there was an entire system dedicated solely to stealing data and listening in on telephone calls. Individuals feared they had lost their right to communicate freely, companies expected or, in some cases, even suffered substantial financial losses, and high-ranking politicians saw the contents of confidential telephone calls suddenly being made freely available online. The sparkling new world of digital communications, which had previously opened so many doors, had been dealt a serious blow. These developments prompted a rapid growth in the demand for solutions capable of protecting mobile communications. And this is precisely where Düsseldorf-based Secusmart GmbH came in. Secusmart had already dedicated itself to the
SecuSUITE for Government
40
photo: Secusmart
Dr Christoph Erdmann is founder and Managing Director of Secusmart GmbH and head of Technology and Product Management. A specialist in digital voice processing, he holds numerous patents and has produced variPhoto: private
ous publications in this field. In 2006 he was awarded the Borch-
ersplakette by the RWTH Aachen for his exceptional scientific work. While there, he also wrote his dissertation, for which he received the renowned E-Plus award in 2004. Prior to founding Secusmart GmbH, he worked as Technology Manager for NOKIA.
protection of mobile voice and data communications before the Snowden scandal broke. Today, the BlackBerry subsidiary is a world leader in the development and implementation of solutions in this field.
Need for security more pressing than ever before Secusmart’s anti-eavesdropping solutions stand out for their combination of security and user-friendliness. Each of the company’s products aims to enable users to share delicate information securely, while using their cell phones in the same convenient way as usual. Secusmart gives every office the chance to benefit from highly secure communications. In this spirit, it will also enable German authorities to ensure that their communications are protected and not tampered with during the 2017 election year. In the wake of recent suspicions of manipulation regarding political decisions, there is a crucial need for tighter security. Besides the convenience of being able to access Secusmart’s highly secure technology on their familiar mobile devices, Secusmart’s clients enjoy a host of other advantages. For example, Secusmart not only boasts years of experience in developing security solutions, but also operates globally through its parent company, BlackBerry. Secusmart has also established a close partnership with Samsung. As part of this collaboration, it has developed a product that enables leading politicians to make secure calls and safely share data using the latest generation of mobile devices running the Samsung Knox security platform.
MAIN TOPIC: Cybersecurity
SecuTABLET
Security partners By working with experienced partners, Secusmart is able to provide a crucial extra layer of security. For example, the Samsung Knox security platform and BlackBerry’s EASE (EASE Server) mobile application management system work together in Secusmart’s SecuTABLET to provide access to both official apps for working securely and on-the-go and personal apps. The EASE Server allows users to retain complete control over their personal and official apps. SecuSUITE for Samsung Knox gives users all the features they need to protect their cell phone calls and to work securely when away from their desks. Moreover, the solution enables personal apps to be used in accordance with the strict security requirements of German federal agencies. This means users also have access to a wide range of Android apps, including Twitter, Facebook, and WhatsApp.
photo: Secusmart
provide German federal agencies, ministries, and other official bodies with solutions for secure mobile communications for more than eight years. German politicians use SecuSUITE for BlackBerry 10 to protect their calls and to share data safely. Meanwhile, Secusmart’s international SecuSUITE for Government high-security solution safeguards the mobile voice and data communications of more than 20 governments worldwide, also shielding personal data, such as calendar entries, contacts, and notes from third-party attacks. With its SecuTABLET, Secusmart combines all the features needed for users to work securely on the go with the familiar level of convenience provided by a standard Samsung Galaxy Tab S2. SecuTABLET has been provisionally approved by the German Federal Office for Information Security (BSI) at the German VS-NfD (classified – for official use only) security level. The device also enables users to communicate securely according to the SNS standard.
Security solutions for governments The cutting-edge Samsung solutions represent the next chapter in Secusmart’s story of success, which has also seen it
41
THE EUROPEAN – SECURITY AND DEFENCE UNION
The threats of the future require interdisciplinary solutions from all players involved
Challenges in international security by Dr Markus A. Zoller, CEO of RUAG Defence, Thun
Conflicts and threats have changed substantially over time and are now becoming increasingly complex and interdisciplinary without clear front lines or borders. Current military conflicts no longer take place between clearly distinguishable parties but within complex, destabilised societies. Non-linear or hybrid types of warfare are increasingly emerging. The link between covert and overt operations combined with diplomatic and economic pressure and targeted disinformation is therefore a development that should be taken seriously. The consequence of the resulting lack of clarity is that different players are more and more frequently involved in conflicts. Interoperable communication systems will therefore play an even more crucial role in the future, as they are the only systems allowing a situation-based immediate reaction, providing a comprehensive real-time overview as well as restriction-free communication with and between units.
Dr Markus A. Zoller has been CEO of RUAG Defence and a member of the RUAG Group Executive Board since 2013. He holds a PhD in business administration and marPhoto: Ruag
keting and has been project director, head of operations, board member and CEO of large
international business units within such companies as ABB, Alstom, Continental and Siemens. More recently, as an independent consultant, he successfully developed a number of SMEs.
Understanding the threat in a digital world The digital world is evolving at a lightning pace, and significant advances in technology are being made. This brings with it not only additional opportunities but also a great number of risks. Time and again, events around the globe highlight the dangers of so-called cyberattacks, which occur when an unauthorised party gains access to a system from the outside.
Such attacks are particularly critical when they involve the theft, manipulation or destruction of sensitive data. As a result, cybersecurity is now one of the top priorities for military and civilian organisations alike. To successfully defend any system from such attacks, predicting and visualising unusual or conspicuous network traffic is essential. Understanding the threat is crucial for setting up adequate protection. In general, there are three important phases: before, during and after an attack. Before an attack, risks must be identified on the basis of risk profiles and preventive measures taken, such as establishing and rehearsing crisis procedures. During an attack, the most important steps are rapid detection and reaction, as well as ensuring continued operation of the core business. This requires seamless interaction between technology, specialist teams and decision-makers. After an attack, the priority is to restore all systems and, most importantly, to establish what exactly happened, initiate criminal proceedings and improve preventive measures.
Civilian players involved in acts of war
Protecting sensitive data from cyberattacks, is a social challenge that RUAG has made theirs
42
photo: Š RUAG
As a result of the ongoing changes, civilian organisations are also increasingly involved in acts of war alongside military ones. Operators of critical infrastructure including technology, electricity and gas companies become targets or are misused for irregular purposes. The threats we will confront in the future are therefore of a new and multidimensional nature. Taking the current refugee issues as an example, the trend is for the threat to take the form of vague poorly defined scenar-
MAIN TOPIC: Cybersecurity
For RUAG cybersecurity protection has to be continuous and overarching
ios. Particularly as the terrorist organisation Islamic State has already begun to systematically infiltrate Europe by targeted smuggling in of radicalised members. Individuals with intentions that have major implications for security are mixing in with civilian refugees. This development will have a substantial impact on security policy considerations in the next few years.
Industry plays a vitale role It goes without saying that the changed threat situation requires an appropriate adjustment to security strategies and action plans. But it is not only armies and security organisations who need to react to this conflict-related change. The
photo: © RUAG
defence and security industry also plays a vital role here. Its capacity for innovation means that it is in a position to supply well-reasoned solutions to challenges we may face in the future in terms of technology. In addition, thanks to its wide-ranging scope of activity, it can optimise the training of soldiers, recognise security vulnerabilities and promote knowledge-sharing between various institutions through the interface function. The defence and security industry therefore makes an important contribution to stability with regard to security policy. This is because the threats of the future require interdisciplinary solutions from all players involved.
► facts
RUAG Defence RUAG Defence is a leading independ-
threats. The company supports operators
• Simulation & Training
ent provider of integration, upgrade and
of critical ICT infrastructures with state-of-
• Cybersecurity
maintenance services for land-based de-
the-art cybersecurity solutions. Its com-
RUAG Defence’s customers come from all
fence and security systems. Its in-house
prehensive portfolio also covers main-
around the world and include, the Swiss
product portfolio comprises one-of-a-kind
tenance, operation and integration of
Armed Forces, international forces rescue
subsystems and components for national
relevant systems and innovative upgrades
and security organizations, public author-
and international customers.
for these systems.
ities and civilian organisations. Its global
RUAG Defence is a byword for technolog-
expansion strategy is based on consol-
ical expertise at the very highest level. Its
The company’s activities are grouped into
idating and expanding its market posi-
core business includes products and ser-
five business areas:
tion in Switzerland, Germany and France.
vices for tracked and wheeled vehicles,
• Integrated Solutions & Services
Alongside its 14 sites in Switzerland, the
realistic training for soldiers and reliable
• Vehicles & Vehicle Systems
company has branch offices and sales
information and communication infra-
• C4ISTAR & Homeland ICT (communi-
offices in Germany, France, Singapore,
structures, as well as protection solutions
cations, command and control, recon-
Brazil and the Middle East, as well as part-
to counter ballistic and electromagnetic
naissance and radar systems)
nerships around the globe.
43
THE EUROPEAN – SECURITY AND DEFENCE UNION
Just improving the resilience of our information and communication systems is not enough
Cyberwar – will it take place?
by Prof Dr Peter Martini, Fraunhofer Institute for Communication, Information Processing and Ergonomics (FKIE), Bonn
We live in the age of “news” and “fake news”, “facts” and “alternative facts”. Terms which appeared to be well defined and well understood change their meaning rapidly. How about “cyberwar”? The term is often used both by cybersecurity experts and by the general public. However, up to now there is no widely accepted definition of cyberwar and of what constitutes an act of cyberwar. One thing is certain: All modern variants of warfare such as hybrid warfare, asymmetric warfare or counter-terrorist campaigns are extensively cybered up – just think of how terrorists are recruiting in social media.
Prof Dr Peter Martini is director of the Fraunhofer Institute for Communication, Information Processing, and Ergonomics (FKIE) in Bonn and Wachtberg, Germany. In addition, he holds the chair of Computer Science 4 at the Photo: Fraunhofer FKIE
University of Bonn. Peter Martini received a Ph.D. in computer science from the Technical University of Aachen, Germany,
in 1988. After six years as professor at the University of Paderborn he moved to Bonn in 1996. His group became widely
44
Cyberwar already started in 2007
known for its research on counter-measures against botnets:
It may be claimed – and it has been claimed – that we are already living through the first world cyberwar and that we are just leaving it to the future historians to call it this way. The cyber attacks in 2007 on Estonia can serve as a starting point for this first world cyberwar. Significant landmarks in the history books would include the 2010 attack with Stuxnet against Iran’s nuclear program, the hacking of Sony Pictures in 2014, the cyberattack against the German parliament in 2015 and Russia’s alleged interference in the 2016 United States elections. With cyberwarfare, nation states are deliberately trying to gain some advantage. In case of successful kinetic attacks, the results in terms of destruction are more than obvious to anyone visiting the area of impact. In contrast to this, in case of a successful cyberattack, even insiders may have a very hard time in figuring out that a successful attack has happened and in identifying the damage. In many cases, they may not be able to tell whether the hacker was a nation state hacker (official or not), a terrorist or just a criminal: Like in espionage, nation states rarely claim credit for hacking.
The de-mystification of the Conficker worm in 2009 and the
their friends and allies. Cyberspace has become a fundamental element of our daily life, of our social interaction and of our globalized economy. Of course, cyberspace did not sprout by itself – it is entirely man-made. However, disconnecting or switching off the components of cyberspace and simply pulling the plug definitely is not an appropriate solution. Can we learn from history how to improve the protection of our digital state? Yes, we can: City states like the medieval Venice were also faced with a world of uncertainties, but they wanted to keep their markets open and their people engaged with the wider world. Most threats could be handled by resilience based on city walls, granaries for food and cisterns for water. But these city states also needed to disrupt some of the threats before they reached their city walls.
States must face the reality
Resilience alone is not sufficient
Different nation states address the area of cyberweapons in different ways – some are very reluctant, some are pushing ahead, but even those who are extremely reluctant must face the reality that they need to do much more to protect their critical infrastructures and to protect their conventional weapon systems, which are already extensively cybered and will be cybered even more. In the future there may be some kind of an anti-cyberwarfare treaty and strategic arms control for cyberweapons. There already are ongoing activities on confidence-building measures for cyberspace, but progress is slow: When it comes to cyber, most nations do not even trust
For us, this means that we need to improve the resilience of our information and communication systems. The situation has improved a lot, but crucial hardware and software components are still too vulnerable. In addition to that, many systems have reached a complexity which not only gives the user a hard time, but even experienced administrators sometimes have no real chance to reach and maintain the desired security level. Thus, in addition to technological progress we also need significant progress in the area of usable security. Resilience is not a static state. Instead, resilience refers to a highly dynamic process covering the whole lifetime of ICT sys-
Avalanche takedown in 2016 are examples of successful application-oriented research.
MAIN TOPIC: Cybersecurity
“
When it comes to cyber, most nations do not even trust their friends and allies.” Peter Martini
tems. We need to address a whole chain of measures: preventing vulnerabilities, detecting attacks, responding to attacks, resilience of systems, analysis of breaches and actors. As indicated above, resilience alone is not enough: is if there is no risk of being caught and punished, then the incentive for attacks is extremely high. Thus, the proper attribution of attacks is of utmost importance. The prerequisite of attribution is a sound analysis of the capability and knowledge of various potential attackers, their techniques, tools, tactics, procedures and infrastructures. Thus, in addition to the usual victim centric approach we need attacker centric approaches in the cyberdomain.
New forms of cooperation In the high-tech domain of cyberspace, the combined approach of improving resilience (wherever possible) and disruption (where appropriate) requires new forms of cooperation between public authorities and research institutions. In recent years, we at Fraunhofer FKIE managed to establish close and fruitful cooperation with the German Federal Institute for Information Security (BSI), as well as with the police and the prosecutor’s offices. We look forward to extending our effectiveness by cooperating with the newly created German Cyber and Information Space Command, which is going to become fully operational in April 2017.
documentation
Germany’s new Cyber and Information Space Command (ed/nc, Paris) On first April 2017 the German Bundeswehr’s new Cyber and Information Space Command (“Kommando Cyber und Informationsraum” – KdoCIR) became operational. With its own organisational structure, the Command is becoming the sixth branch of the German military (besides the army,
German Federal Minister
navy, air force, joint medical service and joint
of Defence, Ursula von der
support service).
Leyen © 2015 Bundeswehr / Hannemann
This new branch exclusively dedicated to cyberspace and aimed at better protecting the Bundeswehr’s IT structures from the thousands of daily cyberattacks was announced by Defence Minister Ursula von der Leyen on 26 April 2016. Before, in November 2015, the Minister had tasked a staff group with developing plans for a reorganisation of the
“
The Bundeswehr of the future is in urgent need of more modern and professional IT structures, as well as more clout in the cyber and i nformation space.”
cyber, IT, military intelligence, geo-information, and operative communication units of the Bundeswehr. locations and branches, as well as experts
quarters until early 2016), is heading the
The KdoCIR will initially comprise 260 per-
from the private sector.
new cyber branch.
sonnel which is to be stepped up to 13.500
As the first Cyber Inspector of the Bundes
by bringing together under one roof military
wehr, Air Force General Major Ludwig Lein-
and civilian staff currently dealing with cy-
hos (a cyberwarfare specialist responsible
> Web More information (in German):
bersecurity but widespread over the different
for cyberdefence at NATO’s Brussels head-
https://tinyurl.com/lp3c6rh
45
MAIN TOPIC: Cybersecurity
Enabling users to effectively do their job
Cybersecurity preparedness – an educational approach Interview with Florian Lindemann, Executive Manager, Cyber Academy, Berlin
Cybersecurity is a vital issue – as anyone reading this edition will agree. But in addition to regulatory efforts, technical innovations and cyberdefence strategies, what else can we do in order to ensure the requisite level of IT security? I met with Florian Lindemann, Executive Manager of the Berlin-based Cyber Academy (Cyber Akademie – CAk) to ask him about cybersecurity preparedness. The European: Mr Lindemann, this last year has brought home the pivotal nature of cybersecurity. It is not only omnipresent in international affairs, but pervades our everyday lives as well. Founded in 2012, the Cyber Academy focuses on IT security and data protection. What is your approach and what are your aims? Florian Lindemann: The Cyber Academy’s objective is to ensure the secure digitisation of the state, economy and society and a safe digital transformation in companies, administrations and security structures. The focus of those efforts is on IT security and data protection. Ours is an interdisciplinary and cross-cutting approach. The European: Why is an interdisciplinary approach so important for you? Florian Lindemann: Our basic assumption is that the challenges confronting companies and administrations in many
areas are similar or even identical. We therefore believe that a cooperative approach makes more sense than a silo mentality. The Cyber Academy’s aim is to enable participants to clearly measure the tasks and challenges, to draw up strategies and to take decisions that are right for them, in terms, for example, of the choice of services and products. The Cyber Academy’s courses comprise three pillars: basic and further training, specialised events and specific services such as crisis-management training, cyberattack simulations, etc. The European: That means cybersecurity awareness and preparedness through education and training. How are your seminars organised? Florian Lindemann: Our programme of seminars is divided, roughly speaking, into three parts. We organise information seminars giving an overview of the latest regulatory developments in the field of IT security and data protection, as well as of the relevant legal areas, such as IT procurement and
Berlin, domicile of the Cyber Academy and one of the most important locations for the digital economy in Europe and worldwide
photo: © rudi1976, Fotolia.com
47
THE EUROPEAN – SECURITY AND DEFENCE UNION
labour law. Two recent examples are the NIS Directive1 and the European Data Protection Directive. A second area is that of technical seminars, providing basic and further training in, for example, Mobile Device Security or Cloud Security. Best practice training geared to experience and practical knowledge is the third type of course on offer. This entails an approach to the seminar topic based on real-life examples and best practice knowledge, e.g. what are my tasks as the person in charge of data protection? How do I conduct IT audits?
adapt their means of attack quickly and flexibly, circumventing traditional defensive measures easily. How can organisations possibly be prepared for such fast-paced developments in the field of cybersecurity? Do they have any chance of gaining the upper hand?
The European: You mentioned services as the third division of the Cyber Academy. What is the purpose of these and what benefits do they bring over and above the seminars? Florian Lindemann: In the services area, the practical aspects take precedence. An example is our Cyber Defence Simulation Training. During the week-long course participants discover what happens during an IT security incident. How to recognise an incident or an attack? How to respond? Participants are confronted with stress situations and then, together, we analyse their practical and psychological reaction. A new development in this regard is our Cyber Academy Summer School. Here we are taking advantage of the summer months to organise intensive courses for management staff lasting several days in Tirol. The focus is not only on technical expertise but also on a change of perspective, which is why we will not just be sitting around in meeting rooms… I’ll leave it at that for the moment.
The European: Are there long-term cybersecurity strategies that you can impart to the participants in your seminars? And how can organisations counter the ever-changing means of attack? Florian Lindemann: The threat level is indeed high and there are new scenarios every day. However, there are long-term strategies, or key questions that organisations should ask themselves with regard to their security and business model: What are “the crown jewels” of my organisation? Which processes must not under any circumstances be disrupted? Which information must at all costs be guarded against forgery and theft? What technical and organisational measures should I implement and what resources (financial, manpower) do I have at my disposal for that? At the same time, it is useful to develop an overall concept for prevention, including measures aimed at detecting and responding to incidents. An integral part of this is to develop a network of partners who can provide support in case of need and with whom one can exchange information. These may be, for example, service providers, security authorities such as the BSI or professional bodies.
Since I have an expert at hand, I want to ask a question that is bothering me personally: every day hundreds of thousands of malware-variants are discovered. Attackers are able to
The European: Regarding your network: Who are your partners and what is their function within the Cyber Academy? Florian Lindemann: Our network of partners is crucial for the
The Munich Cyber Dialogue: bringing together decisions-makers from industry and politics to discuss secure digitisation
48
photo: Cyber Akademie
MAIN TOPIC: Cybersecurity
“
Companies and authorities need a clear digital strategy that takes the security aspect on board from the get-go.”
.
academy. We cooperate closely with specialised lawyers, auditors, IT security experts, authorities and users. The advantage is that our work and courses remain closely geared to practical aspects so that we can quickly take on board new trends and developments.
photo: Cyber Akademie
Florian Lindemann has been working for many years in the area of the secure digitisation of the state, economy and society. He worked previously for a digital association and media company, and started developing Cyber Akademie GmbH in 2015.
The European: So what have you and your network of partners determined as important topics and highlights in your programme for the current year? Florian Lindemann: In addition to our 50 seminar topics allow me to mention the events that form the second pillar of our programme. A few weeks ago, for example, we held a fascinating workshop on legal certainty in relation to investigations by authorities and companies. The workshop tackled such questions as how the police and public prosecutor organise investigations in response to IT security incidents. Which outside experts can I call on to support my team? What elements should a good IT report contain in order to stand up as evidence in court? A special event this year will once again be the Munich Cyber Dialogue, on 29 June. Each year this event brings together CIOs, Cisos, IT department heads etc. from industry and the ITC sector, representatives of administrations, political leaders and experts to talk about secure digitisation in Germany. This conference is always one of the annual highlights, since it allows a cross-sector discussion of both strategic and highly practical questions. Cyber defence and IT security have long been an ambivalent topic for many people. It is clear that securing the cyber space is of the utmost importance due to the pervasiveness of the In-
ternet, but the technical aspects were and still are still difficult for non-experts who suddenly find themselves having to deal with it, such as politicians and CEOs, to comprehend. I wonder if this has changed… The European: What is your impression from your seminars and events: have decision-makers fully grasped the importance of secure digitisation? Florian Lindemann: Judging by the political measures adopted by Germany in recent years, I would say the answer is yes: during the 17th legislative period, for the first time, there was a committee of inquiry on the Internet and Digital Society which addressed the issue of a digitised society from a very broad perspective; IT security was just one aspect. This preparatory work paved the way for the creation of a new committee during each of the following legislative periods: the current one is on the Digital Agenda. Another result is the German Government’s Digital Agenda laying down guidelines for the current government’s digital policy. So clearly, growing political importance is being given to the issues of digitisation and IT security. There is recognition of the vital relevance of these issues for society
49
THE EUROPEAN – SECURITY AND DEFENCE UNION
and the economy, particularly in the case of Germany, with its industrial production, high level of education and research sector. Thus, the outlook for Industry 4.0, an originally German concept that is now an international one, is good.
On the other hand, time and again we find small companies and even local authorities that recognised the possibilities of digitisation early on, and that are innovative and have the issue of IT security on their radar screens.
The European: With reference to the digitised economy and Industry 4.0: looking at our security capacities and competences, are we ready for the Internet of Things and Industry 4.0? Florian Lindemann: I would say that the question doesn’t arise in those terms. Companies all over the world are recognising the possibilities and opportunities that are opening up due to digitisation, for example in the fields of production, logistics, maintenance, etc. Anyone who fails to keep up with these developments runs the risk of being left behind by the market. This means that companies must rethink their business models, check their processes and train their staff with this precise aim in mind. It is evident that a higher degree of interconnectedness comes with increased vulnerability, which is problematic, especially if old devices that were not designed for this purpose are connected to the Internet. Companies and authorities therefore need a clear digital strategy that takes the security aspect on board from the get-go.
The European: So what are the main challenges? Florian Lindemann: A big challenge as I see it, at least in Germany, is the shortage of IT experts and indeed of qualified staff in general. The Bitkom, the German professional association of this branch, estimates the lack of IT specialists at more than 50 000 in the case of Germany. Companies and authorities are in direct competition for recruiting the “best brains”. A cooperative approach might be the solution. Specialists also need to be trained. What I am getting at is that digital training should be part of the curriculum from the outset. This is why we think that our educational approach is important, in order to enable employees to work effectively. This means not only life-long learning but also “thinking digitally”. Leaving the office of the Cyber Academy in the East Berlin, I am convinced that Florian Lindemann and his team have the right approach: training and education will enable us all to deal with the challenges and grasp the opportunities of digitisation. So why does the Academy only operate in German-speaking countries? “We are still a young outfit, let’s see how the company develops in the future!” smiles Mr Lindemann.
The European: What, in your opinion, are the most important factors in order to implement such a digital strategy within the administration, companies and also law enforcement agencies? Florian Lindemann: Up until now, companies and law-enforcement agencies have not all been on the same wavelength in this respect. It is not just a matter of financial resources. Naturally it is important to develop an infrastructure and to recruit experts, but an organisation must first of all define its priorities with regard to digitisation and security. Not all companies, even the big ones that could afford it, have done this so far.
The interview was led by Alexa Keinert, Editor of The European – Security and Defence Union.
1 Please also see the article on the NIS Directive on page 26
Questions to the founder of the Cyber Academy, Uwe Proll, Berlin ► The European: The Cyber Academy has been in existence for five years now. What prompted you at the beginning of the decade to create this Academy, which by now has become an institution? Uwe Proll: It was already obvious five years ago that the digital world was increasingly pervading our professional, social and private lives, bringing with it the risk of misuse and criminal activities, just like in the analog world. In addition to the transposition of analog forms of crime to the Internet there are also genuinely new digital forms of crime.
50
► The European: Your concept has proven itself at national level. Have you ever considered extending your activities to the European and international levels? Uwe Proll: The Cyber Academy is also a Berlin-based think-tank which has the aim of bringing about an agreement comparable to the Geneva Convention defining how states may or may not use cyberwarfare. They may not, for example, use it to attack other states’ critical infrastructure. The EU, OECD and UN are our partners. To that extent we are international.
Interview by Editor-in-Chief Hartmut Bühl
Third Dimension
How to heal Europe’s operational blindness
photo: NASA, Marshall Space Flight Center, CC BY NC 2.0, Flickr.com
The aim of European space policy is to strengthen Europe’s strategic independence and global position in the field of space. For that it is essential to guarantee Europe’s independent access to space and its use for industrial andeconomic as well as defence purposes.
THE EUROPEAN – SECURITY AND DEFENCE UNION
Galileo, Copernicus and EGNOS – the success of a European strategy
Galileo: Public service of general interest in the European Union by Monika Hohlmeier MEP, European Parliament, Brussels/Strasbourg
The Space Strategy of the European Commission, published in October 2016, underlines that space policy is a key priority for the EU. It was a major step for the EU to promote the space policy with the strategic focus on sovereignty and independence. However, the figures still emphasise that the EU has to improve its competitiveness and its commitment as a global space actor. In 2015, we spent only 10 dollars per capita for space issues whereas Russia spent 21 dollars and the US as much as 57. Space is one of the most obvious policy areas where European cooperation is not only necessary, but also imperative. Only the EU is able to be a global actor in space related issues, as the financial implications are very high and the complexity of the matter requires cooperation between scientists in the whole EU as well as pooling of national knowhow. The flagship programmes Galileo, Copernicus and EGNOS demonstrate the success of a European strategy. The inception was cumbersome and full of mistrust, later on the Commission stopped the PPP and took over the responsibility for the governance together with GSA and ESA. Now all programmes are improving, especially Galileo.
Monika Hohlmeier MEP has been a Member of the European Parliament since July 2009. She has been chairing the European Parliament’s Sky&Space Intergroup since 2014. Ms Hohlmeier is the Vice-President of the Committee on Budgets, a member of the Committee on Civil Liberties, Justice and Home Affairs and a member of the Delegation for relations with the People’s Republic of China. She is also a Substitute Member of the Committee on Budgetary Control and also of the Delegation to the EU-Albania Stabilisation and Association Parliamentary Committee. Ms Hohlmeier serves as Parlamentary Secretary to the board of the CDU/CSU-group in the European Parliament. Before becoming a MEP, she was Member of the Bavarian Parliament from 1990–2008, and has been State Secretary of the Bavarian State Ministry of Education and Cultural Affairs (1992-1998), and Minister of State of the Bavarian State Ministry of Education and Cultural Affairs (1998-2005).
Rescue Service (SAR) and the Public Regulated Service (PRS). The Open Service is a free mass-market service for positioning, Progressing on plan navigation and timing. It can be used by Galileo enabled chipThree of four services of Galileo are already available. The sets e.g. in smartphones or in-car navigation systems. Galileo’s Initial Services include the Open Service (OS), the Search and Search and Rescue Service (SAR) reduces the time to detect emergency distress beacons from up to three hours to ten minutes. The accuracy of the distress beacon locations are improved significantly, now a lost person is localised within 5 km instead the previous 10 km. This helps to find people lost at sea or in the mountains much more rapidly, thus saving lives. The Public Regulated Service (PRS) is for users authorised by Member States’ governments only, such as civil protection, fire brigades, customs officers and the police. It is particularly robust and fully encrypted to provide service continuity in national emergencies or crisis situaAn Arian 5 rocket carrying 4 Galileo satellites was launched from Kourou, French Guiana, in November tions, such as terrorist attacks. 2016. View of a satellite Photo: © European Union, 2016, Source: EC-Audiovisual Service, Photo: Jean-Marc Guyon
52
Third Dimension
“
If signals from satellite-based navigation systems were suddenly switched off, this would have tremendous consequences for the European economy and security”
.
A public service of general interest Galileo can therefore be seen as public service of general interest in the EU as it is a reliable alternative under civilian control in comparison to American GPS and Russian GLONASS system. Satellite positioning has become a more and more essential service that we often take for granted. However, if signals from satellite-based navigation systems were suddenly switched off, this would have tremendous consequences for the European economy and security. It would not only create immense chaos in the whole transport system, but also all financial and communication activities as well as emergency services would come to a halt. Although only 18 of the planned 30 satellites are in orbit by now, the OS demonstrates all the benefits it can offer by full interoperability with GPS since the launch of the initial services in December 2016. Thanks to GPS more satellites are available and the two systems together guarantee more accurate and reliable positioning for end users. Navigation in cities, where tall buildings often block satellite signals, will particularly benefit from the increased accuracy. The remaining 12 satellites will be launched in the next 3 years: 4 in 2017/2018, 4 in 2018 and 4 in 2019.
The system’s advantages Meanwhile, 85 % of all chipset manufacturers including companies as Qualcomm, Broadcom, Intel and Mediate announced their switch to Galileo, as they are convinced of the system’s advantages and because of the obligations imposed by the European legislation. The stability of Galileo Systems, the coverage, the precision and the accuracy are the basis for the fully deployed Commercial Service to be achieved by 2020, for which the launching of the remaining 12 satellites is essential.
photo: Pablo Garrigos, European Union, audiovisual Service
This Service will complement the Open Service by providing an additional navigation signal and added-value services in a different frequency band. The CS signal will be encrypted in order to control access to Galileo CS services and ensure a high level of security.
The third countries’ interest The level of interest of third countries makes the enormous value and success of PRS obvious. Not only Norway and Switzerland, who are contributing members of the European Space Agency (ESA), have started negotiating about access to the Galileo PRS System, but even the United States of America have announced their interest in the use of PRS and its secure channels.
Market implementation The roll-out phase is crucial, we must make sure that ambitions translate into concrete outcomes and that the competitiveness of our space sector is strengthened. Therefore, it is good that the market implementation of Galileo is combined with legislative actions such as the eCall regulation of 2015, which obliges car manufacturers to equip new cars with the eCall technology as from April 2018. Furthermore, it is important to channel more resources to the European Global Navigation Satellite Systems Agency (GSA) located in Prague, which is responsible for the constant dialogue with user communities, industry and stakeholders. It aims at ensuring that all products are Galileo-capable and ready for Galileo’s deployment. GSA’s objective is to make Galileo the world’s second GNSS reference system by 2020. This requires that the space sector be well funded in the future; in comparison to other global players in space, the European expenditure is still small.
53
THE EUROPEAN – SECURITY AND DEFENCE UNION
Rapid connectivity, agility and security
Satellite communications for security and defence solutions by Karim Michel Sabbagh, President and CEO, SES, Luxembourg
Satellite solutions are increasingly the preferred medium for governments seeking the most secure transmission paths and cost effective solutions. These are vital for maintaining homeland security, protecting the lives of citizens from the threats that have sadly intensified in Europe, managing waves of refugees, and responding to damage caused by natural disasters.
Indicators for growth 1. Globally, the market for government and military fixed satellite service capacity is expected to grow at 3% CAGR (Compound Annual Growth) over the 2015-2025 period, and even more growth is expected for High Throughput Satellite capacity, surging from 3 Gbps (Gigabit per second) in 2015 to an expected 115 Gbps in 2025.1 2. The exponential growth in Intelligence Surveillance and Reconnaissance (ISR) based on Remotely Piloted Aircraft Systems (RPAS) – for both civil and military uses – acts as a particularly good indicator of that growth. RPAS used worldwide reached about 29,000 in 2015, more than doubling from 20142. The connectivity required for RPAS is also increasing moving from today’s demand of 3–5 Mbps (Megabits per second), e.g. Predator, to next generation of RPAS where the demand is expected to be over 100 Mbps. 3. SES’s portfolio of international government business has doubled over the past two years, serving more than 60 government customers globally today. The three major features of SES’s new satellite fleet are: Rapid connectivity, agility and security.
coordination. Real-time dissemination of still images or full motion video up and down the chain of command is essential to execute the missions more effectively, enabling better-informed life-saving decisions in the field. SES’s new satellite fleet will be able to transmit Terabits per second, multiplying on-board traffic by one or more orders of magnitude. SES is serving these needs by launching High Throughput Satellites in the GEO orbit at 36,000 km, expanding O3b’s constellation providing low latency and fiberre equivalent connectivity from the MEO at 8000 km, and innovating with assured frequency bands with GovSat-1, our newest program as a case in point.
Agility Government and military forces regularly deploy at a moment’s notice to conduct surveillance operations over large areas, provide disaster response or offer e-health support for disease control, among many other urgent global missions. When these surges occur, there simply must be additional agile commercial satellite communications and government satellite communications capacity available. SES offers high-speed data rates capabilities and efficient use of bandwidth to meet the rising customer expectations. This means enabling dynamic, flexible services that can be switched on rapidly and adjusted on demand across the entire global network.
Security
Providing high-powered coverage will transform the security environment globally. Future ISR platforms will monitor borders, events and cities, while High Definition surveillance Enhanced data capabilities are needed for improved situationplatforms on RPAS will develop even further alongside this new al awareness at multiple levels of command allowing better satellite technology. Secure communication for defence and civil use will be achieved by creating a new and innovative model called governmental satellite communicaKarim Michel Sabbagh tions. This model will enable access by European has been President and CEO of SES since 2014. Born in 1963, he holds a docUnion Member States to high secured communitorate in international business management from the International School of cations networks based on military bands while Management (Paris). Mr Sabbagh served on the board of SES from 2011 until remaining financially affordable. 2013 and was a member of the audit and risk committee of SES for the same The first cornerstone within this new model is period. He is Chairman of the executive committee and Chairman of the board GovSat, a venture jointly held by SES and the of SES ASTRA, and also serves on the board of YahLive as well as the board of Luxembourg Government, with its dedicated the Business Federation of Luxembourg. Mr Sabbagh is a visiting professor at military band GovSat-1 satellite planned to be Ecole des Ponts et Chaussées Paris Tech (Grandes Ecoles) in France. launched in the second half of 2017.
Rapid connectivity
54
Third Dimension
“
Secure communication for defence and civil use will be achieved by creating a new and innovative model called governmental satellite communications.”
Solutions ISR and RPAS: Command, Control, Communications (C4ISR), manned and unmanned aeronautical platforms as well as other autonomous land and maritime platforms are the key demand drivers of future satellite communications capabilities. The NATO Alliance Ground Surveillance (AGS), with a mandate recently awarded to GovSat, is an illustration of how such demand is addressed as a secured service, supporting the command & control and sensor data communications required by NATO Global Hawk vehicles over AGS operational area. Maritime Security Communications: Another important need for RPAS is in the sector of Maritime Security. Maritime Airborne Surveillance combining RPAS and satellite capacity provide flexible solutions to reach-back teleports, as well as data management and allows for the distribution of services/imagery on a global scale for detection, location, tracking, recognition and identification of mobile and fixed targets both at sea and on the coastline. Border Control: Beyond Maritime security, commercial satellite communications can give governments sustainable situational awareness of weaknesses or threats for border control, in particular for the purpose of video screening and obtaining imagery in places where security personnel may not be present. As an example, SES is supporting the Ministry of Defence of Niger with advanced satellite monitoring and communications system to enhance its current capabilities to support the troops of Niger in their fight against terrorists on their borders. When not used by the Ministry of Defence, resources are routed to the population of Niger which can have access to communications technologies, data, e-health and e-education services which in turn helps Niger to build a growing sustainable economy.
Disaster Relief Beyond traditional defence and security requirements, European and international organizations leverage our satellite communications in response to humanitarian assistance and
disaster relief efforts where other means of communications are not readily available. Recently, following the devastating Hurricane Matthew in Haiti, emergency.lu provided connectivity to humanitarian responders in close collaboration with the World Food Programme as global lead of the Emergency Telecommunications Cluster. emergency.lu terminals used dedicated SES capabilities to re-establish vital communications.
Recommendations 1. While satellite communications are recognised as essential for Common Secure and Defence Policy management operations, the challenge stemming from shrinking defence budgets is aggravated by the fragmentation of European markets, which leads to the unnecessary duplication of capabilities, organisations and expenditures. European aggregation of overall demand and a coordinated institutional procurement procedure focusing on longer-term engagements are needed to prepare the right end-to-end solutions to fulfil Europe’s security and defence requirements by involving industry best practices. 2. Turning to regulation for joint government/commercial programmes, I would encourage the concept of ‘public-private’ investment when pursuing NextGen European broadband Governmental satellite capabilities. In addition, any future longterm and innovative space-application programme investments for the European defence and security will require an appropriate and stable legislative environment. Our existing and planned satellite capabilities can already meet many of the applications needed today. Still, SES will continue to work closely with all institutional European stakeholders to define the next generation commercial satellite communications and government satellite communications solutions. 1 NSR, Government and Military Satellite Communications, 13th Edition, November 2016 2 Euroconsult, Executive Summary, Prospects for Remotely Piloted Aircraft systems, Market analysis and forecasts, A vertical market analysis of major drivers, key issues and demand take-up, May 2016
55
THE EUROPEAN – SECURITY AND DEFENCE UNION
Significant Space Intelligence and Space Awareness capabilities for European defence
Are Europe’s space defence ambitions on the rise? by Bernd Kreienbaum, Senior Advisor IABG, Munich
The answer to this question can only be, yes of course. If not now, then when will the European Union be compelled to move towards a European Defence Union? This goal must and will include significant Space Intelligence and Space Situational Awareness (SSA) capabilities in a mix of EU and coalition owned assets as well as national capabilities. Up to now the European Space focus was on civil services in the fields of navigation (Galileo/EGNOS), meteorological and communications satellites and global earth observation (Copernicus) with EU investments of around 12 billion for the 2014–2020 timeframe. The hoped for defence related space capabilities will add extra budget demands. This is not new, the EU Framework for Space Surveillance and Tracking (SST) Support was adopted in April 2016, but it is being implemented painfully slowly. No real progress will occur without a set of powerful SST Radars in Europe also as precondition for future European exo-atmospheric interceptors for missile defence and the protection of own space infrastructure.
More autonomous and coherent capabilities Some strokes of luck have altered the European and transatlantic defence landscape, exerting pressure on the EU Member States to strive for a more autonomous and coherent defence capability and become the European pillar and unified partner for NATO. These so to say “lucky” events were: • Brexit, putting an end to the British obstruction on the practical implementation of the EU Common Security and Defence Policy as for example the establishment of a EU military
Figure 1
headquarters and a joint planning ability1; • the US election outcome, with the two most significant contentions (a) America first (b) without adequate own defence spending no US protection; • the erratic Turkish policy, forcing to reconsider the role of NATO, as a defender of freedom but not values, as well as the role of the EU. These events significantly influenced the EU defence policy and action in the last six to nine months with particular resonance on space matters. As a political framework, the EU released in June 2016 a “Global Strategy for Foreign and Security Policy” encouraging defence cooperation and fostering and fostering a solid European defence industry, which is critical for Europe’s autonomy of decision and action, as well as requesting an appropriate level of strategic autonomy. This ought to expand Europe’s ability to safeguard peace and security within and beyond its borders.
The EU’s Space Strategy for Europe On 26 October 2016 the EU issued “The Space Strategy for Europe” connecting for the first time civil and defence space activities with a hitherto unknown quality. Key points were: • space technologies as strategic assets for Security & Defence (Galileo & Copernicus); • autonomy in using and accessing space; • synergies between civil & defence space activities; • ensuring protection and resilience of space infrastructure; • reinforcement of SST to address other threats.
European Space Ambitions – What is genuinely new? Space Strategy for Europe 26 Oct. 2016 Global Strategy for EU Foreign & Security Policy June 2016
EU Decision for SST 16 Apr. 2014
Implementation Plan Security & Defence 14 Nov. 2016 European Defence Action Plan 30 Nov. 2016
EU Space Applications & Defence Aspects are connected and cross-referenced in all these documents which was impossible before! Source: bKEC
56
Third Dimension
On 14 November 2016, six days after the US election, the High Representative of the Union for Foreign Affairs and Security Policy, Federica Mogherini, released the Implementation Plan on Security and Defence under the title “A Europe that defends”, with more urgent calls than ever before such as: • It is time for single headquarters • Moving towards common military assets, in some cases owned by the EU • Retain & develop full spectrum space capabilities for e.g. Intelligence, Surveillance & Reconnaissance (ISR), access to space & permanent earth observation • Establish a European Defence Fund and permanent structured cooperation The seriousness of the above scope was illustrated by the launching of a European Defence Fund on 30 November 2016, as a starting point for fostering EU investments in strategic capabilities. It is a novelty in space defence matters that EU civil and defence space applications are now connected and cross-referenced in the above documents. This was politically impossible before (see figure 1).
Bernd Kreienbaum is senior advisor to IABG, Defence and Security, the German Defence Technology Think Tank and Simulation & Integration House. He studied Electronic, Radar & Communication Engineering and served in the German Air Force of which over Photo: private
13 years in the Ministry of Defence. Until 2007, Mr Kreienbaum held various posi-
tions in the NATO International Staff, including Head Air Armaments Section and Special Programme Coordinator covering NATO’s major Missile Defence and Theatre Missile Defence as well as Alliance Ground Surveillance (AGS) activities. From 2010 until 2013 he co-chaired the NIAG Study Groups on industry and technology BMD aspects. In 2014/15, Mr Kreienbaum chaired the NIAG study group on Alliance Future Surveillance & Control (AFSC), the follow-on capability for NATO E-3A/AWACS. The views expressed in this article are Mr Kreienbaum’s personal views.
There is a move! Taking into account the political pressure behind this development I assume: • Europe is on its way to becoming an “autonomous” NATO pillar and partner as regards space. • Space ISR and SST/SSA are priorities to achieve strategic autonomy, the current dependency on the U.S. is politically unacceptable. • Trust between the member states in this sensitive area needs to be developed and rules of reciprocity need to be implemented. • Space ISR and SST/SSA will be closely related and be made part of Cyber and Information Domain. • Synergies between military and civilian space programmes will be fostered; ongoing civil versus military competence disputes need be solved.
Figure 2
• High priority investment could be channelled to the European Midcourse Defence Radar(s) (see Figure 2). On the whole, we trust that European industrial cooperation will be pivotal in providing the essential space and groundbased components. The necessary technologies are at hand in Europe. Moreover we have to admit that transatlantic involvement is getting more difficult and that the “black box” ITAR2 policy is becoming unacceptable.
1 On 6 March the EU decided to set up headquarters for all military operations in order to increase the quality of the Common Security and Defence Policy. 2 ITAR International Traffic in Arms Regulations
European Midcourse Defense Radar (EMDR) (an assumed lay-out)
• 320.000 T/R-moduls (X-band) • electronic beamforming • mechanical coarse orientation • antenna diameter 10m • instrumented range 4000 – 5000km • standard separation 0,15km x 1,5km • fine separation < 0,2m • detection, discrimination & tracking • 24/7 operation • designed life expectancy > 30 years • Space Surveillance and Tracking • Space Situational Awareness - space weather - space object catalogue contribution - collision warning - overhead warning - missile warning & tracking - consequence of intercept - debris warning – population protection
Source: bKEC
57
THE EUROPEAN â&#x20AC;&#x201C; SECURITY AND DEFENCE UNION
Eyes in the sky for troops on the ground
NATO Alliance Ground Surveillance by James E. Edge, General Manager, NATO AGS Management Agency (NAGSMA), Brussels
One of the crucial capabilities to successful military operations anywhere in the world is information superiority; knowing as much about the adversary as possible provides own forces with an instrumental advantage. Therefore, intelligence, surveillance and reconnaissance or for short ISR, plays a vital role in practically any ongoing or future conflicts. NATO currently relies on ISR assets provided by its member nations, however, the future looks much different. 15 NATO nations are acquiring the NATO unique, owned and operated AGS Core system. The AGS Core system will be operated and sustained by all Allies (@28). When system delivered and operational it will enable the Alliance to perform persistent surveillance over wide surface areas from high altitude, long endurance unmanned air platforms operating at considerable stand-off distances and in any weather or daylight condition. Using advanced radar sensors, the AGS system will continuously detect and track moving objects throughout the observed areas, as well as providing radar imagery of areas and stationary objects. The collected surveillance data will be disseminated, in near-real-time (NRT), through line-of-sight (LOS) and beyond-line-of-sight (BLOS) data links to AGS ground stations, interoperable NATO, and national C2ISR systems.
AGS System Overview The AGS components will be an integrated system consisting of an air, a ground segment and support segment. The air segment will be based on the Block 40 version of the US RQ-4B Global Hawk high altitude, long endurance (HALE) unmanned aerial vehicle (UAV). The UAV will be equipped with the state-of-the-art Multi-Platform Radar Technology AGS Insertion Program (MP-RTIP) ground surveillance radar, with an exten-
James Edge has been General Manager for the NATO Alliance Ground Surveillance (AGS) Management Agency (NAGSMA) since 21 January 2013. He holds a MS in National Resource Strategy from the Industrial College of the Armed Forces, an MBA Photo: private
from Golden Gate University and a BS in Engineering Technology from Texas A&M
University. Jim Edge retired from the United States Air Force in 2005 with the rank of Colonel, having served in the Pentagon as the Deputy Director for Strategic Aircraft Systems in the Office of the Under Secretary of Defense, Acquisition, Technology and Logistics. Prior to taking up his duties with NAGSMA, Jim Edge was the Director of International Business of a US Company and before that, he was Deputy General Manager of NACMA in Brussels.
sive suite of LOS and BLOS long range wideband data links. The air segment will also include the ground-based UAV control stations, which will normally be located at the AGS Main Operating Base (MOB) at Sigonella Air Base, Italy. The ground segment will provide an interface between the AGS Core system and a wide range of C2ISR systems to interconnect with and provide data to multiple deployed and non-deployed operational users, including reach-back facilities, remote from the surveillance area. The deployable ground segment component will consist of a number of ground stations in different configurations, such as mobile and transportable, which will provide data link connectivity, data processing and exploitation capabilities, and interfaces for interoperability with C2ISR systems. The ground segment will also include dedicated mission support facilities, and flight control of the UAV component of the system. In addition, a ship based maritime station will provide real time AGS data feed from the air vehicle.
Mission
Ground Transpotable Tent (TGGS1)
58
photo: Leonardo, Italy/NAGSMA approved
The mission of the AGS System is to support civilian and military authorities at multiple echelons with continuous NRT information in order to enhance situational awareness concerning friendly, neutral, and opposing ground forces. When fully operational, the AGS System will be capable of simultaneously maintaining continuous two orbits in different
Third Dimension
AGS System of System
geographic locations over extended periods of time. In time of crisis or war, national ISR systems may be assigned to NATO to augment the AGS Force through the force generation and activation process.
Employment The AGS ground stations will process the received surveillance data for further analysis and use. The ground stations will also, directly or via NATO networks, interface and exchange information with the Combined Joint Task Force (CJTF) or NATO Response Force (NRF), component commands, tactical operation centres, joint command centres, and exploitation centres. Being continuously updated and disseminated in NRT, the AGS information will be an essential contribution to the recognized surface picture (RSP), providing NATO commanders with up-todate situation awareness to enable faster and more accurate reactions to critical situation developments. The AGS Core will be part of a system of systems, and will be designed to interoperate with a wide range of current and future NATO and national C2ISR systems, including integration with the emerging
photo: Northrop Grumman, USA/NAGSMA approved
NATO network-enabled capabilities (NNEC). Currently planned interactions include major NATO systems such as the bi-strategic command automated information system (Bi-SC AIS), the air command and control system (ACCS), the land command and control information system (LC2IS), and the maritime command and control information system (MCCIS). The AGS System will also be interoperable with national ISR systems, enhancing the ability of the Alliance to collaboratively and efficiently exploit and use the capabilities available. NATO aims towards achieving initial operational capability (IOC) for the AGS System in 2018/19 timeframe.
AGS Evolution In 1991, the NATO Defence Planning Committee identified, that Ground Surveillance was a NATO capability shortfall. NATO already owned a fleet of E-3 NAEW aircraft providing air situation data to the Alliance´s political and military leaders, however, a similar capability to cover ground activities was missing. Work to exploit this capability began. The Conference of National Armaments Directors (CNAD) designated NATO AGS as an urgent
Mobile Truck (MGGS1)
photo: Airbus, Germany/NAGSMA approved
59
THE EUROPEAN – SECURITY AND DEFENCE UNION
The HALE Global Hawk – the core of the system
photo: Northrop Grumman, USA/ NAGSMA approved
requirement in 1992, but it was not until 1995, when the NATO Defence Ministers endorsed the CNAD recommendation for “a NATO-owned and -operated core capability, supplemented by interoperable national assets.” The idea was to provide NATO with a highly capable surveillance system, which would be immediately available to NATO commanders and leaders in response to emerging political or military needs. The NATO Staff Requirement, which outlined the technical and operational requirements of the future system and which forms the baseline for all subsequent
► facts
Latest achievements and highlights Although there is a lot of activities that impact the Programme schedule, there is a quite significant amount of achievements worth mentioning. They are: - Almost all Air Vehicles parts and component manufacturing was completed and all aircrafts are now in final assembly or test in the USA, - NATO-01 (completed 6 flights) and 02 are in flight testing, - Both Deployable UAV Command and Control Elements are functionally complete and ready to shipped to the MOB - 90% of the Mobile ground segment subsystem Hardware items are completed and delivered to the MOB. - The first Transportable Ground element development components are assembled and procured and ready for shipping to the MOB, - SATCOM antenna farm is being built as well as infrastructure at the MOB. > More information available on www.nagsma.nato.int
60
development and procurement efforts, was formally agreed to in 1997. However, it soon became clear that the nations were not in agreement to how the AGS requirement was to be fulfilled, in particular with regard to aspects such as overall cost and national benefits in the form of industrial participation and technology advancement. Consequently, for many years NATO found itself in the position of having to pursue a wired variety of technical and programmatic approaches in order to try to turn its AGS ambitions into reality. Number of different solutions have been proposed since, however, all failed for different reasons.
The break through Finally in 2009, there was a break through, The NATO Alliance Ground Surveillance Management Organization and Agency (NAGSMO/A) were established after all Participating Nations signed the AGS Programme Memorandum of Understanding. In late 2011, NAGSMA completed negotiations of the AGS Core procurement contract with the established industry team. The contract was subsequently submitted to the Participating Nations for formal staffing and approval, in turn leading to AGS Programme contract award, which was signed on 20 May 2012 on the margins of the NATO Summit in Chicago. In parallel, all 28 NATO nations negotiated the AGS Programme practical funding solution principles for the funding of the related Capability Package for the future operations and support of the system. The NATO Alliance Ground Surveillance Management Agency (NAGSMA), representing the 15 AGS acquisition nations, awarded the prime contract for the system to Northrop Grumman in May 2012 during the Chicago Summit.
Authors 2016
Authors 2016 Author/Title
ESDU N°
Page
Author/Title
ESDU N°
Page
25 23
38 44
Ellegaard, Jesper • A smarter water supply during military and civil operations
25
35
Avramopoulos, Dimitris • Stronger European borders for a more open Europe
26
18
Erdmann, Christoph • A protective shield against electronic eavesdropping
24
48
Bagdonas, Gintaras • Providing advice and solutions fort the development of energy-efficient forces
25
41
Feldmann, Marco • Combat against human traffickers at the Greek-Turkish Border
26
32
24
43
Gahler, Michael • The EU’s added value in improving Member States’ capabilities
24
40
25
19
23
35
Bond, David • Bounding the Leviathan
Ghoshai, Debalina • NATO and Turkey: The Missile Defence dilemma
26
39
Broemme, Albrecht (interviewed by Nannette Cazaubon) • Greece takes up the challenge
23
10
26
35
Giuliani, Jean-Dominique • The European Union needs a change of software
Brok, Elmar • The EU-Turkey understanding on refugees
23
25
Grushko, Alexander • NATO is rethinking the cold war • Russia ist the partner fort he security of the Euro-Atlantic Region
26 23
43 15
Homberg, Thomas • European and transatlantic armaments cooperation
24
45
Kaim-Albers, Nicole • The resilient energy sytem a security evolution
26
55
Arnold, Andreas • Energy-efficient water purification • Personal protective clothing
Balis, Christina • The price of sovereignty Bertucci, Destiny • Backup and Monitoring the keys to a stable IT infrastructure
Bühl, Hartmut • If Brexit has to happen – then let it done 24 consistently 25 • China and the US put Europe to shame 26 • The Trump effect – the carefree days are over Cazaubon, Nannette • A German engineering system brings NATO closer to smart Energy targets
10 12 14
23
56
Das, Hans • Strengthening the EU toolbox for Disaster 24 Management and Humanitarian Aid
23
17
26
Keinert, Alexa • Europe in turmoil – what would Kant say?
24
15
26
30
25
9
24
51
Keinert, Michael • The industry: partner in climate policy through decentralised energy supply Keller, Ska • More power for Frontex – but no boost to human rights
26
28
Knaus, Gerald • Make the EU-Turkey agreement work • Turkey’s role in the European refugee crisis
24 23
12 26
26 23
44 19
26
8
De Kerchove, Gilles • The European Union’s external borders Delueg, Michael • Joint forces command (JFC) and civil-military collaboration Domescq, Jorge (interviewed by Hartmut Bühl) • The European Defence Agency
23
38
Ducaru, Sorin (interviewed by Nannette Cazaubon) • Secure energy supply for NATO armed forces
25
26
Ebenhoch, Gerhard • Successful Clean Sky engine demonstrator
23
59
Kamp, Karl-Heinz • Reconciliation with Russia?
Kujat, Harald • Deterrence and Dialogue or Security and Détente? • NATO-Russia: Time to push the reset button Lajčák, Miroslav • Bratislava Summit – roadmap for the EU’s future
61
THE EUROPEAN – SECURITY AND DEFENCE UNION
ESDU N°
Page
Author/Title
Lévêque, Jacques-Favin • CETA – Lessons learned
26
16
Lietz, Arne • The future of CSDP
Štirba, Jiří • Impressions from Logistics Capability Workshop
26
12
25
14
Stirnal, Andy Francis • FRONTEX – a fresh start? • Learning from physics: the principle of energy conversation • The 14th Congress on European Security and Defence
26
52
23
34
McManus, Sharon • The European Defence Agency: meeting energy & environment challenges
24
54
Mompeyssin, Patrice • EuroDefense Annual International Meeting
26
Monroe, James • How to defend NATO and secure European societies?
23
Author/Title
Lindberg, Helena • Rethinking security: Resilience in the age of transboundary Flows and hybrid threats López-Urdiales, José Mariano • Responsive on-demand small satellite launchers Manis, Athanasios • Turkey and its Kurdish issue
50
Page
26
62
24 25 23
28 13 20
Styszynski, Marcin • The rise of global terror
23
30
Tiegel, Uwe • Heat management in camps
25
30
Toepoel, Vincent R. • From waste to energy
25
39
24
60
Végvári, Zsolt • Capable Logistician 2015 (CL15)
24
57
Villa, Joel E. • Tearing down political fortresses
Troullinos, George (interviewed by Nannette Cazaubon) • A strategy for supplying camps with smart energy
23
49
Volante, Roberto • Innovative tents to reduce energy consumption – a worldwide request
25
34
Volker, Kurt • Only Russia is responsible for its bad behavior, and only Russia can change it
23
18
Von Wogau, Karl • The future of the Eurocorps
24
21
Wahlin, Brett • From Here to Cybersecurity
23
46
24
37
24
24
24
18
23
22
23
31
25
60
Paşcu, Ioan Mircea • Re-stabilising the Euro-atlantic Region
23
14
Pavel, Petr • Deterrence and Dialogue
26
42
Perruche, Jean-Paul • An urgent need for deeds to match words
24
42
Pfrengle, Franz • Eurocorps – a force fort he European Union
24
22
Popp, Thomas • CBRN threats are relevant – decontamination concepts and capabilities
26
58
Renucci, Jean-Marc • The ATHENA mechanism’s smooth reform
24
35
Wittmann, Klaus • NATO’s Warsaw Summit in July 2016
Rösler, Klaus (interviewed by Alexa Keinert) • A solid legal basis to fully support Member States
26
21
Wosolsobe, Wolfgang • The European Union’s development in Security and Defence
Rühle, Michael • NATO’s Comprehensive Approach to Energy Security
24
56
Zaorálek, Lubomír • The future of the Euro-Atlanic security framework
23
47
Sabbagh, Michel • Satellite – a critical infrastructure for Defence and Security Šedivý, Jiří • Security and Resilience in the context of NATO-EU cooperation Sirel, Indrek and Wolski, Reinhard (interviewed by Nico Segers)
• NATO is sharpening ist training capacities Schreiber, Torsten • Africa GreenTec Solarcontainers deliver triple impact for Africa
62
61
ESDU N°
26
47
23
41
25
32
Watts, Andrea • Into Africa: the unintended strategic outcome of ’entente frugale’
Zitzmann, Jürgen • Hybrid energy for settlements and camps • Smart energy for settlements and refugee camps