The European Security and Defence Union Issue 33 by The European-Security and Defence Union

ISSN 2192-6921

Independent Review on European Security and Defence − A product of ProPress Publishing Group

Volume N° 33

Cybersecurity Is cyberwarfare still science fiction?

How MEPs work to boost Europe’s cybersecurity

The EU’s security and prosperity in the digital age

Angelika Niebler MEP, European Parliament, Brussels/Strasbourg

Pekka Haavisto, Foreign Affairs Minister of Finland, Helsinki

www.magazine-the-european.com A magazine of the Behörden Spiegel Group

Edition 2/2019

Editorial

urope has voted. The new leaders in the European Union’s top-job positions are a reasonable and a promising choice. A new Commission is going to be established. At the same time, the continent is shocked of the unexpected behaviour of British politicians around Brexit. Europe must now take its fate into its own hands and defend its interests, without losing sight of its relationship with America and Russia in the context of its global ambitions and without neglecting its Member States’ existing alliances. The European Union must become a global player in its own right and with its own priorities. But as France and Germany are no longer “the engine” setting the political agenda within the EU, who can? The British have ruled themselves out. Germany’s European enthusiasm has clearly been muted. That leaves France, with a President who, on taking power two years ago and more clearly than any other European leader, announced a number of ideas and concrete plans for a new and strong Europe. Today, Emmanuel Macron appears to be the only “voice of Europe” on the international stage, speaking out on crucial matters of economy, security and peace and doing his best to bring world leaders together. Hopefully, Macron will succeed in maintaining stability in his own country. Looking back, one could be forgiven for thinking that the multiple problems facing the EU are wearing it down: the broken relationship with the United States, whose President considers the EU as an opponent, climate change, which is only now gaining an overdue status as a live political issue, the problems of migration, which could lead to a split within the Union, and last but not least, the ever stronger populist and Eurosceptic parties within each nation. Not forgetting the excruciating negotiations over Brexit that have

Impressum The European − Security and Defence Union ProPress Publishing Group Bonn/Berlin

Headquarters Berlin: Kaskelstr. 41, D-10317 Berlin Phone: +49/30/557 412-0, Fax: +49/30/557 412-33 Brussels Office: Hartmut Bühl Phone: +49/172 3282 319, Fax: +33/684806655 E-Mail: hartmut.buehl@orange.fr Bonn Office: Friedrich-Ebert-Allee 57, D-53113 Bonn Phone: +49/228/970 97-0, Fax: +49/228/970 97-75 Executive Media & Content: Andy Francis Stirnal Phone: +49/176 6686 1543 E-Mail: andy.stirnal@magazine-the-european.com

been draining resources for too long and restricting Europe’s freedom of movement. However, looking forward, new and positive signs are emerging: European citizens have accepted the EU as part of their lives. With a turnout of almost 51% at the last European elections – 8% more than the previous ones Hartmut Bühl – the European Parliament has clearly been strengthened. The incoming President of the Commission, the German Ursula von der Leyen is a staunch European and has laid down important internal and geopolitical markers in appointing her Commission. Internally, there is now a clear consensus that the United Kingdom cannot impose its Brexit conditions and that the EU will not stand idly by while London continues to linger within the Union. In addition, Von der Leyen’s bold attempt to forge regional strength, as an antidote to the tendency on the part of some Member States to drift away from the Union, is a clear indication of her determination to boost the EU’s internal unity. To the outside world, the new President has signalled her desire to see Europe play a leading role and made it clear that the transatlantic relationship requires a reset to assume joint responsibilities. The strategic implication is that the EU will no longer take a back seat in geopolitical conflicts. Ursula von der Leyen intends to break new ground. The appointment of a French Commissioner responsible for the internal market, but also for security and defence, demonstrates how the President wishes to draw inspiration from the French ideas on security and defence and the proactive European stance of President Macron.

Photo: private, LISphoto.com

Sovereignty for Europe

Publisher and Editor-in-Chief: Hartmut Bühl, Brussels Deputy Editor-in-Chief: Nannette Cazaubon, Paris; E-Mail: nannette.cazaubon@magazine-the-european.com Editor: Alexa Keinert, Berlin; E-mail: editor.esdu@gmail.com Translator: Miriam Newman-Tancredi Publishing House: ProPress Verlagsgesellschaft mbH President ProPress Publishing Group: R. Uwe Proll Layout: Beate Dach, SpreeService- und Beratungsgesellschaft mbH, Berlin Print: WIRmachenDRUCK GmbH, Backnang The European − Security and Defence Union Magazine is published by the ProPress Publishing Group. The ProPress Publishing Group is the organiser of the congress on European Security and Defence (Berlin Security Conference), the European Police Congress and the European Congress on Disaster Management. For further information about the magazine and the congresses please visit www.magazine-the-european.com Subscription: This magazine is published in Brussels and Berlin. The copy price is 16 Euro: 3 copies for one year: 42 Euro (EU subscription) 3 copies for one year: 66 Euro (International subscription) including postage and dispatch (3 issues) © 2019 by ProPress Publishing Group Bonn/Berlin A magazine of the Behörden Spiegel Group

THE EUROPEAN – SECURITY AND DEFENCE UNION

THE EUROPEAN – SECURITY AND DEFENCE UNION Vol. No. 33

Content 3 6

15–40

MAIN TOPIC

Editorial, Hartmut Bühl News, Nannette Cazaubon

Cybersecurity The challenge is governance

8–14 In the Spotlight

A new and decisive phase for European policy 8

Pekka Haavisto, Helsinki The EU’s security and prosperity in the digital age Reaping the full benefits of the digital age

EU Top Jobs – the new EU leaders Documentation

Brexit Thriller To be continued… Guest commentary by Jean-Dominique Giuliani, Paris Our freedom starts with Hong kong Commentary by Hartmut Bühl, Paris Security must be palpable

Angelika Niebler MEP, Brussels/Strasbourg How MEPs work to boost Europe’s cybersecurity Cyber resilience is a top issue in the EU Jean-Louis Gergorin /Léo Isaac Dognin, Paris Democracies must learn to withstand, in peacetime, a permanent war in cyberspace Governance remains the number one challenge Peter Martini, Bonn The crucial role of cybersecurity for a resilient energy supply Vulnerability will increase with digitalisation Roberto Viola, Brussels Taking a cyber leap forward A European response to cyber threats Interview with Arne Schönbohm, Bonn Europe needs coherent national strategies and EU operational concepts Make cybersecurity a top priority Carlos Bandin Bujan, Brussels We need more efficient cybersecurity building worldwide A transversal issue in development and cooperation

Michael Singh, Washington, DC The world needs the EU as a global player Europe strategic dependence

Photos (cover): © metamorworks, stock.adobe.com; European Parliament (left); Jamo Kuusinen / Prime Minister’s Office, Finland (right);

Content

41–56 Security and Defence Our security starts beyond our borders

42 30

Secunet, Essen NAPMA further expands its SINA Secure Remote Access capability Advertorial

32 Documentation

5G networks, “fake news” and disinformation

Wolfgang Röhrig, Brussels Cyber defence in the European Union is part of its defence capabilities Cyber strongly influences capability development

Rob Wainwright, Amsterdam, and Beth McGrath, Washington The new role of the Defence Chief Information Security Officer (CISO) CISOs are more than technology officers

Dirk Zickora, Munich The importance of a European Air Power solution The role of space and cyberspace

Timo Kivinen, Helsinki Finland promotes an EU defence cooperation Make European forces more operational Round table interview with Patrick Bellouard, Paris, Hans-Christoph Atzpodien, Berlin, and Trevor Taylor, London Germany – a touchstone for the arms export policy of the European Union Interview with Bruce R. Eggers, Andover, MA The Future of European Integrated Air and Missile Defence The Patriot partnership community Conference report by Nannette Cazaubon, Paris The EU CBRN Centres of Excellence Initiative 7th meeting of National Focal Points

54 Raymond Hernandez, Erkrath

No more dead through contaminated water! Potable water – easily produced everywhere

Conference report by Hartmut Bühl, Brussels Life Support Solutions – Field Camp Services International workshop at Kärcher Futuretech

Last but not least…

“The European − Security and Defence Union” is the winner of the 2011 European Award for Citizenship, Security and Defence

page 4-5: Etienne Ansotte © EU (left); © elenab, stock.adobe.com (middle); Devco (right)

THE EUROPEAN – SECURITY AND DEFENCE UNION

EUROCORPS

NOBEL PEACE PRIZE

Changing of the guard in Strasbourg

Prime Minister of Ethiopia awarded

On 5 th September 2019, the French Lieutenant General Laurent Kolodziej took over the command of Eurocorps from German Lieutenant General Jürgen Weigt, who has been commanding the International Army Corps for the last two years. The outgoing commander took this opportunity to emphasise

German Chief of Defence chairing the ceremony with

the essential military achievements

Lt Gen Kolodziej (left) and Lt Gen Weigt (right)

before adding: “However, Eurocorps

photo: @ Lionel THENADEY/Eurocorps

is more than just a military unit. Since its inception in 1992, it has been regarded as a lasting symbol of peace and reconciliation in Europe (…). At the moment when Europe is in need of visible symbols of unity, I hope that Eurocorps can in the near future become one of the continent’s flagship bodies and play an important role in the construction of a more tangible European Defence” Eurocorp’s new commander, Lieutenant General Kolodziej, former commander of the

On 11th October, the Nobel Peace Prize was awarded to the Ethiopian Prime Minister Abiy Ahmed Ali for his efforts to achieve peace and international cooperation, and in particular for his decisive initiative to resolve the border conflict with neighbouring Eritrea, in which 80,000 people from both sides lost their lives. In close cooperation with Isaias Afwerki, the President of Eritrea, Abiy Ahmed, quickly worked out the principles of a peace agreement. The Norwegian Nobel Committee hopes that the prize will strengthen Prime Minister Abiy in his important work for peace and reconciliation.

French Rapid Reaction Corps in Lille, underlined the “privilege to command Eurocorps, a Headquarters unique in its kind from 10 different nations* and to prepare it for its next missions”. During the ceremony, Lieutenant General Weigt was decorated by the Polish Chief of Defence with one of the highest national Polish distinctions. Everybody present felt that this was not only a well-deserved decoration for the general, but also a very political act and a clear sign towards Europe from the Polish side. *Currently, the following Member States of Eurocorps having earmarked national units to be under its command in case of call: Belgium, Germany, France, Luxemburg and Spain. Associated Member States with a contribution of personnel to Eurocorps are Greece, Italy, Poland, Romania and Turkey.

INTERNATIONAL COOPERATION

A European continues to head the IMF Kristalina Georgieva from Bulgaria, former Commissioner and Vice-President of the European Commission (2009-2017), took over from Christine Lagarde

photo: Office of the Prime Minister-Ethiopia, open domain, Flickr.com

as Managing Director of the International Monetary Fund (IMF) on 1st October 2019. Before joining the Fund, she was the Chief Executive of the World Bank (2017-2019). With Kristalina Georgieva, a European has once again Kristalina Georgieva in her Brussels

been appointed Managing Director of the 189 nation

office at the European Commission

IMF (excluding Cuba and North Korea) in accordance

during an interview for this maga-

with the tradition since its foundation 75 years ago.

zine in 2011.

The Fund, a symbol of globalisation, remains the key

Photo: European Commission

driver of economic cooperation between nations and is today facing at least four existential threats: the unilateralism of US President Trump, the domination of the US Dollar in world trade, the rising power of China and, last not but least, the emergence of digital money.

Abiy Ahmed Ali was born in 1976 in the region of Oromo, Ethiopia. In 1990 he joined the revolutionary movement against the dictator Mengistu Haile Mariam, the “Red Negus”. To general surprise, Abiy Ahmed Ali became Prime Minister in April 2018, launching at once deep economic and social reforms in his country and starting, three months later, successful negotiations for peace with Eritrea. The Nobel Prize might help him bring together the 100 million Ethiopians living in poverty and split by ethnic conflicts.

The main problems for the new Managing Director of the IMF will be to help save the multilateral rules-based system as a tool for bringing nations together and to try and calm the trade war initiated by the US. Or, in a more extreme scenario, to reshape the Bretton Woods system in the hope of solving these problems or at least avoiding a currency war.

> web https://bit.ly/35nfBk4

News

EUROPEAN ELECTIONS

The new European Parliament Over 400 million citizens were eligible to vote in the European Elections at the end of May 2019. The participation of 50,62% was 8% higher than in 2014 and confirmed that the Union is an achievement of the Member States’ societies. Pro-European Union powers managed to keep control of the European Parliament following a surge in support for liberal and green parties in France, Germany and the United Kingdom. Populists won a majority of the national vote in France, Italy and in the UK but failed to make the broader gains that many polls had projected. The new EU Parliament held its first plenary session from 2nd to 5th July 2019 in Strasbourg, electing on 3rd July the new President of the EU Parliament, David Sassoli, Member of the Democratic Party (Italy).

EUROPEAN COMMISSION

How the President is elected Ursula von der Leyen (Germany) will start her work as new President of the European Commission on 1st November. The procedure for nominating the President of the Commission for five years, is laid down in the Treaty on European Union (article 17(7)). “Taking into account the elections to the European Parliament and after having held the appropriate consultations, the European Council, acting by a qualified majority, shall propose to the European Parliament a candidate for President of the Photo: © European Union, 2018 Commission. This candidate shall be elected by the European Parliament by a majority of its component members. If he does not obtain the required majority, the European Council, acting by a qualified majority, shall within one month propose a new candidate who shall be elected by the European Parliament following the same procedure.” Declaration 11 to the Treaty notes that “the European Parliament and the European Council are jointly responsible for the smooth running of the process leading to the election of the President of the European Commission. Prior to the decision of the European Council, representatives of the European Parliament and of the European Council will thus conduct the necessary consultations in the framework deemed the most appropriate.” > For more information on the new leaders in EU Top Jobs, see page 10

photo: European Parliament

CLIMATE CHANGE

UN Climate Action Summit On 23th September the United Nations (UN) Climate Action Summit took place in New York. Major announcements by government and private sector leaders demonstrated growing recognition that the pace of climate action must be rapidly accelerated. 65 countries committed to cut greenhouse gas emissions to net zero by 2050. Furthermore, 70 countries announced they will boost their national action plans by 2020 or have started the process of doing so. Many countries and over 100 cities announced significant and concrete new steps to combat the climate crisis. UN Secretary-General António Guterres, said at the closing of the summit: “You have delivered a boost in momentum, cooperation and ambition. But we have a long way to go”, and he added: “We need more concrete plans, more ambition from more countries and more businesses. We need all financial institutions, public and private, to choose, once and for all, the green economy.”

> Web A full list of the announcements and commitments made at the Climate Summit can be found at www.un.org/climatechange

THE EUROPEAN – SECURITY AND DEFENCE UNION

In the Spotlight

+++ EU Presidency +++

Effective deterrence against cyber-attacks through greater international coordination

The EU’s security and prosperity in the digital age by Pekka Haavisto, Minister of Foreign Affairs, Finland, Helsinki

requent coverage of large-scale cyber-attacks in the news headlines are salient reminders of the formidable challenges in securing the wellbeing of citizens and the core functions of states against the inherent vulnerabilities of the digitalised society. As the critical societal functions and the daily lives of our citizens become increasingly dependent on the use of Information and Communication Technology (ICT), cybersecurity has a profound impact on advancing our prosperity and security. Unless we strengthen our capabilities to prevent, deter and respond to these threats, it is highly probable that the existing vulnerabilities will be exacerbated in line with the fast-growing digitalisation of our society.

Pekka Haavisto has been the Foreign Minister of Finland since June 2019. Born in 1958, Mr Haavisto served as Minister of the Environment and Development (1995-1999) and as Photo: Jamo Kuusinen / Prime Minister’s Office, Finland

Minister of Development and State Ownership (2013-2014). He led several missions to conflict areas as the

Chairman of UNEP’s post-conflict work from 1999 to 2005. He also worked as the European Union Special Representative (EUSR) in Sudan and Darfur (2005-

Cybersecurity is a top priority for the EU

2007), and as a Special Advisor for the UN (ASG) in

Against this backdrop, it follows naturally that protecting the integrity and security of the EU, its Member States and their citizens against cyber threats has become a top priority for the EU. Promoting the comprehensive security of our citizens is also one of the main priorities during our ongoing EU presidency. The EU has taken a wide range of concrete measures to strengthen cybersecurity in recent years, i.e. the adoption of the Directive on security of network and information systems (NIS) and the EU Cybersecurity Act. These measures and policies put in place will help to forge closer cooperation and coordination between the Member States and thereby to ensure that the EU is better equipped to address the ever-evolving cybersecurity challenges. Cybersecurity and diplomacy have also gained a significant place on the agenda of the Common Foreign and Security Policy and the Union now has various diplomatic measures at its disposal, including the newly

the Darfur peace process (2007).

adopted cyber sanctions regime, to prevent, deter and respond to malicious cyber activities. Due to the global interconnected nature of the cyber domain, fostering international partnerships and engagements is pivotal for building cyber resilience. Consequently, it is in our best interest to engage with other states and stakeholders to promote the EU’s vision of a rules-based, free, open, secure and stable cyberspace founded on the important universal values of democracy, the rule of law and human rights, and fundamental freedoms. A chain is no stronger than its weakest link in the interconnected cyber domain. Supporting efforts to build cyber resilience elsewhere will increase the level of cybersecurity globally, as well as benefitting the EU as a whole. To this

our EU Presidency and beyond, Finland will do its utmost to “During contribute to the progress towards our shared objective of building a

Europe that is well equipped to reap the full benefits of the digital age and rise above its challenges.”

+++ EU Presidency +++

documentation

end, the EU has been actively engaging with key partners and international organisations in bilateral and regional contexts by means of cyber policy dialogues, capacity and confidence building initiatives, and technical cooperation. Making our critical societal functions more resilient to withstand potential attacks is crucial, but it is equally important to create and uphold a credible deterrence policy to deter malicious behaviour from taking place in the first place. Greater international cooperation and coordination between likeminded countries is necessary to achieve effective deterrence. It is about making any inappropriate behaviour very costly for the potential perpetrators by signaling in a credible and consistent way our resolve and readiness to respond. The recently adopted EU cyber sanctions regime will contribute to further developing the EU’s readiness to deter and respond to malicious cyber activities. Important progress in the EU has been achieved to protect critical societal functions against ever-evolving cyber threats, but a lot more can and should be done. Building our cybersecurity and resilience on an EU level requires continuous and farsighted efforts in different policy fields. It requires more robust

and effective structures to prevent and respond to cyber-attacks not only in the Member States, but also in the EU’s own institutions. Building credible cyber resilience and capabilities depends largely on having people with the right skills, driving technological innovation to stay ahead of those looking to do us harm. It means more investments in innovation and skills to ensure that the EU develops its own essential technological capacities and solutions that work across the EU to secure its digital economy and society.

Reaping the benefits of the digital age At the heart of all our common endeavors should be the whole-of-society approach: close cooperation not only between different EU and state institutions, but also with civil society, academic community and private sectors. During our EU Presidency and beyond, Finland will do its utmost to contribute to the progress towards our shared objective of building a Europe that is well equipped to reap the full benefits of the digital age and rise above its challenges. > See our chapter on cybersecurity (pp 15-40)

Finland’s EU Presidency Finland’s Presidency of the Council of the European Union was inaugurated on 8th July in a summer party organised by the City of Helsinki. During that day, a participatory performative artwork designed by the environmental artist Kaisa Salmi was mounted in Kansalaistori Square next to the venue of the Presidency meetings to take a stand on climate change. Standing at the top of her plastic creation, artist Kaisa Salmi was sermonizing on environmental issues for a total of ten hours. Presidency programme Finland’s third Presidency of the Council of the European Union for a 6 month period began on 1st July 2019. The priorities for Finland’s Presidency are to strengthen common values and the rule of law, to make the EU more competitive and socially inclusive, to strengthen the EU’s position as a global leader in climate action and to protect the security of citizens comprehensively. > Web Presidency Programme: https://bit.ly/31mscAV Member States holding the Presidency work together closely in groups of three (“trios”). Finland is in a trio with Romania and Croatia. The “trio programme” for a period of 18 months was

The Summer Day festival at Töölönlathi Bay, Helsinki,

adopted by the General Affairs Council in December 2018.

8th July 2019

photo: © Viivi Myllylä/Prime Minister’s Office

> Web Trio Programme: https://bit.ly/2BWccee

THE EUROPEAN – SECURITY AND DEFENCE UNION

In the Spotlight

+++ EU Institutions +++

EU Top Jobs – the new leaders President of the European Parliament David Sassoli MEP (Italy) was elected as President of the European Parliament (EP) on 3rd July 2019 in Strasbourg. David Sassoli was born in 1956 and graduated in political science from the University of Florence. He became a professional journalist in 1986. Mr Sassoli, Member of the Democratic Party (PD), was elected in 2009 as Member of the European Parliament. Re-elected in 2014 he became one of the EP’s Vice-Presidents.

President of the European Council Charles Michel (Belgium) was elected on 2nd July as President of the European Council by the EU heads of state and government, for the period from 1st December 2019 to 31st May 2022. This mandate is renewable once. He will also hold the presidency of the Euro summit for the Member States whose currency is CHARLES MICHEL the Euro. Charles Michel was born in 1976 and became a Member of the Belgium Parliament at the age of 23. He became minister one year later. In 2014 he was elected as Prime Minister.

EU High Representative/ Vice President of the Commission Josep Borrell Fontelles (Spain) was considered by the European Council on 2nd July to be the appropriate candidate for High Representative of the Union for Foreign Affairs and Security Policy. On 26th July, the President-elect of the Commission, Ursula von der Leyen, agreed on the candidate. The EuropeJOSEP an Council formally appointed Josep BORRELL FONTELLES Borrell Fontelles on 6th August as High Representative. As a Commission Vice-President, he will be subject to a vote of consent by the European Parliament (EP). His term of service will be five years ending on 31st October 2024. Josep Borrell was born in 1974. He holds Bachelor’s degrees in Aeronautic Engineering and Economy and a master’s degree in Mathematics from Stanford University. In 2004, he was elected as Member of the EP and was President of the Parliament for two and a half years. He served as Foreign Minister of Spain from June 2018 to September 2019. Borrell was re-elected to the EP in May 2019, but gave up his newly won seat in June.

photos: CC-BY-4.0: © European Union 2019 – Source: EP (Sassoli); EC – Audiovisual Service; Creemers, Lieven (Michel); © EU, Etienne Ansotte (von der Leyen); © European Union 2016 – Source: EP (Fontelles); MEDEF, CC-BY-SA 2.0, Flickr.com (Lagarde)

DAVID SASSOLI

President of the European Commission Ursula von der Leyen (Germany) was designated as candidate for President of the European Commission by the European URSULA Council on 2nd July, and she was elected VON DER LEYEN by the European Parliament on 16th July. Her term of service will be 1st November 2019 to 31st October 2024. The mandate is renewable. Ursula von der Leyen was born in 1958. She graduated as a physician from the Hanover medical school and started her political career in 1996 in the German Christian Democratic Party (CDU). She served as minister for 14 years (2004-2019) in different ministries in the three governments of Chancellor Angela Merkel.

President of the European Central Bank Christine Lagarde (France) was nominated candidate for P resident of the European Central Bank (ECB) by EU leaders on 2nd July. The CHRISTINE LAGARDE Economic and Financial Affairs Council then issued a formal recommendation on 9th July. The European Parliament and the ECB delivered their opinions to the European Council, respectively on 17th September and 25th July. Christine Lagarde was a ppointed by the European Council on 18th October President of the ECB for a non-renewable term of 8 years. She will take office on 1st November 2019. Christine Lagarde was born in 1956 and is a French lawyer. She was the Chair of law firm Baker& Mckenzie between 1999 and 2004 and held different ministerial posts in the French government from 2005 to 2011. She was nominated Chairwoman of the International Monetary Fund/Managing Director (IMF) in 2011 and resigned from it on 16th July 2019.

+++ EU after Brexit+++

To be continued... ?

31.10. 2019

+++ ….

23.10. 2019

+++ EU President Donald Tusk recommends Brexit delay +++ Johnson says he does not believe that any delay beyond 31 October is in the UK’s interests

22.10. 2019

+++ EU chief negotiator Michel Barnier says Brexit is “lose-lose”

21.10. 2019

+++ UK Parliament speaker John Bercow refuses vote on Brexit deal

19.10. 2019

+++ Defeat for Johnson: UK Parliament refuses vote on the deal +++ Parliament forces Prime Minister to send letter to the EU asking for an extension of Brexit deadline; Johnson sends letter but does not sign it

17.10. 2019

+++ Jean-Claude Juncker announces Brexit deal with Boris Johnson on Twitter

Always look on the bright side of life...

THE EUROPEAN – SECURITY AND DEFENCE UNION

In the Spotlight

+++ Commentaries +++

GUEST COMMENTARY

Our freedom starts with Hong Kong by Jean-Dominique Giuliani, President of the Robert Schuman Foundation, Paris

n 4th July 1997, Hong Kong was returned to China. It was my privilege to represent France on that occasion. René Monory, the President of the Senate, led our delegation, which included amongst others Alain Peyrefitte. The symbolism of this handover was not lost on us. Martial China and its elite troops goosestepped their way as they took back this tiny piece of land, that had become British after the signature of some one-sided treaties. Indeed, the island of Hong Kong and the peninsula close to Kowloon had been ceded to Britain in perpetuity. It was the new territories, leased for 99 years, which were to be returned – but it was difficult to separate them from the rest, such was the density of the urban fabric. However, Margaret Thatcher, who signed an act of retrocession in 1984, could not help but “regret having to give all of that back to the Communists.” She was not wrong. It was clear that the Chinese would not keep their word which had, however, been included in a treaty filed with the UN Secretary General, and that they would not protect Hong Kong’s status for 50 years. Despite the Chinese Communist Party having become the champion of capitalism, it could never tolerate political liberalism, and quite simply, the freedom of expression. During the four days of endless rain, we were able to take stock of the extent of the misunderstanding unfolding before our eyes. Chris Patten, the British governor, explained his efforts to leave behind seeds of democracy in Hong Kong, where, rather late in the day and to the great displeasure of the Chinese, he had organised the first free elections. Prince Charles, whose poise was admirable in the downpour that required the lamination of the pages of his retrocession speech, was not deceived either. In his opinion, it was yet another decolonisation ceremony, of which he had become the specialist. Since the 1960s he had always represented

the UK on the many occasions that former British colonies became independent. God knows he had witnessed the lowering of the Union Jack enough times! And to think that some envied him! The British always quit the territories of their former empire awkwardly. They left suddenly, coldly – with regret – but curtly. They abandoned the citizens of Hong Kong to their fate because the banks interested them more than the challenge set by the Chinese Communist Party. Today, it is the young people who are demonstrating. Their idea of freedom is also ours: economic and political freedom are indissociable. As in an Asian picture, they go hand in hand like air and water. In the eyes of the Chinese dictatorship the challenge is a vital one. Its existence possibly depends on the way it emerges from this crisis. The victory of the Beijing regime over the democrats in Hong Kong would mean the greatest danger for our freedom. Angela Merkel was not mistaken when she advocated giving support to the young demonstrators in China, and as she criticised the Orwellian system of social rating that the Chinese regime is now deploying across the land, before extending it to Asia and beyond. The future confrontation with the Middle Empire will first affect the universal values of freedom and democracy that it rejects. Whoever knows the region also knows that Hong Kong is not just a rock that was occupied for a few years by a Western power. It is an island of freedom in an autocratic ocean. Its survival could be the starting point for a return of freedom on the continent. Neighbouring Shenzhen now has the same skyscrapers and its opulence is even more evident. But it lacks that one vital thing! The West and Europe would be wise to be inspired to support those who are defending their idea of freedom. Before it is too late.

+++ Commentaries +++

COMMENTARY

Security must be palpable by Hartmut Bühl, Publisher and Editor-in-Chief, Brussels/Paris

onald Trump is in the process of squandering America’s heritage. The betrayal of his Kurdish allies in Syria will have an impact on America’s allies all over the world and will not leave NATO unaffected. The Kurds were the shining example for the United States of the necessary sacrifices in the fight against the Islamic State. After a telephone call to Turkish President Erdogan, and without any consultation with his administration, Trump tweeted that he was abandoning the Kurds from one day to the next, because he no longer needed them, fully realising that he was leaving them to be slaughtered by the Turks. He withdrew his troops, giving Erdogan a free hand. Now that the inevitable damage has occurred, he is trying, as a result of pressure from his own side, to backtrack, but he has left it too late. The Russian President has already made his move to fill the geostrategic vacuum. Betrayal – there is really no other word to describe the American President’s attitude towards his Kurdish allies. They experienced heavy losses in battle, keeping faith in their great ally in the hope that they were on track to establishing their own state. Trump had previously advised the Kurds to dismantle the border with Turkey. Even if he warned the Turkish President shortly before his troops were ordered to cross the border into Syria and tweeted that he would impose sanctions, he has left Erdogan free to undertake his war

of destruction. The risk of a war between Turkey and Syria is clearly an outcome he has disregarded. He no longer sees it as relevant to America’s role as a world power as it wreaks further havoc throughout the region, in which fires already rage. Donald Trump, the populist, is in the process of demolishing the foundations of American foreign policy as Washington throws away its last shred of credibility in international relations as well as the international order that generations of American politicians have taken a leading role in building up for the benefit of all. Today, American security guarantees are still in place. They have always been worth more than the paper they are printed on. Under them, America’s allies have felt safe and protected. The western world has felt secure for over 40 years and trust in America has been the cornerstone of its foreign and defence policy. Who knows what Trump, “in his great wisdom” as he says himself, will tweet next? What Europeans are increasingly coming to realise, however, is that they can no longer rely on Trump’s America. Trump has betrayed the Kurds. Will he also betray us, his European allies, by telling us that American troops will only go into battle if America’s interests are at stake? Sooner or later, the future of NATO itself will be at stake.

Trump – a reliable partner? Donald Trump (second from the right) and Recep Tayyip Erdoǧan (third from the right) at the G20 Summit in Japan, 28 June 2019

photo: © European Union, EC Audiovisual Service

THE EUROPEAN – SECURITY AND DEFENCE UNION

In the Spotlight

+++ EU-US Relations +++

Europe has few viable alternatives to strategic dependence on the United States

The world needs Europe as a global player by Michael Singh, Managing Director, The Washington Institute for Near East Policy, Washington, DC

ixteen years ago, the United States was at the height of its response to the attacks of September 11, 2001; it had decimated the Taliban regime in Afghanistan that had harbored the 9/11 terrorists, and was poised to invade and topple the government of Saddam Hussein in Iraq. It was in this context that Robert Kagan wrote Of Paradise and Power, memorably laying out the stark differences in the ways that Americans and Europeans perceived and utilized power on the international stage. Kagan described differences that were both ideological – Europeans were idealistic, Americans more pragmatic – and material – the United States simply had far more power with which to achieve its ends than did the states of Europe. The result, in his view, was a profound gulf between a United States that believed in the efficacy of military power and was willing to use it, and a Europe that eschewed it. The upshot, in Kagan’s view, was that the United States not only could “prepare for and respond to the strategic challenges around the world without much help from Europe,” but was already doing so.

or delayed a reckoning for European foreign policy. Whatever the successes and failures of European foreign policy, with its preference for international law and institutions over the cultivation of hard power, it seems ill-suited to deal with a revanchist Russia or increasingly ambitious China, and it left Europe poorly equipped to respond to crises on its periphery, like Libya and Syria, in the absence of decisive US leadership. While some European states have in recent years devoted more resources to defense spending and have become more comfortable with military missions overseas, these incremental shifts seem inadequate in response to the more substantial geopolitical changes taking place beyond Europe’s borders.

Europe should be realistic and pragmatic

Yet Europe has few viable alternatives to strategic dependence on the United States. Certainly there is no other external partner to which Europe can turn to safeguard its security interests. And for all the talk in Europe of “strategic autonomy,” it strains credulity to believe that Europe or any of its constituent states has the political will or can devote the necessary The new geopolitical realities resources to become a strong power in its own right. Far more Yet nearly two decades on, the American view of power has realistic would be for the states of Europe to strengthen their changed. Kagan predicted in 2003 that US power would not security capabilities, broadly defined. Steps toward this end decline in relative terms, and that the American willingness would be welcomed by a United States increasingly focused on to use power would not change; neither prediction proved burden-sharing, and be advantageous for Europe, which would correct. Indeed, American strategy today is shaped signifgain a stronger voice in transatlantic debates which currently icantly by two realities – first, that of the growing power of turn on decisions taken in Washington. It would also repreChina, which already rivals the United States in sheer economsent a recognition by Europe that the institutions and norms ic size and according to US military leaders may catch or even it cherishes are unlikely to thrive unless backed by power and surpass the US with respect to certain military capabilities; the threat of its use. and second, the failure of America’s post-9/11 wars to pay That the US and the West need Europe as a partner in global dividends despite tremendous cost. The result is that two security should go without saying. The threats the US and EuUS presidents in a row have rope face are global, whether they been highly skeptical about the emanate from large states – think ambitious use of military power, Michael Singh Russian election interference or however starkly their approachis the Lane-Swig Senior Fellow Chinese tech infiltration – or small es may differ in other respects. and managing director at The ones – think North Korean ICBMs Yet this strategic shift in the Washington Institute for Near or waves of refugees from conflict United States should not be of East Policy, and a former senzones. There can be no opting out, much comfort to Europe. The ior director for Middle East affor the US or for Europe. The only outsize role of US-led foreign fairs at the White House from question is whether we will face Photo: The Washington Institute wars in post-9/11 international 2005 to 2008. these threats capably, and whether relations has arguably prevented we will do so together.

MAIN TOPIC

The ongoing and quickly developing digitalisation of our societies creates high risks for attacks by cyber criminals. How do we protect ourselves, as citizens, but also our infrastructures and industry in Europe from such growing cyber threats? This chapter analyses the evolving cyber threat landscape and highlights the steps undertaken at a political but also an industrial level in the European Union to adapt to the realities of these challenges. The message of our authors is clear: cyber criminals don’t care about borders…

photo: © Hasselblad H5D, rimom, stock.adobe.com

Cybersecurity

THE EUROPEAN – SECURITY AND DEFENCE UNION

Cyber resilience must be at the top of the EU’s political agenda

by Prof Dr Angelika Niebler MEP, Rapporteur for the Cybersecurity Act in the European Parliament, Brussels/Strasbourg

ybersecurity issues are becoming a day-to-day struggle for businesses and consumers. The high number of recent cyber-attacks shows us how vulnerable our data and privacy really are. 88% of daily internet users fear that they will become victims of cyber-attacks and 77% are concerned about the use of their personal information on the internet.

Photo: European Parliament

How MEPs work to boost Europe’s cybersecurity

second half of 2018 – 19 of which were against the electricity grid. However, the actual number might be much higher as it is assumed that not all mid-sized infrastructure attacks are reported.

Shaping a European cybersecurity strategy

These developments are alarming. Therefore, years ago, the European Union passed a cybersecurity strategy on how to best prevent and respond to cyber-attacks. The NIS Directive on critical infrastructure (Directive on Network and Information Systems Security) was the first piece of EU-wide legislation to Alarming developments provide legal measures to boost the overall level of cyberseIn past years, many people still thought of cyber-attacks as curity in the EU. It was adopted in July 2016 and became fully science fiction and a story that makes a good Hollywood binding last year. As it stands, the NIS Directive is going to be movie. However, in recent years, cases of cyber-attacks have implemented in all EU Member States. increased, such as “WannaCry” in 2017 that infected 300,000 The next important milestone in the EU-wide cybersecurity computers in 150 countries, demanding that users hand over strategy was the adoption of the Cybersecurity Act last year. As money in exchange for codes to de-encrypt files. 80% of Eurorapporteur of the Cybersecurity Act in the European Parliament, pean companies have already I strongly believe that cyberbeen the victim of at least one security is not only a national cybersecurity incident. While in Prof Dr Angelika Niebler MEP issue, but it also needs a Euthe past, hacking efforts have is a Member of the European Parliament since 1999. She ropean answer. Therefore, the been more about spying and is a Member of the Committee on Industry, Research and European Parliament supported stealing information, attacks Energy and a Substitute Member of the Committee on and strengthened the Commisare now more aimed towards Legal Affairs. Since November 2018, Professor Niebler sion’s proposal for a strong sabotaging our critical infrahas been President of the Economic Advisory Committee cybersecurity unit at an EU level structure such as electricity Bavaria, and she has been the Party Vice-Chair of the CSU and a European framework and communication networks. since 2015. She was appointed Honorary Professor at the for cybersecurity certification. In Germany, the national Faculty of Business Management at the Munich University Europe needs a cyberspace cybersecurity authority, BSI, of Applied Sciences in 2016. that is safe and secure, and the recorded 157 attacks in the Cybersecurity Act largely con-

Cybersecurity

rapporteur of the Cybersecurity Act in the European Parliament, “AsI strongly believe that cybersecurity is not only a national issue, but it also needs a European answer.”

tributes to this target. The European Parliament stressed that cybersecurity is not only about protecting critical infrastructure and industry, but about users’ confidence in the safety of their connected devices. Thus, in increasing the cyber resilience in Europe, it must be our objective to look at and evaluate the whole cyber ecosystem. The European Parliament worked hard to ensure a strong European response to the increasing number of threats. The result is the establishment of a European cybersecurity certification framework, which will be implemented on a voluntary basis to begin with. However, the European Commission is obliged to assess whether some certification schemes should be made mandatory, in particular in view of critical infrastructures. These certifications will be a common European approach and will be valid throughout the EU. The dynamic and risk-based certification schemes will be market-oriented and will also take into account globally relevant international standards. The European Parliament also strengthened stakeholders’ involvement in the certification process. Furthermore, we required that the European Commission create a work programme on upcoming certification schemes for more transparency. And, last but not least, ENISA, the European cybersecurity agency, will have a permanent mandate and a much stronger role.

What internet users can do As already addressed, the European Parliament wants to make sure that all users of Internet of Things (IoT) devices can place their trust in the safety and security of their products. With more and more devices and services connected to the internet, users are increasingly put at risk of cyber-attacks. By 2020, the vast majority of our digital interactions will be machine-to-machine with tens of billions of IOT devices. As we all know, humans are often the biggest security risk. We do not change our passwords regularly or protect our home routers and smart home appliances. However, every user can help to create a safe environment and therefore, has to play an active role. In order to support the user, product information for smart devices must now be provided, so that users are given guidance and learn about secure configurations and maintenance of their devices, availability and duration of updates and known vulnerabilities. If users follow these recommendations, it will provide for more cybersecurity and resilience. Furthermore, the Cybersecurity Act also asks for cybersecure default configurations and cybersecurity by design applications. This means that undertakings, organisations and the public sector should configure the ICT

products, services or processes defined by them in a way that ensures a higher degree of security and therefore provides the first user with a default configuration including the most secure settings possible and no burden on the user to configure the product themselves. It also means that security measures should be implemented at the earliest stage of the design and development to allow for the highest possible degree of cybersecurity from the very beginning and throughout its entire lifecycle. All future cybersecurity certification schemes have to be designed in a way that addresses these security objectives. Thanks to the European Parliament, security and resilience now have to be built in by default and by design more adequately to ensure our internet connected devices are more secure.

The way ahead The next effort at an EU level to strengthen cybersecurity in the Union is the establishment of a network of cybersecurity industrial, technology and research centres. These centres shall be a common platform to share expertise, help deploy cybersecurity products and solutions and build up strategic cooperation between industry, research and governments. The digital world provides a lot of opportunities for society and industry. However, in order to create a prosperous European Digital Single Market, we have to improve on cybersecurity, trust and privacy! The topic of cybersecurity and how to build up cyber resilience and expertise must continue to be at the top of our political agenda in the EU.

The Cybersecurity Act of 17 April 2019 This new regulation strengthens the European Union Agency for Cybersecurity (ENISA) by granting to the agency a permanent mandate, reinforcing its financial and human resources and overall enhancing its role in supporting EU to achieve a common and high level cybersecurity. The Cybersecurity Act establishes the first EU-wide cybersecurity certification framework to ensure a common cybersecurity certification approach in the European internal market and ultimately improve cybersecurity in a broad range of digital products and services. > Web https://bit.ly/2OLS5ri

THE EUROPEAN – SECURITY AND DEFENCE UNION

Democracies must learn to withstand, in peacetime, a permanent war in cyberspace Governance remains the number one challenge

by Jean-Louis Gergorin and Léo Isaac-Dognin, co-authors of Cyber, la guerre permanente (Editions du Cerf, Paris)

n 4th October 2019, Microsoft announced that they have uncovered multiple attempts by hackers believed to be linked to the Iranian government to infiltrate a 2020 US presidential campaign1. While far from ground-breaking, this revelation is yet another sign of a major strategic disruption: over recent years, cyberspace has become the most fertile battleground for states and non-state actors seeking to further their geopolitical and economic ambitions. The digital world has phenomenally expanded the means and thresholds of aggression, and rendered obsolete the traditional dichotomy between war and peace. Over the years, western democracies have found themselves on the back foot against a boom in cyber threats. At the heart of their vulnerability is their struggle to grasp and act on the full scope of cyberspace.

Cyberwarfare is a reality Cyberspace encompasses all the global hardware and software means of storing, processing and transporting bits and bytes, but also, and most critically, all the information-content of that data. Cyberwarfare is the offensive use of these multiple components with the purpose of exerting influence or control over an adversary. Practically speaking, it can take the form of hacks that seek to compromise the confidentiality or integrity of digital systems for the purpose of espionage or sabotage, but also of assaults on the integrity of the information sphere, such as the mass dissemination of fake, biased or incomplete

information through digital media. To cite only a few examples, the disruption and partial destruction of Iranian centrifuges by the Stuxnet malware in 2010, the North Korean-led hack of Sony Pictures in 2014, the mailbox hacks of Hillary Clinton’s presidential campaign and the targeted social media propaganda operation orchestrated over the course of 2016 by a constellation of Russian-affiliated actors (most prominently, Russian military intelligence and the Saint Petersburg based Internet Research Agency), and, last but not least, the WannaCry and NotPetya attacks of 2017 have all made for headline-grabbing news. Far from being isolated events, such operations are increasingly part of integrated strategies that seek to undermine an opponent by acting under the threshold of open warfare. At this early stage of cyber competition, there are clear winners and losers. China and Russia were quick to recognise and experiment with the asymmetric opportunities of cyberspace. China first specialised in the cyber theft of western intellectual property assets. Today, its leaders see digital technology as a major way towards global economic leadership. Russia, for its part, has made cyber operations a key component of what it considers its legitimate response to western attacks on its sovereignty and sphere of influence. Following a string of events that range from endorsements of the “colour revolutions” by American officials and US-based NGOs to the enactment of economic sanctions against Russia, Moscow saw in cyber-attacks an opportunity to hit western countries at their weakest point while remaining below the threshold of open warfare. Smaller actors, namely Iran and North Korea, have also recognised the extent to which cyber operations can transform an

Cybersecurity

Jean-Louis Gergorin is the owner of JLG Strategy, an aerospace and defence consultancy. He teaches a course entitled “The New Strategic Upheaval” at Sciences Po Paris. An alumnus of Ecole Polytechnique, Ecole Nationale d’Administration and the Stanford Executive Program, he is the co-founder of Photo: private

the French-American Cybersecurity Conference. He was previously inter alia Executive Vice-President (Strategy) of EADS (now Airbus) and Head of Policy Planning of the French Foreign Ministry.

photo: © vectorfusionart, stock.adobe.com

this early stage of cyber “Atcompetition, there are clear winners and losers.”

United States has come a long way since 2017, bolstering its defensive and offensive doctrine and capacities in cyberspace, to the point of pre-emptively knocking IRA servers offline in the run up to the 2018 midterm elections, and ensuring an increasingly active ‘forward’ presence on foreign networks to defend its own critical infrastructure. Similarly it has been revealed by Reuters on October 16th that at the end of September a US cyberattack targeted the Iranian digital propaganda apparatus. Our Old Continent, however, remains a step behind on both fronts. Europe has struggled to weigh in coherently against “digital powers”, whether they be states or private enterprises, and several EU Member States have already faced serious challenges to their electoral processes and wider security in cyberspace.

Governance in cyberspace is the challenge unfavourable balance of power. Iran’s response to the Stuxnet attack is most telling: within the space of two years after discovering the US-Israeli malware, Iran was able to mount a series of incursions on US financial institutions that completely inhibited President Obama from further cyber offensive actions. After two decades of overconfidence in their cyber intelligence collection, US officials were alarmed to discover foreign actors’ proficiency in hacking into their critical infrastructure, and completely caught by surprise by the information attacks that took place during the 2016 presidential campaign. That said, the

Léo

Governance remains the number one challenge: no one would contest the fact that the internet is now a vital global infrastructure yet there is no international body in charge of protecting it. What the International Civil Aviation Organisation (ICAO) is for commercial aviation or the International Atomic Energy Agency (IAEA) for nuclear energy simply does not exist in the cyber sphere. To date, the only significant initiative in this direction is the Paris Call for Trust and Security in Cyberspace launched by President Emmanuel Macron in November 2018. This code of good conduct in cyberspace has the merit of hailing signatories from 67 States, 139 international and civil society organisations, and 358 private companies and its principles have already started to positively influence UN debates on global Isaac-Dognin cybersecurity. However, it lacks the signatures is an engagement manager at Capgemini Invent in Paris, of the USA, Russia and China. As we argue where he advises public and private organisations on in our book, the creation of an “International digital strategy and artificial intelligence. He holds a BA Cybersecurity Agency” is essential, and it will from the University of Cambridge and a joint MPA/MIA only see the light once major powers agree from Columbia University and Sciences Po, focused on to mutual confidence-building measures in technology and policy. He also lectures at Sciences Po Photo: private cyberspace. Paris. He previously worked for the UK’s Financial Conduct At a European level, the Council agreed on two Authority as a financial crime analyst and policy advisor. major decisions in 2019 to improve govern-

THE EUROPEAN – SECURITY AND DEFENCE UNION

would contest the fact that the internet is now a vital “Noglobaloneinfrastructure yet there is no international body in charge of protecting it.”

ance and security. First, on 9th April, the Council adopted the Cybersecurity Act, thereby establishing EU wide certification schemes and transforming the current ENISA into a EU Cybersecurity Agency. Secondly, on 17th May, it decided to give the EU the capacity to sanction persons or entities directly or indirectly responsible for cyber-attacks against its institutions or Member States.

Information sharing and partnering These moves are significant but remain insufficient to cope with two emerging challenges. First, states are seeing an increasing amount of ”pre-positioning” cyber-attacks against their critical infrastructures, particularly in the energy sector. While implants may be innocuous, they put targets at risk of sabotage at the will of an aggressor, with potentially devastating effects. This very capacity serves to pressure the targeted country. Secondly, artificial intelligence will soon make attribution far more difficult, reducing a target’s ability to retaliate, and increasing the risk of escalation in the case of ”false flag” attacks.

To face these challenges, the cyber commands and intelligence agencies of the most capable and determined Member States must reinforce information sharing, and develop common plans of response to attacks below the threshold of open warfare. In spite of Brexit, partnership with the UK remains essential. In addition, we recommend the establishment of a cyber innovation unit within the new Directorate-General for Defence, able to work with the private sector in agile ways that reflect the speed of technological change and to grant contracts exclusively based on the technological merits of their proposals.

1 Media reports suggest the target was President Donald Trump’s re-election campaign: https://reut.rs/2AOGkYB

PUBLICATION Cyber, la guerre permanente, by Jean-Louis Gergorin and Léo Isaac-Dognin (2018, Editions du Cerf).

Call for pape

Annual Privacy Forum 2020

The European Cybersecurity Agency (ENISA) issued a call for papers for the 8th ENISA Annual Privacy Forum (APF) to be held on 4-5 June 2020 in Lisbon, Portugal, in collaboration with the Católica University of Portugal, Lisbon School of Law. Bringing together contributions from policy, research and industry, the conference seeks to support the implementation of information security in the area of privacy and personal data protection. The APF sets the stage for discussions of research proposals, solutions, models, applications and policies. In the last few years, the APF has also developed a deeper industry footprint, to complement its original research and policy orientation. The conference is looking for papers presenting original and previously unpublished work on the themes of data protection and privacy and their repercussions on information security technology, business, government, law, research, society and policy. Policy makers and implementers, Data Protection Authorities, industry, research, consultants, NGOs and civil society are invited to contribute, as the forum aims at broad stakeholder participation that stimulates interaction and the exchange of opinion. To promote the participation of young researchers, the submission of papers by students is particularly welcome. The deadline for submission is 17th January 2020. More information: https://privacyforum.eu/call-for-papers

Cybersecurity

The vulnerability of energy supply will increase with digitalisation

The crucial role of cybersecurity for a resilient energy supply by Prof Dr Peter Martini, Fraunhofer Institute for Communication, Information Processing and Ergonomics (FKIE), Bonn

Prof Dr Peter Martini is the Director of the Fraunhofer Institute for Communication, Infor-

he events in Ukraine removed all doubt regarding how vulnerable our energy systems are to cyberattacks. This vulnerability will only increase in the course of continuing digitalisation, a fact that demonstrates the necessity of cybersecure, resilient energy systems. Although the effects have been manageable so far, each attack increases the hackers’ capabilities and knowledge of system vulnerabilities. This is an overall threat to the economies of industrialised nations.

Attacks are no longer the stuff of fiction Electricity is the foundation of our modern life. Production, mobility, communication and trade grind to a halt without it. Thus, a reliable, affordable, and constantly available energy supply forms the backbone of today’s industrialised countries. The increasing digitalisation in the energy sector not only offers huge opportunities to secure the European economic region, it also entails significant risks. Threat and vulnerability increase in proportion to the dependency of society. Thus, a successful attack on critical infrastructures, such as electricity networks and power plants, would not only have far-reaching consequences for the targeted country but also for the entire economic region of the European Union. Such

mation Processing and Ergonomics (FKIE) in Bonn and he is the Director of the Institute for Informatics Photo: FKIE

IV at the University of Bonn.

even against the backdrop of the transition to renewables – or, rather, precisely in response to this transition. If the goals are to ensure supply security, to extend automation as an economic factor, to improve planning and operation of the energy supply system through digitalisation, and adequately counteract threats from cyberspace, the corresponding research must follow an interdisciplinary approach.

Assembling cross-disciplinary competences To this end, Fraunhofer FKIE and an A-list of partners, including the Fraunhofer Institute for Applied Information Technology (FIT), the Institute for High Voltage Technology (IFTH) and the E.ON Energy Research Center of the Technical University (RWTH) in Aachen, have developed the concept for the Fraunhofer Center for Digital Energy. The center gathers cross-disciplinary competencies in the key areas of energy technology, digitalisation, IT security and economics. This interdisciplinary, directly deployable, independent collaboration produces valuable foundations for and contributions to the secure and successful digitalisation of energy supply. By relying on the three pillars of, first, research and development, second, education and training, and third, test methods, we address the topics of new technologies and processes, shortages of specialised personnel, and integration of research contributions. Fraunhofer FKIE – together with its close cooperation partners – focuses on research and development in essential aspects of cybersecurity in critical infrastructures. We address prevention, detection and reaction with respect to both individual systems within the energy network and to the overall network. A challenging effort – but in a world like ours it is how we achieve reliable energy supply. Ultimately, this is the only way to achieve prosperity, growth and peace in Europe, at least in this area.

attack increases the hackers’ capabilities “Each and knowledge of system vulnerabilities.” attacks are no longer the stuff of fiction but, for companies in the energy industry, have long since become a part of day-today operations. Furthermore, these are not merely attacks by lone hackers, but rather they have been elevated to the level of coordinated campaigns for some time, as the German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik, BSI) has repeatedly emphasised. In order to protect and further develop the increasingly digitalised energy supply as effectively, responsibly, and as close to the point of use as possible, we have to realign the branches of research and industry specialised in this field. In doing so, the aim is to create a reliable, efficient and resilient energy supply

THE EUROPEAN – SECURITY AND DEFENCE UNION

Taking a cyber leap forwards Europe must respond to the evolving cyber threat landscape

by Roberto Viola, Director-General, DG CONNECT, European Commission, Brussels

he increased connectedness and the borderless nature of digital communications have put cybersecurity at the forefront of EU policy, leading to the adoption of the first pieces of EU-wide legislation on cybersecurity. Despite this effort, the proliferation of interconnected devices and the rollout of high-capacity communications infrastructure, such as 5G, give rise to a plethora of new vulnerabilities and risks. Moreover, state actors are increasingly employing cyber tools to achieve geopolitical goals. Therefore, the European Union will have to adapt to this evolving threat landscape by developing new responses and by making the most of the legal framework recently adopted.

A robust framework has been put in place Over the last five years, the European Union has developed a set of measures that has strengthened the cyber resilience of organisations, improved the EU’s ability to respond to external threats and laid the ground for enhancing the security of ICT products, services and processes. With the adoption in 2016 of the Directive on security of network and information systems (NIS Directive)1, the European Union has developed its first cybersecurity legislation. The directive requires Member States to ensure that key companies in essential sectors, such as energy or transport, take appropriate security measures and notify national authorities of cyber incidents. It has served as a catalyst for Member States, triggering real change on the ground. However, the NIS Directive is much more than just a set of common rules. It has also established the Cooperation Group, a forum where Member States exchange experiences, align regulatory approaches and build trust. The group serves as a platform for developing com-

mon approaches on a wide variety of subjects, such as election security, sector-specific alignment and security of 5G networks. In order to address the external dimension of cybersecurity, the Council, with the support of the European External Action Service, has developed the Cyber Diplomacy Toolbox. The framework consists of a number of measures, including a new sanctions regime adopted in May 2019. The regime enables the EU to put in place targeted restrictive measures to deter and respond to external cyber-attacks. It allows the EU to impose sanctions on individuals and entities, including travel bans and freezing assets. The recently adopted Cybersecurity Act2 illustrates in a powerful manner that cybersecurity has evolved into a priority at EU level: fifteen years after its foundation, ENISA, the European Union Agency for Cybersecurity, has now been given a permanent mandate, more resources and new tasks related to cybersecurity certification and operational support in the case of cyber-attacks. The act also puts in place a legal framework for EU-wide cybersecurity certification schemes to improve the security of ICT products, services and processes. The Commission has already asked ENISA to prepare a first candidate scheme and more will follow. We are also exploring the introduction of mandatory schemes in priority areas.

Cyber resilience remains a priority The Commission will continue to work to increase the Union’s cyber resilience. European Commission President-elect Ursula von der Leyen has proposed to set up a Joint Cyber Unit to prevent, respond to, but also investigate cybersecurity incidents. The purpose is to speed up information sharing and bring cooperation between Member States and EU institutions to a new level. This initiative will build on existing work on rapid emergency response, notably on the Blueprint, a set of commonly agreed procedures ensuring a coherent Union-wide response in the event of a large-scale cyber incident.

Cybersecurity

Roberto Viola

photo: © ipopba, stock.adobe.com

Creating a real single market for cybersecurity will remain an important priority for the Commission. This will entail enhancing Europe’s technological sovereignty. We will invest in technologies such as blockchain, high-performance computing and algorithms. The next multiannual financial framework 2021-2027 will provide funding opportunities for cybersecurity under two programmes: Horizon Europe to promote research and the Digital Europe Programme (DEP) for deployment. The DEP will set aside almost 10 billion euros of funding, exclusively earmarked for supercomputing, artiﬁcial intelligence, cybersecurity, advanced digital skills, and ensuring a wide use of digital technologies across the economy and society. We also intend to push for a swift adoption of the Commission’s proposal for a European Cybersecurity Competence Network and Centre.3 By managing the cybersecurity funds under the next multi-annual financial framework, the initiative will help to create an interconnected, Europe-wide cybersecurity industrial and research ecosystem.

Technological sovereignty Technological sovereignty also means defining our own standards for crucial new-generation technologies. For example, the Member States, with the support of the Commission and ENISA,

i DG CONNECT The Directorate-General for Communications Networks, Content and Technology (DG CONNECT) is the European Commission department responsible for developing a digital single market to generate smart, sustainable and inclusive growth in Europe. The EU has adopted a wide-range of measures to shield the

has been the Director-General of the European Commission’s Directorate-General for Communications Networks, Content and Technology (DG CONNECT) since 2015. He holds a Doctorate in Electronic Engineering Photo: provided by the EC

and a Master’s degree in Business Administration (MBA). From 1985 onwards, Mr

Viola served in various positions including as Head of Telecommunication and Broadcasting Satellite Services at the European Space Agency (ESA). Prior to his current post, Mr Viola was the Deputy Director-General of DG CONNECT.

have just concluded a coordinated EU-wide risk assessment on 5G security under the NIS Cooperation Group. The results will feed into a toolbox of mitigating measures by the end of the year. It will address the 5G risks identified by Member States and facilitate a common approach. In our endeavour to strengthen the single market, we will also make the most of existing instruments. For instance, we intend to develop more certification schemes in the coming years, such as on Internet of Things devices or cloud computing. This will happen in very close cooperation with national experts and representatives from the private sector. An obvious candidate for a future scheme are 5G networks and equipment, complementing the work currently undertaken by the Cooperation Group. In addition, the Commission will review the functioning of the NIS Directive at the latest by spring 2021. The last five years have put cybersecurity at the top of the political agenda and we have been able to lay crucial groundwork at the EU level. We have recently witnessed some of the largest cyber incidents to date. Malware attacks such as WannaCry and NotPetya have generated global costs in the range of billions of dollars. They have demonstrated the relevance of our cross-border policy response to cyber risks. Given the continued importance of cybersecurity, we must now breathe life into the EU’s newly established legal framework and push for another round of ambitious steps forward.

European Digital Single Market and protect infrastructure, governments, businesses and citizens. These measure include, amongst others the Directive on security of network and information systems (NIS), the EU Cybersecurity Act, and the European Cybersecurity Certification Network. DG CONNECT issued a brochure on how the EU works on many fronts to strengthen cybersecurity and cyber resilience: > Web https://bit.ly/2IgyMm7

1 Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union. 2 Regulation (EU) 2019/881 of the European Parliament and of the Council of 17 April 2019 on ENISA (the European Union Agency for Cybersecurity) and on information and communications technology cybersecurity certification and repealing Regulation (EU) No 526/2013. 3 Proposal for a Regulation establishing the European Cybersecurity Industrial, Technology and Research Competence Centre and the Network of National Coordination Centres.

THE EUROPEAN – SECURITY AND DEFENCE UNION

Interview with Arne Schönbohm, President of the Federal Office for Information Security (BSI), Bonn

he European: Mr Schönbohm, you have been the President of the German Federal Office for Information Security (BSI) since early 2016. In February of that year you were given the task of re-designing and building up this agency on solid foundations and with a budget allowing you to pursue ambitious objectives. On the national level, you developed the BSI into the German cybersecurity agency with the obligation to help the private sector develop security standards. Within the European Union you cooperate with your counterparts from other Member States, supporting the EU to ensure coherence and efficiency in cybersecurity. Have you been able to realise your ambitions and what is the status of German cybersecurity today? Arne Schönbohm: Indeed, we have made great progress in the field of cybersecurity in general. The IT-security law of 2015,

which was a great effort by the Federal Ministry of the Interior and the federal government, has had a big impact, especially for critical infrastructure, and will continue to do so. We have developed a common and widely regarded cloud security standard (C5) with our French partner agency ANSSI. Last but not least, the EU Cybersecurity Act was passed. The European: What are its advantages? Arne Schönbohm: This legislation will allow us to develop a more streamlined European IT security certification policy which will improve the security features of IT products potentially having a large impact on the unregulated market for the Internet of Things (IoT) consumer devices and more. Together with the new and improved mandate for the EU Agency for Cybersecurity (ENISA) we are heading steadily in the right

photo: ESDU

Europe needs coherent national strategies and EU operational concepts

Cybersecurity

direction. But make no mistake, we still have a long way to go. We still see a very high level of threat. We have seen a new quality in cyber-attacks and we have all witnessed successful cyber-attacks with enormous economic damage. We need to make cybersecurity a top priority at all levels of our society, in business and industry, consumer markets and the government. The European: As you said, there many examples of successful responses at the administrative level, but have you succeeded in helping the private sector, the more vulnerable part of your system, to correct its weaknesses? Arne Schönbohm: We are working hard to prepare all small and medium-sized businesses for their digital future. We have a lot to offer and our approach is widely accepted. Our Cybersecurity Alliance offers close to 4,000 companies, organisations and institutions the right setting for the exchange of best practices and practical IT security measures. For example, we support the development of sector specific “IT Basic Protection Profiles” and have launched many awareness campaigns. But again, cybersecurity needs a permanent effort to succeed.

in each Member State. These preparations were started in a timely manner and included preparations and exchanges on a European level with the relevant Union institutions and the involvement of many Member States. The European: Does this mean that you take your cue from ENISA? Arne Schönbohm: The extension of ENISA’s mandate has further supported its mission to increase the maturity of cybersecurity within Europe. At the same time, we must not slow down

to make cybersecurity a top priority at all “Welevelsneedof our society, in business and industry, consumer markets and the government.”

The European: Allow me to come back to Small and Medium Enterprises (SMEs) in Europe, the backbone of our industry. What about their security? Allensbach in cooperation with Deloitte state in their 2018 Security Report that SME CEOs’ awareness of the likelihood of a cyber-attack is falling. Arne Schönbohm: I think it is clear that we have made significant progress here. The 2019 Cybersecurity Report states that managers see a rising threat level, especially for data theft or data abuse. Almost 90 percent of small and medium-sized businesses have seen attacks on their networks. Four out of five companies are in favour of a strengthened Federal Office for Information Security. That same report states that only 25 per cent of company CEOs are regularly informed about the state of cybersecurity in their companies. We need to raise that number to close to 100 percent! The European: When you compare the German system of cybersecurity with those of your partners in Europe, what are the lessons we have learnt from the most recent cyber-attacks? Arne Schönbohm: We have seen data leaks, ransomware attacks and industrial espionage all over Europe. Like all of our partners, we are therefore directing our efforts to address these issues more robustly. As cooperation is key, we see great value in the collaboration with our European partners and ENISA. Our success with preventative actions is encouraging, for example, in our successful efforts to secure the EU elections

our efforts at the national level. Each national agency must continue to increase its own capacities – especially in the field of detection and responses to cyber-attacks. The good news is that I do not see any of our partners falling back here. Without any doubt, these efforts will bear fruit by making cyber-attacks more difficult to perpetrate and reducing their possible impact all over Europe. The European: Let us turn now to the European Union, your other strategic terrain as you mentioned: didn’t the EU Global Strategy from 2014 open more than an interesting discussion on cyberspace and defence, meaning “Integrated Cyber”. Does this mean that cyber will never stand alone? For any nation, for any purpose? Will it be sufficient to “think integrated” – or do we need advanced operational planning? Arne Schönbohm: To be clear on your question, cyber definitely never stands alone. Cyber threats may often appear in isolation, no matter what kind of actor we are dealing with. At the same time, “hybrid threats” are high on the agenda in discussions in different forums. In principle, hybrid threats are nothing new. There are many examples in the past of a mix of methods. The new development today is the scale of hybrid threats. Clearly, cyberspace works like a catalyst and cyber threats are an important component. However, it is only one component in a number of potential threats, ranging from external players fomenting social strife to military attacks. In order to optimise our preventive and defensive measures against potential hybrid threats, BSI therefore has to cooperate closely with other security authorities. This is not only true for hybrid threats but also for cybersecurity itself.

THE EUROPEAN – SECURITY AND DEFENCE UNION

The European: Ultimately, that means that effective cyber resilience has to be embedded in the whole of society. Where do we stand in this regard, both in Germany and the EU? Arne Schönbohm: I am convinced that cybersecurity is the premise for successful digitisation. Only if we implement adequate security measures consistently, in every digital product and in every single IT network, will we be able to enjoy the wider benefits of digitisation. No one will use self-driving cars if they can be taken over remotely. No one will trust the underlying infrastructure if it can be hacked. That is why we are working on securing car-to-car and car-to-x communications.

Arne Schönbohm has been President of the Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik – BSI) since February 2016. Born in 1969 in Hamburg, Germany, he studied International Management in Dortmund, London and Taipeh. Mr Schönbohm worked in different positions at EADS, inter alia as Vice-President for commercial and defence solutions. In 2008, he became Chairman of the board of the BuCET Shared Services AG (BSS AG). Prior to his current position, Mr Schönbohm was President of the Cyber-Security Council Germany. Throughout his career, he has been security expert and advisor for several political decision-makers at the regional, federal and European level.

The European: How far do you see this “security strategy” going? Arne Schönbohm: Without any doubt, the same is true for the security of our personal data, our health care data, our financial services and our power grid. From IoT to International Card Services (ICS) products, security and robustness must be an integral part of implementation from the outset. At the same time, users must be able to choose the products that put them at lesser risk. Ultimately this requires better labelling and awareness about the processing of their data. So yes, effective

the less advanced. As national responsibility comes first, how might the EU support its less advanced members to do more and better? Arne Schönbohm: The most important step in this regard was the NIS Directive, which sets the framework for a higher level of cybersecurity in Europe and guarantees a minimum level of cybersecurity with respect to critical infrastructures as well as a functioning cybersecurity architecture. In addition, the establishment of new cooperation formats like the NIS Cooperation Group or the CSIRTs Network are of great value and definitely support smaller Member States and nurture an enhanced spirit of cooperation and communication between all European stakeholders on cyber issues. Next year, there will be an evaluation of the NIS Directive and I am confident that we will identify the next steps that we will need to take.

firmly believe that the best way to increase trust “Ibetween partners is to engage in dialogue at a

bi-or multilateral level. Europe is the natural forum in this regard.”

cyber resilience has to be societal. And we are working very closely with our research clusters and data protection offices as well as our police authorities, civil defence authorities, armed forces and so on to achieve the highest possible level of cybersecurity for our society as whole. The European: President, these are the national efforts. What about efforts in other countries? Arne Schönbohm: These efforts must not stop at our national borders. I think there are promising approaches in the EU as well, ranging from legislation to other measures like awareness raising. The EU Cybersecurity Act and the “European Cyber security Month” (October 2019) are just two examples. The European: I agree with you that, when you are operating within a coalition, the more advanced will be held back by

The European: This is a positive development, but all this is purely defensive. The EU as a whole has a multitude of industries and our welfare depends on their capacity to produce. The protection of European critical infrastructure is essential for all of us across Europe. Do you believe that the EU can survive just with a handful of sophisticated measures to ward off attacks and no deterrence? Hackers, from wherever they come, may have no fear of retaliation. Might a hack-back strategy not be more appropriate? Arne Schönbohm: The first thing we need is preventive measures. We need to ensure that cybersecurity becomes one of the top priorities in the whole of the ongoing process of digitisation. We need to make sure – as a society – that we protect our critical infrastructure. We have made progress with the IT security law, which will be evaluated and updated. Regarding active cyber defence we already stated in the Cybersecurity Strategy 2016, that serious cyber-attacks are conceivable where preventive measures are not sufficient for an effective and immediate defence. We must examine the extent to which

Cybersecurity

ENISA celebrated its 15th anniversary in March 2019 in Brussels, in the presence of its then Executive Director Udo Helmbrecht, who handed over his duties to his successor, Mr. Juhan Lepassaar on 15th October 2019

we need measures that are more active to stop the negative effects of such cyber-attacks. But that has nothing to do with a hack-back deterrence strategy. The European: Cybertechnologies, because of their importance for a nation or a coalition, are in many cases highly political and controversial. This is the case in the discussion of equipment for future 5G networks. Mr Trump has advised his European partners via Twitter not to buy from “enemies”, which means to not to cooperate with Chinese providers namely Huawei. Is this a question of trust? What exactly is the problem? Arne Schönbohm: We need to make sure that we protect the integrity and the availability of our communication networks. This is why we are working closely with the German Federal Network Agency on the development of a catalogue of minimum standards for 5G networks. We are confident that this catalogue will provide a robust technical basis to ensure the security of 5G networks. Furthermore, we are also working within the EU on this matter and have concerted our efforts for making 5G highly secure. The EU has initiated a process to develop a combined risk assessment as well as a toolbox with effective mitigating measures to be available by the end of this year.

photo: © European Union, 2019; Source: EC – Audiovisual Service/ Jennifer Jacquemart

at a bi or multilateral level. Europe is the natural forum in this regard. The European: And looking across the Atlantic? Arne Schönbohm: Well, we must not lose sight of transatlantic cooperation. But we must never forget that in some instances, cybersecurity is definitely a national issue when it affects our local or national networks. Not everything can be solved on an EU or international level. This is why national Cybersecurity Agencies are still so essential. Only capable national agencies can contribute to an effective exchange and the construction of an international ecosystem in cybersecurity. The European: President Schönbohm, I am grateful for your openness and wish you every success in your future endea vours.

Cybersecurity Alliance The Cybersecurity Alliance (Allianz

The European: Isn’t it frustrating to hear from time to time from politicians, corporate leaders and academia that cyber is an issue of national sovereignty and therefore that cooperation must be restricted? There is mistrust at all levels. Arne Schönbohm: I really do not agree with this perception! There is no need to be afraid and to lose a lot of sleep over cybersecurity. Sure, there is work to do, but Europe generally is still in good shape. We should value the partnership we have and the good work that has been done on so many levels rather than downplay these advances. I firmly believe that the best way to increase trust between partners is to engage in dialogue

für Cyber-Sicherheit) was founded in 2012. This platform for cooperation with business, government, research and science and other institutions offers a wide range of information on cybersecurity issues. The initiative focuses in particular on small and medium-sized enterprises. With the Cybersecurity Alliance, the Federal Office for Information Security (BSI) is pursuing the goal of strengthening Germany’s resilience against cyber-attacks. > Web www.allianz-fuer-cybersicherheit.de

THE EUROPEAN – SECURITY AND DEFENCE UNION

We need more efficient cybersecurity capacity building worldwide

Cybersecurity should be considered a transversal issue in development and cooperation

by Carlos Bandin Bujan, Programme Manager, DG DEVCO, European Commission, Brussels

ver-evolving Information and Communications Technologies (ICT) have revolutionised the way we live and interact in our society. Over the past 20 years, ICT has evolved to become in many cases a determining element in a variety of policy areas. Cyberspace provides the underlying platform for development, distributing transformative digital technologies, with profound global implications and many human, economic as well as social benefits1.

Our vulnerability to intrusion and manipulation Nowadays, two thirds of internet users are said to live in the developing world, where access to the internet is growing almost four times faster than in developed countries. It is estimated that by 2020 the number of devices connected to the internet will reach 50 billion – all potentially vulnerable to intrusion and manipulation. Businesses, banks, utility services, critical national infrastructure, and government agencies – all rely on IT systems to provide a flow of information that enables fast delivery of services across national and international territories. But these, and even our personal social media systems and personal appliances, leave us more exposed to potential harm. Nevertheless, there is increasing awareness that the benefits of ICT cannot materialise in a vacuum. The increased number

of cybersecurity incidents that cause major economic damage to the global economy and security underscore the need to prioritise measures addressing such threats and promote secure digital services and infrastructure. The landscape of threats can be categorised into three main areas: • The threat to critical infrastructure: due to the increasingly digitalised environment we operate in, it has expanded in scope in comparison to a decade or more ago. Potential damage of this typology of security incidents can cause thousands if not millions of casualties and/or billions of losses; • Online criminal activity (cybercrime) in relation to digital content, ranging from ID theft and non-cash payment fraud, to online terrorist propaganda and child exploitation etc., and last but not least; • Cyber as modus operandi and enabler of many other threats, including hybrid attacks. This is particularly worrisome with the prominence of the crime-as-a-service business model.

The EU Cybersecurity Strategy In the 2013 EU Cybersecurity Strategy and its 2017 revision, it is highlighted that external cyber capacity building is a strategic building block of the EU’s cyber policy. This was also brought forward as a key ingredient in the 2015 European Agenda on Security. It also contributes significantly to creating operational cooperation frameworks between partner countries and the EU (ensuring an internal-external security nexus), which ultimate-

Cybersecurity

Carlos Bandin Bujan

photo: U.S. Embassy Ghana, Flickr.com

ly should lead to an improved global cyber ecosystem with positive results for the entire community. Finally, it allows cooperation with partner countries in a way that eventually translates to policy influence. This is especially important in the context of global polarisation on cyber issues, including the promotion of principles of open, free and secure cyberspace in full compliance with human rights protection and the rule of law. Since the adoption of its Cybersecurity Strategy in June 2013, the EU has been leading in international cyber capacity building and systematically linking these efforts with its development cooperation funds. Such actions are based on promoting a rights-based and whole-of-government approach that integrates lessons the EU has learnt from the development effectiveness agenda. Moreover, in 2017 there was a clear recognition at the EU level that cybersecurity should be considered a transversal issue in development and cooperation that can contribute to the realisation of the 2030 Agenda for Sustainable Development, as stipulated in the EU’s Digital4Development policy framework. The significance of efforts to build national resilience in third countries as a means of increasing the level of cybersecurity globally, with positive consequences for the EU, was also recognised in the 2017 Joint Communication on ‘Resilience, deterrence and defence: Building strong cybersecurity for the EU’.

Lessons learned for the way ahead

has been Security Desk Officer and Programme Manager in Unit B5 of the European Commission’s Directorate-General for Development and International Cooperation photo: private

(DEVCO) since 2017. He was born in 1973. From November 2006

to June 2007 he was the Head of the Military Police Unit of EUFOR in Mostar before becoming Head of Unitin the Crime Department at Guardia Civil HQ in La Coruna in 2007. He joined the European Commission as Intelligence Analyst and Investigator (team leader) in the Security Directorate in 2015.

impact is still difficult to translate into metrics and we will have to wait a few more years to witness the evolution of our digital societies and whether today’s efforts have been rightfully identified and implemented. However, some lessons learned can already be drawn from this process: • Tackling cybersecurity threats and building cyber resilient societies is something which has to happen at multiple levels, and across the globe. • We can no longer hope to protect ourselves by building an effective barrier which keeps all threats out. From time to time successful attacks on our systems will happen, consequently we need to develop strategies and operational capabilities to bounce back from successful attacks on our systems and ensure the functioning of the services. • Effective interinstitutional and international cooperation is key when tackling cyber threats, as the cyberspace is ubiquitous and threats can emanate from the most remote areas on earth, targeting our assets in seconds. 1 The European Commission’s 2017 Digital4Development Staff Working document, explores the significant influence digitalization can have towards increased productivity, sustainable growth, job creation and the empowerment of women.

In essence, cyber capacity building is crucial to promote cybersecurity across the globe and as such, in broader terms, capacity building in the cyber domain aims to build resilient and accountable institutions to respond Digital4Development effectively to existing cyber threats and to The Digital4Development approach was set out in a European Commission working Paper strengthen society’s cyber resilience. This of May 2017. This approach aims to promote information and communication technolis an integral component of international ogies in developing countries as enablers of growth, and to better mainstream digital cooperation that can foster international solutions in development. Digital4Development is guided by international frameworks, solidarity with the EU’s vision for a free, such as the UN’s 2030 Agenda for Sustainable Development and its Addis Ababa Action open, peaceful, secure, interoperable Agenda for financing development (AAAA). One of the objectives is to promote access cyberspace for everyone, while ensuring to affordable broadband connectivity and contribute to reducing the digital divide and compliance with human rights and the rule facilitate access to Internet to the least developed populations or communities having of law. no access to digital technologies today. Efforts made by the EU in building a strong> Web https://bit.ly/2p0jMAO er and more resilient digital ecosystem are measurable and quantifiable, however the

documentation

THE EUROPEAN – SECURITY AND DEFENCE UNION

Cybersecurity in 5G networks Report on EU coordinated risk assessment of 5G networks security On 9th October 2019, EU Member States, with the support of the European Commission and the European Union Agency for Cybersecurity (ENISA), published a report on the EU coordinated risk assessment on cybersecurity in fifth-generation (5G) networks. The report is based on the results of national cybersecurity risk assessments by all EU Member States, which is part of the implementation of the European Commission Recommendation adopted in March 2019 to ensure a high level of cybersecurity of 5G networks across the EU. 5G networks will provide virtually ubiquitous, ultra-high bandwidth and low latency connectivity not only to individual users but also to billions of connected objects. 5G networks are expected to serve a wide range of applications and sectors, which could include a diverse range of services

that are essential for the functioning of the internal market as well as for the maintenance and operation of vital societal and economic functions, e.g. energy, transport, banking, and health, as well as industrial control systems. Also the organisation of elections is expected to rely more and more on digital infrastructure and 5G net-

works. It is evident that ensuring the security and resilience of 5G networks is graphik: © dmutrojarmolinua, stock.adobe.com essential and that any vulnerability in 5G networks or a cyberattack targeting the future networks in one Member State would affect the Union as a whole.

“

Protecting 5G networks aims at protecting the infrastructure that will support vital societal and economic functions – such as energy, transport, banking, and health, as well as the much more automated factories of the future. It also means protecting our democratic processes, such as elections, against interference and the spread of disinformation.” Commissioner Mariya Gabriel, in charge of the Digital Economy and Society, 26 March 2019

phto: © European Union 2019, Source: EC – Audiovisual Service

The Report The report identifies a number of important security challenges likely to appear or become more prominent in 5G networks, in reason of the key innovations in 5G technology, in particular the important part of software and the wide range of services and applications enabled by 5G.

Conclusions (excerpt):

number of attacks paths that could be

“a) The technological changes introduced by 5G will increase the

exploited by threat actors, in particular

overall attack surface and the number of potential entry points for

non-EU state or state-backed actors, be-

attackers:

cause of their capabilities (intent and

• Enhanced functionality at the edge of the network and a less

resources) to perform attacks against

centralised architecture than in previous generations of mobile

EU Member States telecommunications networks,

networks means that some functions of the core networks may be

as well as the potential severity of the impact of such attacks.

integrated in other parts of the networks making the corresponding

(…)

equipment more sensitive (e.g. base stations or MANO functions);

Together, these challenges create a new security paradigm, making

• the increased part of software in 5G equipment leads to increased

it necessary to reassess the current policy and security framework

risks linked to software development and update processes, cre-

applicable to the sector and its ecosystem and essential for Member

ates new risks of configuration errors, and gives a more important

States to take the necessary mitigating measures. This requires

role in the security analysis to the choices made by each mobile

identifying potential gaps in existing frameworks and enforcement

network operator in the deployment phase of the network;

mechanisms, ranging from the implementation of cybersecurity leg-

b) These new technological features will give greater significance to

islation, the supervisory role of public authorities, and the respective

the reliance of mobile network operators on third-party suppliers and

obligations and liability of operators and suppliers.”

to their role in the 5G supply chain. This will, in turn, increase the

> Web https://bit.ly/33RmoAY

Cybersecurity

“Fake news” and disinformation

The Action Plan on d isinformation With the aim to strengthen resilience to disinformation campaigns ahead of the 2019 European elections, the European Union outlined in December 2018 an Action Plan to step up efforts to counter disinformation in Europe and beyond. Focusing on four key areas, this plan serves to build the EU’s capabilities and strengthen cooperation between Member States by:

• improving detection, analysis and exposure of disinformation; • stronger cooperation and joint responses to threats; • enhancing collaboration with online platforms and industry to tackle disinformation; • raising awareness and improve societal resilience. > Web https://bit.ly/2Rqyqzo

graphik: © finevector, stock.adobe.com / ESDU

How the European Union is fighting against the spread of disinformation

The Code of Practice on Disinformation • Making political advertising and issue based advertising more transparent; • Empowering consumers to report disinformation and access different news sources, while improving the visibility and findability of authoritative content; • Empowering the research community to monitor online disinformation through privacy-compliant access to the platforms’ data. > Web https://bit.ly/2xEjvpw

The Communication on tackling disinformation These actions have built on the Communication on tackling online disinformation from April 2018, which highlighted the role played by the civil society and the private sector in tackling the spread of disinformation.

photo: © European Commission

The Code of Practice on Disinformation is the first worldwide self-regulatory set of standards to fight disinformation voluntarily. It was signed by platforms, leading social networks, advertisers and the advertising industry in October 2018. Signatories of the Code presented detailed roadmaps to take action in 5 areas: • Disrupting advertising revenues of certain accounts and websites that spread disinformation; • Addressing the issue of fake accounts and online bots;

> Web https://bit.ly/2HUijoc

Publication Journalism, ”Fake News” and Disinformation – Handbook for Journalism Education and Training Published by UNESCO, this handbook is

why trust matters; thinking critically about

part of the “Global Initiative for Excellence

how digital technology and social platforms

in Journalism Education”, which is a focus

are conduits of the information disorder;

of UNESCO’s International Programme for

fighting back against disinformation and

the Development of Communication (IPDC).

misinformation through media and informa-

The handbook, written by experts in the fight

tion literacy; fact-checking 101; social media

against disinformation, is intended for all

verification and combatting online abuse.

those who practice or teach journalism in

> Web Access to the publication:

the Digital Age. It explores the very nature

https://bit.ly/32ELCm0

of journalism with different modules on:

THE EUROPEAN – SECURITY AND DEFENCE UNION

The NATO AEW&C Programme Management Agency (NAPMA) uses a SINA1 solution, enabling staff members to securely work with classified and unclassified data simultaneously. In December 2017, the specific N APMA infrastructure which includes the SINA solution was granted security accreditation by the NATO Office of Security. Furthermore, the agency recently decided to extend the solution.

The following interview was conducted by secunet, the German company that developed the SINA solution. Stephan Sauer who was heading NAPMA’s Information Management Branch from February 2017 to March 2019 elaborates on the initial challenges and how the SINA solution solved them.2

ecunet: Who and what is NAPMA and what is the organization’s mission? Stephan Sauer: The NATO Airborne Early Warning & Control (NAEW&C) Programme Management Organization (NAPMO) was created in 1978. This organization is responsible to the North Atlantic Council for the NAEW&C Programme – which, in short terms, is the NE-3A aircraft, the NATO AWACS. The NAEW&C Programme Management Agency (NAPMA) is the executive agency of NAPMO. Within the responsibilities granted to NAPMA, the agency manages all aspects of the Programme from acquisition through delivery and on through Life Cycle Management of the NE-3A. secunet: Within NAPMA, what do you and your team look after? What are your key operational responsibilities, goals & objectives? Stephan Sauer: NAPMA’s Information Management Branch is the Information Management (IM) and Information Technology

(IT) service provider of the agency. Its mission is to enable NAPMA with IM/IT services and capabilities needed to perform NAPMA’s executive, administrative, and project management functions in an effective and efficient manner. The availability and control of information is critical to NAPMA’s organizational success. Currently, NAPMA operates a small secure dedicated CIS environment centered on Microsoft technology to provide office automation and external connectivity located at one site in Brunssum, The Netherlands. The main services provided to the users are e-mail (MS Exchange), document management (MS SharePoint) and an enterprise resource planning system (SAP). With the extension of the SINA laptops and secure smartphones, around 70% of the NAPMA staff is now equipped with a SINA laptop. secunet: When working in such an operational environment you need to be able to securely receive, store, work on and transmit sensitive and/or highly-sensitive data. What kind of CIS policies & processes do you need to follow to ensure compliance? Stephan Sauer: As with other NATO entities, NAPMA shall comply with NATO-wide IT related and CIS Security policies, directives, and guidelines. At NAPMA those policies, directives, and guidelines are further tailored to NAPMA’s business requirements while maintaining a security accreditation by the NATO Office of Security (NOS). A prominent milestone was achieved

photo: NAPMA

NAPMA further expands its SINA Secure Remote Access capability

Advertorial

Photo: NAPMA

availability and control “The of information is critical to

in December 2017 when NOS granted security accreditation authorizing the NAPMA NR Main CIS to store, process, or transmit information up to and including NATO RESTRICTED (NR). This accreditation included the SINA implementation at NAPMA. With regard to the capability to securely store, process, or transmit sensitive data, it is mandatory for NAPMA to keep control and ownership of the information. Likewise, supervisory control of all external IT services/support shall remain with NAPMA. From this perspective, SINA is a great capability for NAPMA’s IT to meet this requirement. secunet: When you and your team formulated your requirements for a secure remote access capability, what were the key objectives and challenges you were seeking to address? Stephan Sauer: Intent was to enable staff to work on- and off-site, on- and off-line with the same functionality as the inhouse NAPMA NR workstations and with a similar performance. The challenge was to implement a service that not only meets the user requirements, but also fits into NAPMA’s framework regarding e.g. pricing, quality of service, and implementation timelines. In addition, NAPMA strived for a system that provides the user with two strictly separated workspaces: First, a managed workspace for NAPMA business like on any other NAPMA workstation for up to and including NATO RESTRICTED. Second, a low cost (e.g. license free) and low maintenance workspace allowing web-browsing and basic office applications during business travel (e.g. no content filtering on internet

Stephan Sauer

APMA’s organizational N success.”

access to allow check-in for flights, etc.). In 2015, we obtained the SINA SRA capability and, in 2018, we decided to triple the size of the infrastructure. One of the reasons for this was that the NAPMA users have been very pleased with the SINA devices regarding performance and user handling. secunet: What are the key benefits your network and system administrators as well as your daily users have encountered and voiced back to you? Stephan Sauer: After three years of operation I may summarize that the SINA solution has fully met the users’ as well as administrators’ expectations regarding these criteria. The fact, that in three years of using 30 SINA devices NAPMA just had to open 12 support tickets, speaks for itself. With regard to the extension of the SINA devices at NAPMA, it is a fair statement that the new SRA users have fewer difficulties handling their “unknown” SINA device than they have with adapting to the software change that took place in parallel from Win 7 to Win 10 and to the new version of MS Office. The network and system administrators benefit very much from the smooth integration of the backend and the devices into the existing IT infrastructure. Managing the capability does not require a lot of effort. Using the same software images on the SINA, as well as remaining desktop computers, is more than beneficial. Positive feedback is also coming from CIS Security staff, who is pleased to see the separation of the restricted business workspace and the less protected session for Internet access. secunet: Thank you Mr Sauer for this interview. We wish you success in your next position at the German Armed Forces’ Cyber and Information Domaine Service (CIR).

is a German Air Force General Staff Officer. From 2014 to 2017 Mr. Sauer had been the Executive Officer of the NAPMA General Manager. During this period, he established the Information Assurance Section at NAPMA deriving initial Information Assurance requirements for the Final Lifetime Extension Programme of the NE-3A (AWACS). In 2017 he took over as Chief the Information

1 SINA (Secure Inter-Network Architecture) is a high-security solution that secunet has developed on behalf of the German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik, BSI). SINA has already been successfully used for many years by public authorities and the armed forces, both in Germany and abroad. 2 The interview was conducted before Lt Col Sauer left NAPMA.

Management Branch responsible for providing IT services to the agency. In April 2019, Mr Sauer left NAPMA and joined the German Armed Forces’ Cyber and Information Domain Service (CIR).

MORE INFORMATION: Jerome Kühnert secunet International GmbH & Co. KG Kurfürstenstr. 58, 45138 Essen, Germany

THE EUROPEAN – SECURITY AND DEFENCE UNION

Cyber defence in the European Union is part of its defence capabilities Cyber strongly influences any kind of capability development

by Wolfgang Röhrig, Head of Unit Information Superiority, European Defence Agency, Brussels

oday, cyber space is recognised as a domain of military operations, which is, per se, of cross-cutting nature. Thus, cyber strongly influences any kind of capability development. Before tackling cyber defence, let’s have a look at the strategic defence context in Europe.

The strategic context of European defence First, some facts and figures on European defence: the defence expenditures of EU Member States in 20161 added up to about 208 billion euros. In terms of the Gross Domestic Product (GDP), the estimated average figure was about 1.4%. In 2016, the collaborative spending on equipment purchases reached 6,3 billion and the collaborative expenditure on research and technology was about 143 million euros. This means only a small portion of about 3.1% of the overall expenditure was spent collaboratively. These figures illustrate the need for defence to be better organised at a European level. We need more debate on the better implementation of defence cooperation. European defence needs interoperable capabilities incorporating innovative solutions – technologies that are not fielded in defence until now and that are increasingly important, like artificial intelligence or nanotechnology. These will dramatically change defence capabilities, and Europe shall not stay behind. European defence has gained new momentum, especially with the implementation of the European Union’s Global Strategy

published in 2016. Since then, several new EU instruments have been launched to support the development of new and innovative military capabilities – including cyberdefence – such as the Coordinated Annual Review of Defence (CARD), the Permanent Structured Cooperation (PESCO) and the European Defence Fund (EDF). Furthermore, the upcoming new European Commission will set up a specific Directorate General for “Defence Industry & Space”. Taking into account the currently fragmented European defence sector, the goal must be to make the European defence landscape more coherent. This requires more than just asking Member States to spend 2% of their GDP on defence.

Coherent approach from priorities to impact To that end, there is a need for the integration of joint priorities for the development of European capabilities as they were agreed in the Capability Development Plan (CDP), the latest version of which was approved by the EDA Steering Board in June 2018. The CDP addresses the security and defence challenges from a European perspective, looking at the future operational environment and defining the capability needs agreed by the Member States, reflecting the contributions of the Military Committee and the European Union Military Staff. The CDP sets a total of 11 priorities, and among them is “Enabling capabilities for cyber responsive operations”. These priorities represent the main orientation for the development of capabilities in a collaborative way in Europe. Avenues of approach for their coherent implementation have been agreed in the related Strategic Context Cases (SCC) in June 2019.

Cybersecurity

Wolfgang Röhrig has been the Head of Unit Information Superiority in the Capability, Armament and Planning Directorate of the European Defence Agency (EDA) since November 2018. He was born in 1966 and entered the German Navy in 1985. In March 2012, he joined the EDA as Project Officer and became Programme Manager for Cyber Defence at the beginning of 2014. In this position, he shaped the EDA Cyber Defence Programme. In February 2018, he returned to the German Photo: EDA

Armed Forces becoming a staff member of the new Cyber and Information Domain Services Headquarters, before taking up his current post at EDA.

photo: ©Gorodenkoff, Fotolia.com

Now, the task is to link the new EU defence cooperation tools (CARD, PESCO and EDF) to these priorities by generating collaborative projects in such a way that the result contributes to a greater coherence of European military capabilities. And what applies for defence capabilities in general also applies to capabilities that enable cyber responsive operations. The technological revolution we see with 5G, robotics, autonomous systems, etc is expected to dominate the future battlefield as well as the inherent question of how those capabilities can create an advantage against adversaries. There is often a tendency to think that in such digital scenarios, ICT systems are the only systems that are protected against the occurrence of cyber-attacks. However, other components such as, for instance, electromagnetic signals that are used to transport communications are also part of this environment and the convergence of cyberdefence with electronic warfare becomes evident. Going forward, increasingly automated scenarios will increase with the proliferation of autonomous systems, which in turn bring new challenges on system integrity as well as ethical and legal considerations about their usage. In addition, they must be prepared to operate in cyber and electromagnetic contested environments. This is where future cyber defence will be most needed. The challenge is to secure the entire military value chain: from the sensors over decision-making to the effector systems.

EDA’s Cyber Defence Programme The EDA’s cyber defence programme supports the development of the necessary capabilities for responsive cyber operations in the light of CDP implementation. This comprises the following areas of work: • Improve cyber defence competencies and skills for military personnel, • Ensure the availability of state-of-the-art cyber defence technologies. This includes the identification of those that will have the biggest impact on the research agenda,

• Adopt an approach to cyber “systems engineering” with special emphasis on architecture, • Ensure coordination with other European agencies and institutions responsible for cybersecurity and other international actors, • Implement cyber defence measures in a cross-cutting way in the air, land, sea and space domains. Today, the EDA runs three ad hoc projects in the implementation phase (Cyber Ranges Federation, Cyber Situation Awareness for HQs, Improved APT detection) with different constellations of contributing members. At the same time, there are also two cyber related projects progressing under the Permanent Structured Cooperation (PESCO) initiative. Additional cyber projects can be expected from the 2019 call for new PESCO projects. Furthermore, the European Defence Industrial Development Programme (EDIDP) and the consecutive EDF are expected to incentivise cooperation in this field. The current EDIDP work programme includes topics on cyber defence and one can expect new cyber project proposals from mixed consortia as part of the recent call for EDIDP project proposals, and for which the proposals are currently under evaluation.

Conclusions Artificial intelligence is expected to change the way of thinking. It will facilitate the way cyber defence is handled and controlled by providing, for example, automatic detection of vulnerabilities that can be resolved without operator intervention, networks that “heal” themselves by installing semi-autonomous or autonomous smart agents much faster than human beings. Other technologies of interest are blockchain, the Internet of Things or big data analysis as disruptive innovations in defence. In the strategic landscape of European defence, the new EU defence cooperation instruments – the revised CDP, CARD, PESCO and EDF – are means of achieving better coherence and improved European military capabilities – including in cyber defence.

1 EDA Defence Data 2016-2017: https://bit.ly/35N7bm7

The new role of the Defence Chief Information Security Officer (CISO) Defending information, improving readiness, and succeeding anywhere

by Sir Rob Wainwright and Honorable Beth McGrath, Deloitte, Amsterdam/Washington

s defence organisations become more data-driven, the role of the Chief Information Security Officer (CISO) is changing. It is rapidly shifting from a technology-oriented position to a business leadership-focused one, with significant demands from and impact on mission readiness. That is why defence organisations across the globe measure, evaluate, and re-measure their “readiness.” While the specific term may vary from country to country, the heart of readiness remains the ability of an organisation to execute its assigned mission promptly and capably. Therefore, understanding readiness starts by understanding the basic capabilities of a force: its equipment, people, and infrastructure.

Data for the creation of a real-time picture Traditionally, the picture of those capabilities was developed through regular reporting on the status of smaller units, aggregated into a readiness picture at successively higher units. However, these historical snapshots of readiness lost much of the detail leaders needed to make decisions. As a result, many forces are beginning to use real-time data taken from sensors and analytics to create a real-time picture of projects, performance, and maintenance. Rather than relying on summary reports, leaders at every level, from defence ministry secretaries to mechanics on the flight line, can pull from the same pool of actual data. By filtering and analysing it, they can get the information they need, whether that is force-training levels or the broken part on a particular jet. While the greater use of operational data in readiness decision-making can give leaders greater insight, it also greatly increases the importance of cybersecurity. Every organisation

tries to protect its sensitive data, but bringing large volumes of data on the location and status of military forces requires even more vigilance. The result is that cybersecurity is now being dealt with higher up the corporate ladder. In many cases, the CISO has become a close peer of the chief information officer (CIO). The role now demands business leadership as well as information security and technical skills, and the CISO is now seen as a business partner, not just a business protector.

The evolving role of the CISO Understanding the threats and putting effective counter measures in place is the responsibility of the CISO. However, as the organisation begins to use data in new and different ways, the CISO must also understand how that changes its risk exposure. In a bid to better understand and improve readiness, defence organisations are using more and more real-world operational information to budget, recruit and make other decisions. While these types of decisions may previously have used “back-office” data that was less sensitive, the aggregation of many different types of mission-related information makes the CISO an integral part of the executive team. The CISO must be fully involved in the decision making process so that they can make sure that decision makers at every level have the information they need, but yet still protect sensitive operational data. This means ensuring that the right people get the data they need, and only the data they need. There is a significant change in the role of the CISO. In the past four or five years, it has broadened, from being almost purely technology-oriented to more people-oriented, and from being a middle-management function to a business and technology leadership function. The role continues to accelerate in the same direction to meet these needs.

photo: ©Gorodenkoff, stock.adobe.com

THE EUROPEAN – SECURITY AND DEFENCE UNION

Cybersecurity

“

The CISO must be fully involved in the decision making process.”

Honorable Beth McGrath is a Managing Director in Deloitte’s Government & Public Service (GPS) practice and leads Deloitte’s global Defence, Security, & Justice (DS&J) practice. Beth has broad, multidisciplinary, strategic, and operational Photo: private

management experience acquired from more than 25 years of successful perfor-

To be successful, modern CISOs need to know more than just technology. They need to communicate the nature and extent of the cyber threats to all levels of the company. Then, along with CIOs, they need to balance the needs for cybersecurity against the information sharing needs of the organisation. Finding that balance is the key to success: too little information sharing, and the organisation cannot make effective decisions, too little security and it is all for nothing with sensitive information lost to adversaries. Today’s high-level CISO is fundamentally different from yesterday’s information security manager.

The CISO as a value-protector and a value-adder Cybersecurity is expensive. The CISO’s department is typically a cost centre. But it is now gradually less focused on justifying costs and more on enabling valuable activities. It is difficult, if not impossible, to quantify the return on investment of security spending. Certainly, it is easy to quantify the costs of not having effective cybersecurity. A quick glance at the headlines is enough to draw attention to the many companies and government agencies that were victims of high-profile cyber-attacks. The cost of these in reputation as well as in real monetary value is clear to see. For most CISOs, demonstrating value has typically ended there: success was the absence of bad news. Today, however, that may be slowly changing. A few of the brightest CISOs are beginning to explore how cyber know-how can be a valuable commodity. Some companies and government agencies that have developed expertise in protecting their own vast networks are able to offer that knowledge to other companies and agencies as a service. In that way the CISO’s cost centre can actually become a profit centre. Admittedly, that is not the goal nor likely outcome for most

Sir Rob Wainwright

mance in the federal government serving in positions up to the undersecretary level in the Department of Defence (DoD). Prior to joining Deloitte, Beth was confirmed by the Senate as the deputy chief management officer (DCMO) for the DoD and has held numerous other executive positions in government service.

CISOs. Success for today’s top government CISOs is not only protecting data but enabling the mission. CISOs are being asked by leadership to keep data safe, but also make sure security measures do not get in the way of digital transformation, and figure out how technological know-how can be used to create frictionless information sharing. Keeping data safe while staying out of the way of modernisation efforts is critical.

A safer information flow leads to better decisions Remote payments are a prime example of the benefits of “security by design,” where robust security measures, far from slowing down and spoiling the user experience, have sped it up and enhanced it. Users who have confidence in the security and ease of remote payments are more likely to use it. For government agencies, a safer information flow means a greater information flow, which directly leads to better decisions. So cybersecurity at this level of sophistication will not just protect data but will make an organisation more mission-effective. Different countries and agencies are at different stages of the evolutionary cybersecurity process, depending on a variety of factors such as management foresight, industry and sector, and country of operation. However, what is common across all of them is that as defence organisations make better use of the volumes of digital data produced by the modern world, the CISO will increasingly be a critical part of the realisation of the mission.

has been a Partner with Deloitte since June 2018, working in its cyber and financial crime practices. He was the Executive Director of Europol (2009 to 2018). After a 25 year career in intelligence, policing, government, EU and international affairs, Photo: © Europol

including at the Serious Organised Crime

Agency, National Criminal Intelligence Service and in the British Security Service, in June 2018 he was awarded a Knighthood by HM The Queen for his services to security and policing.

1 We are grateful to Joe Mariani, Chris Verdonck, Nick Seaver, Mark Nicholson, Vikram Bhat, Stephen Bonner and Michael Imeson for their insight and guidance, without whom this article would not have been possible.

modern CISOs “Toneedbe tosuccessful, know more than just technology.”

THE EUROPEAN – SECURITY AND DEFENCE UNION

The importance of a European Air Power solution Space and cyberspace have become ubiquitous in recent conflicts

by Dirk Zickora, Lieutenant Colonel (ret), Marketing Manager for Combat Air Systems, Airbus Defence and Space GmbH, Munich

he European security landscape is at a crossroads. The range and nature of threats are proliferating, the capabilities of potential adversaries becoming increasingly sophisticated and the way wars are fought evolving. European nations need to recognize this reality and act collectively and decisively. The United States of America is currently the only western nation capable of projecting and delivering decisive and sustainable military power throughout the globe. In contrast, Europe and its individual nation states would be incapable of providing a sustainable conventional resistance to a near-peer threat without the US military component in NATO and its nuclear deterrence umbrella.

However, stretched budgets and a legacy of deferred investments have not improved the European capability landscape and will continue to exert a negative impact on the rejuvenation of Europe´s Air Power. The UK and France can back up certain shortfalls with their national nuclear deterrence capability, but it is only by expanding their air power capabilities that European nations will be able to provide sufficient support to their key NATO partner, the United States.

Space and cyberspace have become ubiquitous

The world has recently seen a fundamental shift in how wars are fought. The classic domains of warfare like land, air and sea began to coalesce decades ago, with the joint amphibious Availability of independently operable capabilities campaigns in the Pacific and the landings in Normandy and If a greater European role within the current transatlantic Southern Europe during World War II as early examples. Today, partnership were desired, it would require a skill set and an new domains are emerging and interacting with the established asset portfolio based on available and independently operable ones. Space and cyber warfare have become ubiquitous in capabilities. At the same time, fair burden sharing within NATO recent conflicts, sometimes in support functions, like satellite and meeting agreed and declared commitments, both in size imagery or communications, sometimes as fields of engageand over time, continues to require a high level of resources. ment in their own right with non-kinetic effects like disinformation campaigns, network denial cyber-attacks or malicious network infiltration. To prevail in these multi-domain operations, Lt Col (ret) Dirk Zickora it will be essential to provide a large enough is Marketing Manager Combat Air Systems at Airbus portfolio of assets to deliver the required effects Defence and Space GmbH, Manching. Born in 1975, he (kinetic or non-kinetic) and resist similar effects joined the Luftwaffe in 1995 to fly fighter jets for over from the adversary with the appropriate level of 22 years. Before joining Airbus, his last tours were Chief resilience. of the Flying Branch and Opposing Forces Coordinator Among other things, it is necessary to sustain (2013-2018) at the Tactical Leadership Programme in a robust European airborne Counter-A2AD1 Photo: private Albacete, Spain, and Staff Officer in the CJFAC Strategy capability, a skill currently to be found only in the Division at NATO HQ AIRCOM in Ramstein (2018-2019). arsenals of the US Navy and the Royal Australian Air Force. Freedom of movement for a nation’s own forces is paramount not only during conflict.

photo: © Airbus

Cybersecurity

Denial of use of airspace can be a crucial factor in the positioning and operating of certain High Value Airborne Assets in times of crisis. Considering individual and regional priorities as well as fleet sizes and the value of such assets, a large scale conflict in the Pacific theatre (e.g. hypothetical simultaneous North Korean and Chinese adversarial actions involving the United States) would mean a significant shortage of assets for a potential European or Middle Eastern crisis or conflict at the same time. Currently, the European portfolio of assets is not large enough to fill this gap. Such a capability needs to be provided by multiple user nations, otherwise it creates a bottleneck for future conflicts, especially if only one nation were to develop the capability. From a military point of view, there are a number of key takeaways from a recent study performed by the MITRE Corporation2 for the Office of the Secretary of Defense of the United States of America. The authors conclude that increased operational readiness can be achieved through increased combat effectivity and efficiency, where a larger portfolio of diverse kinetic and non-kinetic effects increase options for warfighters and decision makers. Furthermore, a higher mission capable rate has the same net effect as a larger fleet. Based on this analysis, investments are paramount in order to raise mission capable rates and to procure more reliable / available platforms. At the same time, smaller fleets of expensive aircraft that are difficult to sustain is an outcome to be avoided.

sessment, fleet sizes (combat mass provision, endure attrition, scale effects on maintenance costs), true multi-role capability (jack of all trades and master of none vs. system of systems approach) and economic impact are the predominant factors. Through an effort to pool same type platforms under an umbrella like the recent EEAW3 model, significant cost savings for operations are feasible, even during times of austerity, while preserving affordable national prerogatives over a specific number of jets. Harnessing the benefits of a large and already existing common fleet like the Eurofighter Typhoon could be the most beneficial strategy. The true multirole capability and enormous potential still to be unlocked provide NATO with an unmatched opportunity. Development synergies and benefits, financial risks and operational flexibility would be shared among partner nations with individual freedom to expand or restrict own capability or accessibility. Neither development nor deployment would be restricted by third party regulations like ITAR, FMS or diverging national policies or priorities. High mission availability rates above 80% are already a reality and would further boost the effectiveness and affordability of this European pillar of NATO Air Power.

Approach to strengthen European sovereignty New technologies – even some of those envisioned for a Next Generation Fighter concept – could be introduced and matured on a common, open architecture platform like the Eurofighter Typhoon, enabling a “plug and fight” capability for a Future Combat Air System, which could be opened to other European partners. Such an approach would strengthen and consolidate

world has recently seen a fundamental “The shift in how wars are fought.” European sovereignty, its defence industry and technological know-how. A common and compatible platform and system of systems strategy would be a catalyst for and bolster European defence integration. Common connectivity protocols and sufficient bandwidth for network-enabled operational applications would further enhance cooperation across all NATO platforms, including US fighters, both current and future.

Procurement options for future effectivity Based on the analysis above, it follows that an assessment of procurement options needs to be done to ensure delivery of future effectivity, efficiency, connectivity, resilience (conventional and cyber), survivability and sustainability. For this as-

1 A2AD: Anti Access Area Denial 2 MITRE U.S. Air Force Aircraft Inventory Study, Unclassified report, 07 Aug 2019, https://bit.ly/33DSWyg 3 European Participating Forces Expeditionary Air Wing

Visit us on Euro pe’s leading ev ent for European Se curity and Defen ce

26. – 27. November 2019 Vienna House Andel’s Berlin Impressions of the BSC 2018

Europe and its external challenges – a 360° approach in uncertain times Partner in 2019: Italy Highlights Main Programme, e.g. > HIGH-LEVEL DEBATE: European Security and Regional Stability – coherence in times of epochal transition? > HIGH LEVEL-INTERVIEW: UN Resolution 1325 – Women, Peace and Security > HIGH-LEVEL MILITARY FORUM: The Mediterranean Sea and North Africa – striving for regional stability to enhance European Security > FUTURE FORCES FORUM: The European Defence Architecture – challenges and vulnerabilities versus innovation

Panels, e.g. > PESCO – a major step of the EU Defence Strategy > Joint and Combined Armed Forces / Multinational Formations in a 360° approach > Terrorism – the future of countering the global threat > Digitization versus Cyber Threats – multidomain operations as part of digital warfare > Military Mobility – Combined Joint Support and Enabling in Europe for larger formations > Arms Control – how to prevent a new arms race in Europe? > Conflict Scenarios of the Future – the impact of digitization

150 Top Speakers, e.g.

Miroslav Lajc̆ák Minister of Foreign and European Affairs of the Slovak Republic

Ine Marie Eriksen Søreide Minister of Foreign Affairs, Norway

General Claudio Graziano Chairman of the European Union Military Committee

Niels Annen MP Minister of State, German Federal Foreign Office

General Enzo Vecciarelli Chief of Defence, Italy

Dr Peter Tauber MP Parliamentary State Secretary, German Federal Ministry of Defence

Dr Judit Varga Minister of Justice and Minister of European Affairs, Hungary

General Eberhard Zorn Chief of Defence, Federal Ministry of Defence, Germany

Further Information  www.euro-defence.eu Organizer

Photos: Dombrowsky; Bundeswehr 2018, BPA, Kugler; BMEIA; kormany.hu;privat

Security and defence photo: ÂŠ Yeongsik Im, stock.adobe.com

Security and defence cooperation is on the EUâ&#x20AC;&#x2122;s political agenda. Countering global threats with military means needs new technologies for command and control, hybrid energy and potable water autonomy in operations and excellent capabilities in medical service. The use of robotics has become a reality. But we should not forget that global security and the fight against threats that go beyond national borders also go hand in hand with international cooperation and development policy. This chapter puts the focus on these different aspects.

THE EUROPEAN – SECURITY AND DEFENCE UNION

Finland promotes an EU defence cooperation Finland’s goal is to advance the connections and coherence of different defence initiatives by General Timo Kivinen, Chief of Defence, Finland, Helsinki

inland actively participates in the development and execution of the European Union’s Common Foreign and Security Policy. For Finland, the European Union (EU) is both a security policy choice and a community of values. A strong Europe strengthens Finland’s security. By ensuring its own defence capability, Finland also acts responsibly and participates in guaranteeing the EU’s security. During its Presidency from 1st July to 31st December 2019, in the field of defence, Finland strives to both ensure the effective implementation of previously set goals, and to have discussions on the development of future capabilities and the enhancement of cooperation.

EU cooperation supports the defence of nations The changes in the military operational environment during the last five years have deepened defence cooperation within the EU. After the publication of the Global Strategy for the European Union’s Foreign and Security Policy, defence cooperation has advanced in great strides: these issues now have an established position on the EU’s political agenda. Finland supports the facilitation of defence cooperation and

the strengthening of the EU as a security community. The Finnish Defence Forces use the EU as a forum for cooperation, particularly to advance concrete capability projects. In building a capability, the goal is to acquire the best possible option as cost-effectively as possible. Generally, capability planning is done with the perspective, and needs, of national defence in mind. The interoperability of forces and compatibility of systems will become increasingly more important in the future. Furthermore, the Finnish Defence Forces actively participate in Permanent Structured Cooperation (PESCO) projects. The potential interfaces with either existing or planned national projects are checked with every new project cycle. The selected cooperation projects will support the building of national capabilities. Overall, during the first two project cycles, Finland has joined eleven PESCO projects. In addition to PESCO, Finland participates in several other European defence projects.

General Timo Kivinen is the Chief of Defence in Finland. He started his career at the Finnish Military Academy in 1979. After the War College (1991 - 1993) he served as the Finnish Defence Attaché in Austria, Hungary (resident) and Ukraine from 1998 to 2001 before commanding the Utti Jaeger Regiment (2001 - 2004). He graduated from the Royal College of Photo: MOD Helsinki

Defence Studies in 2008. He was promoted to Brigadier General in 2010 and was assigned as Commander of the Karelia Brigade in

2011. From 2015, General Kivinen served as Deputy Chief of Staff, Strategy after which he was appointed Chief of the Defence Command in 2017. Timo Kivinen became the Commander of the Defence Forces on 1st August 2019 and he was promoted to General.

National capabilities strengthen the EU’s security Europe’s safety and security is the responsibility of every Member State. With PESCO, the members have, among other things, agreed to regularly increase their defence expenditure. Finland participates in guaranteeing Europe’s safety and security by continuously developing its own defence. Threats can be deterred by maintaining and developing capabilities suitable for the requirements of the operating environment, and being ready and able to

Security and Defence

interoperability of forces “The and compatibility of systems

photo: MOD Helsinki

will become increasingly more important in the future.”

give and receive international assistance. The wartime strength of the Finnish Defence Forces is one of the largest in Europe. Finland creates common security with a solution based on general conscription, combining high-end capabilities and a large reserve. However, security and safety are not guaranteed with military capabilities alone, but with multidisciplinary national cooperation. Comprehensive security is a Finnish operating model reaching back over 50 years, which relies on inter-agency cooperation between different authorities. It is still used today to respond to modern security and safety challenges that affect all of society. The Finnish Defence Forces are one part of this entity. Finland also contributes to Europe’s security by participating in the EU’s military and training missions, and by providing troops to the Union for these operations. Currently, Finland participates in EUNAVFOR MED – OPERATION SOPHIA in the Mediterranean and in the training missions in Mali and Somalia. Finland also prepares to use other capabilities of the Finnish Defence Forces, according to political decisions, in operations executed within the EU framework. Additionally, we have been a part of the EU Battle Groups since 2006. In 2020, we are contributing an armoured reconnaissance unit and Headquarter (HQ) staff for the 2020 German-led Battle Group standby period.

Digitalisation and artificial intelligence in defence Finland holds the Presidency of the Council of the EU for the latter half of 2019. Finland’s third Presidency coincides with an important time for the Union, since Finland will be the first country of the Presidency to implement the focus areas of the 2019-2024 Strategic Agenda into the practical work of the

Council. The focus areas of the Finnish Presidency are tightly linked to the new Strategic Agenda. Our priorities are: • the strengthening of common values and the principle of the rule of law; • a more competitive and socially intact Union; • strengthening the EU’s position as a global climate leader; • ensuring the comprehensive security of citizens. Two special themes have been named for the field of defence during this Presidency: digitalisation and artificial intelligence in defence, and as a topic encompassing the whole of government, responding to hybrid threats. Both themes focus on partnerships, particularly the cooperation between the European Union and NATO, and the European Union and the United States. The themes have been carefully selected, paying special attention to their potential and importance in the future. Addressing both themes is absolutely necessary for all Member States. Finland’s goal is that the work on the special themes will continue in the different institutions of the EU during the next Presidencies too. To boost discussion on digitalisation and artificial intelligence in defence, Finland, together with Estonia, France, Germany and the Netherlands, has written a Food for Thought paper on the topic. The events and meetings of this Presidency will include discussions on the possibilities and effects of digitalisation and artificial intelligence on the development of military capabilities, while also taking the ethical and legal perspectives into account. However, discussions are merely the first step. Europe has to be at the forefront of development, which also requires concrete action in the future. No single EU Member State can be successful alone in the global competition, but with cooperation we can develop capabilities for the future and strengthen common security.

Implementing previously set goals During its Presidency of the Council of the European Union, Finland strives to ensure the effective implementation of previously set goals, and to continue and promote active strategic conversations. The goal is to advance the connections and coherence among different defence initiatives. The EU must develop its security and defence cooperation to protect its citizens and to strengthen the EU as a provider of security in a challenging security environment. Europe must do more for its own security.

THE EUROPEAN – SECURITY AND DEFENCE UNION

Germany’s policy on arms exports is still a very sensitive issue

photo: MCSN Michael Starkey

Germany – a touchstone for the arms policy of the European Union

A conversation between Dr Hans-Christoph Atzpodien, Managing Director of the Federation of German Security and Defence Industries e.V. (BDSV), Berlin; Patrick Bellouard, Engineer General (ret), President of EuroDéfense France, Paris, and Prof Trevor Taylor, Professorial Research Fellow in Defence Management at RUSI, London. The discussion was led by Hartmut Bühl and Nannette Cazaubon, Brussels/Paris

artmut Bühl: Welcome to this round table discussion on European arms policy and in particular Germany’s arms export policy. In conferences, participants regularly complain to me about Germany’s arms and export policies. They tell me that it lacks coherence and reliability. The German government regularly engages in huge arms cooperation projects without giving its partners any assurances that they will be authorised to export. Mr Bellouard, what are your thoughts on this? Patrick Bellouard: A country’s policy on arms exports is a tool of its foreign policy and its sovereignty. The Common Foreign

country’s policy of “Aarms exports is a tool

Photo: private

of its foreign policy and its sovereignty.”

Patrick Bellouard

and Security Policy (CFSP) of the European Union (EU) was introduced by the Maastricht Treaty in 1993 and reinforced by the Lisbon Treaty in 2009, that clarified the role of the High Representative of the Union for CFSP. However, policy discussions take place within the intergovernmental framework and it is a real challenge to obtain a consensus between the 28 EU Member States on critical issues. Although there has certainly been huge progress over the last ten years, there is still a long way to go before CFSP is a reality. Member States will continue for some time yet to have their own foreign and export policy, as we can see in the Yemen conflict. Nannette Cazaubon: But this situation should not prevent Member States from engaging in arms cooperation projects, as cooperation is the only solution to reach their objective of EU strategic autonomy? Patrick Bellouard: Yes, European cooperation on defence is clearly vital for the future of European defence and security. The level of European cooperation on arms is still very low (stable at 20 % of total defence investment expenditures of EU Members States during the last 30 years) and the Member States must increase this level of cooperation if they want to reach their objective of EU strategic autonomy. However,

nations that wish to cooperate on huge projects must reach agreement on future exports from these projects and make real commitments on this before the project is launched.

Security and Defence

of fact that Germany “Itdoesis anotmatter regard arms exports as an integral part of its security strategy and foreign policy.”

Hans-Christoph Atzpodien

Hartmut Bühl: I agree with you that export regulations are national prerogatives but that they should not hinder collaborative projects. Let me ask you, Dr Atzpodien, the Managing Director of the German BDSV: is it fair to accuse Germany of pursuing an export policy that is not reliable and coherent with European ambitions on arms cooperation? Hans-Christoph Atzpodien: First of all, it is a matter of fact that Germany does not regard arms exports as an integral part of its security strategy and foreign policy. Moreover, we need to bear in mind that the major German defence contractors are privately owned, with no government involvement. I do not agree with blanket criticism of Germany for its policy of arms exports. I think we simply have to acknowledge that so far there have been significant political differences between Germany and its closest European neighbours and allies like France and Great Britain. This makes it more difficult for these countries to enter into viable European cooperation projects with Germany than it would be with if there were a more harmonized export policy vision. Nannette Cazaubon: Professor Taylor, would you like to respond directly to Dr. Atzpodien? Trevor Taylor: Collaborative projects are primarily a joint effort to develop and produce systems that would not be affordable on a national basis and decisions about exports should also be made on a collective and not a unilateral basis. The experience with Germany and Saudi Arabia underlines that the private and in some ways informal arrangements to deal with the export of European products are no longer satisfactory. The civil war in Yemen has presented all the suppliers to Saudi Arabia with some difficult challenges but unilateralism is simply bad for European cooperation.

Hartmut Bühl: Professor, let us stay with the United Kingdom: in your experience, are the British more flexible on arms exports than Germany? What are the rules and principles in the UK? Trevor Taylor: The guidance and rules on exports are broadly the same in the UK as in other states accepting the Common Position which really addresses factors to be taken into account rather than hurdles that must be cleared for an export to be allowed. There are debates in the UK about the exports to be permitted, but in many ways the underlying issue is whether export licensing should be based on some simple ethical position (most obviously the precautionary principle of “first do no harm”) or on calculations of the short and medium term consequences of a licence rejection. In a realistic perspective, these would include the increased prospect of Russian and Chinese sales to Saudi Arabia and enhanced efforts to develop national arms industries. Nannette Cazaubon: Is there a common view on human rights, in your opinion, corresponding to the values of the European Union? Trevor Taylor: On human rights, of course the UK government and society have a serious commitment to their promotion but we should recognise that in many areas the specific nature of such rights, while pretty settled in Europe, is a contested area on the global scale and that the real battle is how best to promote acceptance of our views on human rights by governments with little respect for such ideas. Nannette Cazaubon: Gentlemen, may I make the transition to a very practical issue and ask Mr Bellouard about his long experience of being the Director of OCCAR*, managing the A400M programme, not only for EU but also for third countries. What lessons can you share with us from OCCAR that would be useful for the EU?

Photo: private

projects are p rimarily a “Collaborative joint effort to develop and produce

systems that would not be affordable on a national b asis.” Trevor Taylor

Patrick Bellouard: Although many lessons could be learnt from the A400M programme in general, I do not consider that significant lessons can be learnt about the export of the A400M

THE EUROPEAN – SECURITY AND DEFENCE UNION

European cooperation in armaments would in principle reduce the need to export but we must remember that one goal of collaboration is to enhance or sustain national defence industrial capabilities to develop, produce and support equipment. Sustaining such a range of capabilities needs a constant drumbeat of work which usually means that exports are particularly valued once the national needs of the collaborators have been met and before a The German Leopard 2 tank photo: 7th Army Training Command, CC BY 2.0, flickr com successor project is ready to launch. The case of Typhoon illustrates this. Even US defence aircraft. Only two export contracts have been signed, one with businesses, despite the scale of their national market, are now South Africa, which South Africa subsequently cancelled in feeling more pressures to sell overseas. 2011, mainly for technical reasons, and one to Malaysia (for four aircraft). There was a full consensus among the A400M Nannette Cazaubon: Dr Atzpodien, you have vast experience partners on these contracts and I have not heard of any politwith cooperation on naval armaments. Did you ever have probical difficulty concerning the implementation of the Malaysian lems with your partners because of Germany’s export restriccontract. tions? Would you like to see wide-ranging EU regulations for arms exports? Hartmut Bühl: Does this mean that A400M partners will not Hans-Christoph Atzpodien: On my experience in naval cooperfind it difficult to make future export decisions and, in the long ation, I have to say that Germany is not the only country with term, to implement those export contracts many years after certain political restrictions; in my experience this is also true their signature? for other countries like Scandinavian countries. Therefore, it is Patrick Bellouard: Of course not! There are examples of of paramount importance for any supra-national arms coopcooperative projects for which a nation later decided to stop eration that the countries involved reach a clear agreement to the implementation of previously agreed export contracts by handle their arms export policies for the respective products in blocking the delivery of subsystems. a harmonised or at least a coordinated way. Hartmut Bühl: Could EU regulations solve that issue? Patrick Bellouard: EU Member States do not seem prepared to accept any EU involvement in exports beyond the current EU regulation on dual use trade controls, adopted in 2009 and currently being revised in discussions between the Council and the Parliament. This EU regulation simply reflects commitments agreed upon in key multilateral export control regimes. However, progress could be made in two fields: • firstly, a culture of exports, where Member States must recognise that the EU defence industry cannot survive without exports, especially for as long as some EU Nations spend a significant part of their defence budget on contracts with US industry; • secondly, European cooperation on arms, which remains very low. A significant increase in EU cooperation would reduce the industry’s dependence on exports and therefore reduce the political difficulties in this area. • Hartmut Bühl: Professor Taylor, wold you like to comment on what has just been said from the other side of the channel? Trevor Taylor: Yes, I would like to comment on this. Increased

Nannette Cazaubon: But what are the requirements for that to happen? Hans-Christoph Atzpodien: Well, in the first place, it requires a decision by each government involved. I doubt whether this can simply be replaced by an EU regulation. The experience with the Council Common Position of 8th December 2008 shows that its wording can accommodate very different export policy approaches. The reason for these differing interpretations is the simple fact that arms exports are a matter of national sovereignty, which in most cases tends to prevail in export policy decisions. Hartmut Bühl: Professor Taylor, there are obviously limits on the extent of European arms cooperation for European defence. But shouldn’t the EU have binding rules at least for arms cooperation with third countries? Trevor Taylor: The EU may be able to devise and enforce rules where EU funding is involved but even here there is the issue of how to treat foreign owned businesses in Europe that have owners outside the EU, but which fund and develop intellectual property within the EU. General Dynamics and Raytheon, for

Security and Defence

example, are in this position. Where no EU money is involved, individual EU states should surely be free to arrange projects as they see fit with partners inside and outside Europe. Hartmut Bühl: Indeed, it was the USA I had in mind. But after Brexit, won’t there likely be a new deal? Mr Bellouard, would you like to comment? Patrick Bellouard: Firstly, nobody knows today if Brexit will be implemented or not, and there is a high probability that the UK will once again seek and be granted an extension. If Brexit is indeed implemented, the UK will be treated as a third country, like Norway for example. That should not prevent the UK from cooperating with EU partners on arms, and I certainly hope it will continue to do so. However, British industry will no longer be eligible for EU funds: you cannot be in and out of the EU at the same time.

Hartmut Bühl: But what is this due to? Hans-Christoph Atzpodien: It is due to an administrative habit to link even routine approvals, on which everybody could firmly rely in the past, to the government’s geopolitical thinking. This means that even for smaller parts designated for existing European programmes, everyday export approvals can be reversed by the administration for no visible reason. This practice has damaged Germany’s reputation for reliability vis-à-vis its European partners more than some of the more prominent cases of open political disagreement.

Nannette Cazaubon: I think this is the time to come back to the core question of reliability in arms cooperation. Professor Taylor, what are the essentials for such cooperation? Trevor Taylor: Further to my previous comment, collaborative projects (which often have an active life of 40 years or more before the disposal phase) should only be undertaken with partners with a high probability of pursuing a The future MALE RRPAS system is a cooperation project between France, Germany foreign and security policy compatible with that and Italy photo: European Defence Agency of other partners, but there will be always an element of risk. Hartmut Bühl: That is why your partners have had, in one way The major arms developing nations should perhaps have a or another, doubts about the well-known German quality and private but serious conversation on the consequences that reliability. Have you encountered significant and insoluble have stemmed from very restrictive arms export stances. Do problems? they too often actually promote the proliferation of defence Hans-Christoph Atzpodien: Absolutely! The famous “German industrial capabilities? free” advertisement on a product shown at a defence exhibition has been quoted frequently – but it is no myth! This also has a Nannette Cazaubon: Thank you Professor, I think we need a bearing on quality, because delivery reliability in the politically German comment on this: Dr Atzpodien, German industry is sensitive defence business is as important as technological involved in huge bilateral and multilateral arms projects in quality. At both levels – political and technological – the main Europe. What is your opinion on confidence, credibility and contractor must be able to rely on the delivery of a part in order the other criteria Professor Taylor mentioned? Are these the to perform on time and on budget. essentials? Hans-Christoph Atzpodien: As mentioned before, national Hartmut Bühl: Mr Bellouard, some years ago, when I did an policies for arms exports need to be harmonised as much as interview for this magazine with you as Director of OCCAR in possible in order to make supra-national projects successful. Bonn, you pleaded for big projects between EU Member States This, however, has to include more than just a broad political to be able to compete with the US and to avoid export probalignment. Just as an example: in recent years hurdles have lems. Today there are two huge French-German projects for a been faced during the process of defining German arms export future combat aircraft and a combat tank. Do you have doubts policies. These have resulted in a substantial lack of trust in regarding your German partners? the consistency of German arms export decisions as they are Patrick Bellouard: I have no doubt that the political authorities not that politically visible. in both Germany and French have fully understood the impor-

THE EUROPEAN – SECURITY AND DEFENCE UNION

tance of these cooperative projects for the future of European defence and security. But I have doubts concerning the effective and efficient implementation of these projects. Difficulties can come from both partners and success will require a real trust and a common resolve at all levels, government, administration and industry. Nannette Cazaubon: Are there ways of reducing these risks? Patrick Bellouard: Yes, I think that there are, which is why I propose to use the OCCAR organisation for the management of these projects. OCCAR has proven its efficiency, it would avoid issues of leadership between France and Germany, and it would help build trust between all partners. In addition, I am convinced that these programmes will not survive as projects between France and Germany alone. It will be crucial to include other European partners as early as possible. Hartmut Bühl: With what objectives? Patrick Bellouard: The objective would be, without introducing new specifications and delays to the project, to reduce the budget for each partner and to increase the project’s “European qualification”. Nannette Cazaubon: Dr Atzpodien, I am sure you will want to comment… Hans-Christoph Atzpodien:This is definitely is a good vision, which has been on the European political agenda for many years. In the meantime, pressure has clearly been mounting to seriously reduce the diversity of Europe’s arms programmes. Nevertheless, I am convinced that true sharing of equipment among European nations will only work if the countries concerned demonstrate strong political will and everything that Europe does is truly embedded within NATO. Hartmut Bühl: Gentlemen, this leads me to another field of arms cooperation. The European Defence Agency (EDA) is making considerable efforts to create “capabilities” and is initiating cooperative arms projects. Germany and France are active participants in these projects. What are their other objectives apart from the product? Are Small and Medium Enterprises (SMEs) a factor in such collaborative efforts? I would imagine that the BDSV is exerting influence in favour of SME’s, the backbone of German industry. What are France’s objectives? Hans-Christoph Atzpodien: Of course, SMEs are the backbone of Germany’s and probably also France’s defence industry. However, SMEs alone will not be able to succeed in organising and implementing major arms programmes on a European scale. This also requires strong so-called “systems-houses”, which already integrate SMEs into their value chains to a large extent. But perhaps I should turn to Mr Bellouard to give us France’s position. Patrick Bellouard: Thank you Dr. Atzpodien. Although the landscape of French and German SMEs is somewhat different (German SMEs are generally stronger), there is not a big differ-

ence between the French and German approaches to the arms industry. Both nations need, as you have mentioned, strong “maîtres d’oeuvre” (systems integrators) as they are called, supported by established SME value chains. It is the task of these systems integrators to provide the armed forces with the weapons systems they need. For me, the main obstacle to cooperation is not the different industrial organisations, it is the lack of political will of the partners to reach consensus on the military requirements. One of the missions of the EDA is precisely to harmonise and prioritise the military needs. I consider that this important task is absolutely critical to the future success of the European Defence Fund. Nannette Cazaubon: Thank you all for your openness. I think the time has come to sum up. May I ask you, Professor Taylor, to try and summarise, or at least to provide an answer to the title of our discussion, “Germany – a touchstone for the arms policy of the European Union?” Trevor Taylor: I judge that Germany and Europe would have been better off if Berlin had looked for a cooperative response to the war in Yemen, bearing in mind that defence exports to Saudi Arabia have been a source of major public debate also in France, the UK and of course the US. In the bigger picture, specialised military equipment is the simple if difficult part of the problem. The more complicated issues concern the export of dual-use technology valuable for both civil, internal and military applications. Much electronic technology can enhance the capabilities of oppressive governments to monitor their citizens. How is that sector to be controlled? Do we also need to think about controls over people, if human rights are to be a major factor in where we chose to work? It is notable that Saudi Arabia, partly as a response to the threat of embargoes, is developing its own Saudi Arabia Military Industries with a German Chief Executive recruited from Rheinmetall… Hartmut Bühl: Nannette, gentlemen, my gratitude for this insightful round table discussion. There are no simple solutions but there are national and industrial interests. We have learned that arms projects are based on national needs. Projects can become collaborative when there is the necessary political will and industrial strategy to bring them to fruition. These projects certainly need the prospect of export opportunities, realising that export decisions are national ones and will ultimately be taken for business reasons. We have heard that German industry is a competent and reliable partner, but that Germany’s policy on arms exports is still a very sensitive issue for German society, due evidently to Germany’s history. I personally think that the fact that Germany upholds its constitution, entailing an extensive interpretation of human rights with due regard for Germany’s history, should not be held against it. *OCCAR: Organisation Conjointe de Coopération en matière d’Armement / Organisation for Joint Armament Co-operation.

The leading magazine for Europe’s security and defence community

The magazine is the first winner of the European award for “Citizenship, security and defence” 2011

Please find the subscription order form: www.magazine-the-european.com/subscription/ or by E-Mail: subscription@magazine-the-european.com MEDIA AND CONTENT SALES Andy Stirnal Phone: +49(0)176 66 86 15 43 · E-Mail: mediasales@magazine-the-european.com 3 issues for one year, including postage and delivery: Subscription EU:  42,– International subscription:  66,–

For further information about the magazine: www.magazine-the-european.com

The Future of European Integrated Air and Missile Defence

The Patriot partnership of 17 countries is a strong and attractive community

Interview with Bruce R. Eggers, Raytheon’s Business Development Director for German Integrated Air and Missile Defense, Andover, Massachusetts

he European: Mr Eggers, Germany recently made the decision to upgrade its Patriot air and missile defence system to the most modern configuration currently available – Configuration 3+. Why is that so significant for NATO? Bruce R. Eggers: Germany, the Netherlands, as well as five other European nations and the US, entrust Europe’s Integrated Air and Missile Defence to Patriot. By upgrading to Configuration 3+, Germany has the latest updates to address evolving threats, to remain technological compatible and interoperable with its allies for many years to come.

The European: Can Patriot handle the next generation of threats? Bruce R. Eggers: Yes. We are offering Germany our Next Generation Patriot solution package, which addresses advan ced threats with a cutting-edge, 360-degree radar that has undergone more than 3,000 hours of testing. Commanders also have operational flexibility due to Patriot’s missile mix of GEM-T interceptors and the PAC-3 MSE interceptor. Of course, those interceptors are already integrated into Patriot Configuration 3+. The European: And what about the IRIS-T SL option as an additional capability? Bruce R. Eggers: We have the additional capability to integrate IRIS-T SL, subject to the permission of both the German and US governments. Together with Rheinmetall’s solution, all of

this fits into a seamless architecture that can cover Germany’s ground-based air defence needs. The European: You see me hesitating, but let me provoke: Is my feeling right that you are convinced that Next Generation Patriot is a German solution because you have a partnership with Rheinmetall? Bruce R. Eggers: Absolutely. Raytheon has a global strategic partnership with Rheinmetall, and they are integral to our solution. We talked about the opportunity to integrate IRIS-T SL already. Beyond that, and with the permission of the US and German governments, we could potentially incorporate a German medium-range radar and German made command, control and communications. In Germany, it is a single solution that combines the current working system Patriot by filling the gap against short range attacks and thus protecting the own military forces. The European: And your Patriot-partner MBDA? Bruce R. Eggers: I’d also point out that MBDA currently does work on German Patriots, and the Patriots of other partners. The European: What is the workshare e.g. for your German partner MBDA? Bruce R. Eggers: We have a joint venture with COMLOG. They are responsible for two main servicing and maintenance tasks for Patriot. First, they do all the missile upgrade work not only

Security and Defence

for German missiles but also for other partner countries as well. There are 80+ employees working solely on Patriot missile upgrades in Schrobenhausen alone. In Freinhausen all Patriot user tests are done. We would not anticipate that changing. Furthermore, MBDA does launcher integration for our worldwide Patriot customers, not just for Germany. The European: What then do we do with the claim of some experts in Europe, but also of Raytheon’s competitors, that MEADS represents the future, while Patriot is the past? Bruce R. Eggers: Patriot is the air and missile defence system of choice for 17 countries. Four new countries have joined the partnership since November of 2017 – the Kingdom of Bahrain is our newest addition, joining in August. Those countries looked at the threat, evaluated the data, and made their choice for today and for the future. How many countries have selected MEADS? The European: Sir, let me turn back to the past and ask why in 2011, the US Army – up to this date fully behind the MEADS-programme, decided to terminate participation in the programme? Bruce R. Eggers: MEADS was billions over-budget and years behind schedule. The reality is that MEADS is built on a foundation of not of the state of art technology that never made it through the formal systems qualification process, whereas Patriot’s technology is constantly refreshed, tested and upgraded thanks to continued investment by the entire Patriot community. The 17 countries of the Patriot community which collectively own 240 Patriot fire units pay for modernization and upgrades which are based on testing and lessons learned in ongoing operations. The European: But the threat is constantly evolving and improving. Isn’t a new system required to address that? Bruce R. Eggers: Patriot certainly has the same name that it had when it was first fielded – and even looks the same on the outside – but the resemblance ends there. Threats have

always evolved and improved. An air defence system must be constantly upgraded and enhanced in order to outpace threats, regardless of who makes it. Maintaining this constant pace of improvement would be incredibly expensive if one nation had to go for it alone. The European: Maintaining this constant pace of improvement is highly expensive. Bruce R. Eggers: In addition to being not state of the art at this moment, MEADS is untested against the spectrum of air and missile threats it claims to be able to address. MEADS development has a reported  4 billion price-tag, so let’s assume that at some point in the future it does get built. There are no other customers in the queue. It appears Germany would own a stand-alone system and the threat is not going to stand still. Germany will also be responsible for all upgrades and updates on their own. Is Germany prepared, as the only member of the MEADS Club, to pay all of these bills? The European: This is going to be exciting, and I thank you for your openness.

Bruce R. Eggers (right) receiving Hartmut Bühl at Raytheon’s premises in Berlin

THE EUROPEAN – SECURITY AND DEFENCE UNION

CONFERENCE REPORT EU CBRN Centres of Excellence Initiative

7th International Meeting of National Focal Points

photo: Hartmut Bühl

by Nannette Cazaubon, Paris

ow should we fight jointly against Chemical, Biological, Radiological and Nuclear (CBRN) risks and threats around the world? These challenges go beyond national borders and cannot be tackled alone, as recent CBRN attacks and events in Europe, its neighbouring countries and the use of chemical weapons in Syria showed. This is also true for the re-emergence of epidemic diseases like Ebola in Africa, or the increasingly devastating effects of natural disasters and climate change. In answer to this urgent problem, the European Union launched in 2010 an initiative called “European Union CBRN Risk Mitigation Centres of Excellence” (EU CBRN CoE). Within this initiative, there are currently 61 partner countries grouped around 8 Regional Secretariats1, collaborating with the aim of fostering national, regional and interregional cooperation around the world to better prevent CBRN incidents or disasters.

The initiative is well on track Led by the European Commission’s Directorate-General for International Cooperation and Development (DG DEVCO), the EU CBRN COE initiative is now well on track, as was highlighted during the “7th International meeting of National Focal Points” that took place from 12th to 14th June in La Hulpe, near Brussels. This international three-day meeting gathered about 180 participants from countries involved in the EU CBRN CoE Initiative, who all agreed that the initiative has reached a turning point. Organised by DG DEVCO and the United Nations Interregional Crime and Justice Research Institute (UNICRI), with the support of the European External Action Service (EEAS), the meeting in La Hulpe was the opportunity for fruitful discussion among the participants from Africa, Asia, the Middle-East, South East and Eastern Europe, as well as observers from Kazakhstan, the USA, and regional and international organisations. Plenary

Regional Roundtable meetings were held on the second day of the conference

Presentation of a mobile biosafety laboratory photo: Devco

photo: Devco

Security and Defence

i sessions and regional round tables provided the opportunity to assess progress made over the past year and to discuss working perspectives for the year to come. During the session breaks, participants were able to visit, in the conference venue, a mobile biosafety laboratory developed by the Belgian Praesens Foundation. On the last day of the meeting, the third EU CBRN CoE prize awards took place, rewarding the best regional success stories and innovative and creative proposals.

The EU CBRN CoE Initiative Launched in 2010 and led by the European Commission’s Directorate-General for International Cooperation and Development (DG DEVCO), in close coordination with the European External Action Service (EEAS), the EU CBRN CoE Initiative is the largest European civilian external security programme, with a budget of €155 million for 2014-2020. EU support is provided to implement a wide range of CBRN Risk Mitigation activities including needs and risk assessments, national and regional action plans, trainings, Train the Trainer modules,

Sharing ideas and defining next steps

table top and real time (including cross-border) field exercis-

The meeting was opened by Henriette Geiger, Director, People and Peace (DG DEVCO), and Bettina Tucci Bartsiotas, Director of UNICRI. Ms Geiger said that the meeting “gives us the chance to share ideas and define next steps, in a creative and visionary way.” Ms Tucci Bartsiotas told the audience that the CoE Initiative, with 61 countries working together “is a telling example of a collective action for the common good”. Chaired by Olivier Luyckx, Head of Unit B5 (Security, Nuclear Safety) in DG DEVCO, and his colleagues Eddie Maier, Deputy Head of Unit B5, and Tristan Simonart, CoE Coordinator, the meeting was the opportunity for the Heads of the 8 Regional Secretariats to report on the huge progress in each region, including the development and use of CBRN National Action Plans and the launch of new regional and interregional projects. Thematic sessions addressed CBRN Risk assessment, training and exercises, and a briefing from the European Commission focused on cybersecurity in relation to CBRN. During a Regional Round Table meeting with the presence of delegates from the Gulf region (Qatar, United Arab Emirates, Saudi-Arabia and Kuwait), a first common CoE project was launched in this complex region.

es. A National Focal Point (NFP) is appointed by each of the

Outcome of the meeting Participants agreed that the EU CBRN CoE Initiative has developed into a real joint programme with increasing Southto-South and region-to-region cooperation like in the North

During the EU CBRN CoE prize awards ceremony photo: Devco

61 Partner Countries and a CBRN National Team is tasked with the implementation of the initiative at the country level. NFPs report to and rely on one of the 8 Regional Secretariat hosted and led by one of the Partner Countries in the region and supported by a UN Regional Coordinator.

Africa and Sahel region, in Central Asia, and in the Gulf region. Furthermore, important training and capacity building progress has been accomplished. Many field exercises took place and others will be organised in the next two years. Regional CBRN Schools of Excellence and networks of CBRN training institutions emerged in South East and Eastern Europe, the Middle East and several African regions. It was also highlighted that emerging technologies with a potential CBRN dimension, like artificial intelligence, the use of drones, or cyber applications have to be taken more and more into account and that the subjects of cybersecurity of infrastructure related to CBRN will be part of working perspectives for the years to come. In his conclusion, Olivier Luyckx underlined that this meeting was a breakthrough for the CoE initiative. He highlighted the “spirit of trust and confidence” between the participants, saying that this was unprecedented. Pawel Herczynski, Security and Defence Policy Director (European External Action Service) thanked the audience in the name of the EU High Representative Federica Mogherini for “their efforts, the very rich and inspiring discussions” and their enthusiasm which he called essential for this initiative. He said that he was truly impressed by the progress made, and that the EEAS will continue to work to increase the visibility of the CBRN CoE initiative.

1 African Atlantic Façade (AAF); Central Asia (CA); Eastern and Central Africa (ECA); Gulf Cooperation Council Countries (GCC); Middle East (MIE); North Africa and Sahel (NAS); South East Asia (SEA); South East and Eastern Europe (SEEE).

THE EUROPEAN – SECURITY AND DEFENCE UNION

Another innovative step towards smart energy infrastructure in development policy

No more dead through contaminated water! by Raymond Hernandez, Business Development Water Treatment, BLÜCHER GmbH, Erkrath

very human being in the world has the fundamental right to proper drinking water (see https://bit.ly/2WcLuYo ), but the United Nations reports, that there are more dead through contaminated water than war. Water consumption is increasing by 1% each year. The reasons for this are not only population growth and changing lifestyles, but also the climate change and related droughts and floods which complicate access to drinking water. Around 844 million people do not have any access to drinkable water and only 39% of the world’s population benefits from water purification services. 780,000 people die every year because of inadequate water and failing purification services, causing dysentery and cholera. This is more than the victims of wars, earthquakes and epidemics.

United Nations development “The programme has set as objective to

grant the whole world’s population access to drinkable water at a low price by 2030. This could help to encourage people to stay in their regions.”

The United Nations development programme has set an objective to grant the whole world’s population access to drinkable water at a low price by 2030. This could help to encourage people to stay in their regions. It is a real challenge, but at BLÜCHER we have the capacity and will to help reach this goal with our water purification systems.

From idea to implementation In 2014, BLÜCHER decided to develop a dual use water purification unit for decentralised applications, which should be highly mobile with airdrop capabilities, low weight, low energy consumption and high efficiency output. The uses are military and peacekeeping, crisis and disaster management, contribution

to development aid such as in African settlements and villages suffering from contaminated drinking water and no access to water purification.

Time for innovation in water purification The two long established technologies for the treatment of water are ultrafiltration for water with specific pollutions only and reverse osmosis in cases of known or suspected chemical pollution. More recently, however, the increasing presence of dissolved organic compounds and traces of heavy metals, pharmaceutical pollution and pesticides has turned out to be a challenge in both urban and rural environments. The existing technologies have proven incapable of removing some critical substances, as well as having high-energy demands and requiring bulky, heavy and immobile installations. The user community – either small, deployed military forces or disaster management units – has therefore been encouraging the industry to provide innovative solutions with enhanced mobility, energy efficiency and water quality. BLÜCHER’s mobile BWP400 water purification unit addresses those requirements. Low weight and small footprint Thanks to its low weight (approximately 100 kg) and small footprint (the size of a Euro pallet), four operators can move BLÜCHER’s water purification unit. Its electricity consumption (less than 1 kW) keeps energy requirements to a minimum, and in environments with scarce water supplies its average yield of 90% is advantageous. Highly automated, the unit can be easily commissioned and operated, even by personnel with a minimum amount of training. The unit is easily transportable on any small truck or trailer and any transport helicopter, enabling it to be deployed in inaccessible zones and difficult terrains. Innovative filtration concept The BLÜCHER’s BWP400 is designed to cope with a range of difficult water purification challenges. The concept is based on an ultrafiltration step, which retains particulate contamination such as suspended solids, bacteria and viruses, followed by an adsorptive filtration unit operating a special high purity and high capacity synthetic activated carbon bed. 8,000 liters of drinking water are delivered per day in a nearly continuous mode and, depending on the water quality, the unit can produce approximately 200,000 liters of drinking water before cartridge replacement.

Security and Defence

Raymond Hernandez has been Head of Business Develop-

Dual-use prototypes successfully tested by NATO Prototypes of the BLÜCHER’s BWP400 water treatment unit took part in NATO’s Smart Energy demonstration activities during a civil-military exercise (the Capable Logistician 2015 – CL15) organised in Hungary. The unit drew significant interest from military as well as civilian attendees with disaster management and humanitarian or development aid backgrounds. At temperatures between 36° and 40° Celsius, the unit successfully proved its fitness for use in military and disaster response environments. It was deployed and relocated several times, demonstrating its high mobility and performance under varying requirements. Thanks to its low energy consumption and resulting connectivity to a range of energy sources, e.g. solar panels, the system can be operated autonomously, waiving the need for a continuous fuel supply and the related logistic. Easily and quickly customisable to various water and energy sources as well as to different water supply and storage equipment, it successfully demonstrated its interoperability and hence its decisive role in a smart energy environment under high demanding security and reliability requirements.

Lessons learned and consequences Water treatment and supply is vital everywhere. To guarantee drinkable water in developing countries without sufficient access to treatment capacities, suitable water treatment systems

ment Water Treatment at BLÜCHER GmbH in Erkrath since 2017 Born in 1958 Hernandez earned his LL.M. (International / European Law Photo: private

and Political Sciences) in Paris and is a special postgraduate in European Law.

He has held, among others, these positions: 2004-2016: Project Director International, GELSENWASSER AG, Gelsenkirchen; 1989-1998: International Business Development, Veolia Environnement, Paris; 1983-1989: International Project Manager DG DEVCO, European Commission, Brussels.

will save people from epidemics and allow for better live quality. In the fields of military as well as civil peacekeeping and humanitarian operations, energy-efficient, mobile water supply units bring a decisive performance and safety leverage. Trials under real operation conditions showed that such water production systems must be customisable. The experience gathered during the CL15 exercise and consecutive discussions revealed the need for current technology standards for decentralised drinking water production to be reviewed focusing on enhanced mobility, autarky, performance and safety.

The high mobile BWP 400 with a weight of 100 kg needs 1,5 kVA ( = 1 Solar Panel) for the production of 400 l/h potable water. Low operator skill, ruggedized construction and low logistical requirement make BWP400 the ideal water purification system for settlements, housing at construction sites as well as medical stations or mining in regions under development to guarantee continuous supply of potable water. Illustration: BLÜCHER GmbH; photo: Scott Griessel, stock.adobe.com

THE EUROPEAN – SECURITY AND DEFENCE UNION

CONFERENCE REPORT International Workshop at Kärcher Futuretech

Life Support Solutions – Field Camp Services

(Hartmut Bühl, Brussels/Paris) An international workshop on the initiative of the Association of the German Army (FKH) and organised by Kärcher Futuretech, a wholly owned subsidiary of Alfred Kärcher SE & Co. KG, took place on 26th and 27th June 2019 at the company’s headquarters in Schwaikheim, near Stuttgart, Germany. The workshop brought together major players in the political, public, business and industrial sectors, including scientific research, to focus on the deployment of land forces in joint and combined operations in humanitarian, peacekeeping and peace enforcing missions. The primary aim of the FKH is to put forward, for the benefit of the German parliament and German government, solid arguments about how to equip German land forces in the most modern and efficient way.

he General Manager of the Association of the German Army (FKH), Major General (ret) Wolfgang Köpke welcomed more than 100 representatives from 21 nations to this two-day workshop, comprising an exhibition of equipment, presentations and round table discussions. He asked the participants to exchange ideas and experiences and said, “I hope that at the end of our discussions, we will have found the appropriate answers to the key challenges of future conflict scenarios.”

Thomas Popp, the Managing Director of Kärcher Futuretech and organiser of the workshop, emphasised that all presentations and speeches would be open for wide-ranging discussion. “The speeches of officials”, he said, “and the different companies present at the workshop, will provide insight into the issues and offer solutions to be discussed in a most constructive way.” In handing over to the master of ceremonies, Dr Patrick Marcus, Executive Head of Development, Testing & Technical Communication, who led the discussions and managed the event to participants’ great satisfaction, Thomas Popp said wisely: “There is never only one solution, but each solution generates ideas.” Presentations were given by partner armies and international companies. The insightful presentations on life solutions for camps by Austria, Canada and Sweden clearly showed that there is no standardisation and that each army has its own views on the issue. The company presentations by GOFA Gocher Fahrzeugbau GmbH on vehicles for transport and water storage and Drehtainer GmbH on the properties and use of containers in operations demonstrated different customer-approved solutions. The Danish Dantherm Group showcased solutions for mobile heating and cooling in camps. Stefan Monig, Managing Director of M. Schall GmbH, presented the

Security and Defence

Detailed discussions after industry presentations were characteristic for the workshop

company’s range of highly mobile tent and container solutions, and the Israeli Beth-El industries, active worldwide in protection and filtration systems for tents, containers and vehicles, presented its solutions for protection against CBRN attacks and environmental hazards. In-camp logistics were presented by the Austrian Palfinger Emea GmbH and Ecolog, Germany. Josef Fenninger reported on Palfinger’s solutions for life support in camps. André Hansen, CEO of URBITAS, a company of Ecolog, focussed on challenges and solutions for catering during operations, applying hybrid energy solutions (solar and wind) to all camp installations, from communication with HQ to tents, kitchens and water treatment equipment, thus promoting comprehensive solutions to building camps.

Hartmut Jenner, CEO of Alfred Kärcher SE & Co. KG, opening the evening session

Editor-in-Chief Hartmut Bühl asked the President of FKH, Wolfgang Köpke, on his impressions about the workshop at Kärcher Futuretech The European: At the end of the workshop, what is your overall impression? W. Köpke: We experienced perfect organisation, great hospitality and had very constructive discussions.

President FKH, Major General (ret) Wolfgang Köpke, launching his appeal to industries to keep in mind the

The European: The soldier was at the core of all presentations and discussions. What do soldiers need to fulfil their missions? W. Köpke: To achieve military success, modern and well-organised field camps are a prerequisite to ensure the well-being of our soldiers and enable them to fulfil their missions. The European: Given the threats and setbacks in every deployment, what is essential for camps?

W. Köpke: To accommodate mission-ready forces, the infrastructure has to be reliable and resilient. The equipment providing energy (fuel or hybrid), water and food as well as ammunition has to be available 24/24 and 7/7 under all circumstances.

THE EUROPEAN – SECURITY AND DEFENCE UNION

Last but not least

Franco-German Ministerial Council pushes defence industrial cooperation 26 Nov

ENISA Maritime Cybersecurity Workshop

The ENISA Maritime Cybersecurity Workshop will be a full-day event and will take place at EMSA’s Headquarters in Lisbon, Portugal. The workshop will include presentations and discussions around the topic of cybersecurity in the maritime sector, particularly focusing on ports.

> Web https://bit.ly/2MWrFQM

2-3 Dec

Santiago Climate Change Conference (COP 25)

The 2019 UN climate change conference (COP25) will be held in Santiago, Chile. The EU and its Member States will take part as Parties to the UN Framework Convention on Climate Change (UNFCCC).

> Web https://www.cop25.cl/en/

19-21 Nov

Space Tech Expo Europe

Space Tech Expo Europe is a major event for

On the basis of the 2018 Franco-German “Declaration of Merseburg” which called, among other things, for the start of common military research, namely the Future Combat Air System (FCAS) and the Future Main Ground Combat System (MGCS), the Franco-German Defence and Security Council agreed on concrete measures in industrial armament cooperation at its meeting in Toulouse on 16th October 2019. Both sides also agreed to develop a common position on exports of common arms projects . Regarding the current political situation, France and Germany highlighted their firm commitment to NATO’s enhanced Forward Presence (eFP), with France to commit forces in 2020 to the German-led battlegroup in Lithuania. Furthermore, they declared that they remain fully committed to the resolution of the conflict in eastern Ukraine in order to restore its full sovereignty, territorial integrity and independence within the Minsk process. Both sides also confirmed their commitment to strengthening their cooperation in the space domain, especially in the field of threat assessment. Regarding industrial armament cooperation, France and Germany reaffirm their willingness to cooperate in the defence industrial domain to jointly develop leading, cutting-edge technologies and defence systems with the aim of meeting future national as well as European defence needs.

Toulouse Declaration (excerpt) Deepening Defence Industrial Cooperation FUTURE COMBAT AIR SYSTEM /NEXT GENERATION WEAPON SYSTEM In the air domain, France and Germany will develop a Next Generation Weapon System within a Future Combat Air System (NGWS/FCAS). Research and technology activities will be contracted by the end of January 2020 with the aim of developing a new generation fighter demonstrator flying by 2026. France and Germany welcome the initial participation of Spain. A new phase of the Joint Concept Study will be launched following Germany’s commitment as expressed at the Paris Air Show in June 2019. The project will be open to other European nations.

manufacturing, design, test and engineering services for spacecraft, subsystems and space-qualified components. The event will take place in Bremen, Germany.

> Web http://www.spacetechexpo.eu

NEW GENERATION LAND SYSTEMS/ MAIN GROUND COMBAT SYSTEM France and Germany reaffirm their commitment to developing, in common, a Main Ground Combat System (MGCS) to be available by 2035. The countries therefore welcome the signature of a Letter of Intent by the main German and French industrial partners regarding their cooperation for the first study phase of the project. The technology demonstrator phase will

be launched with a system architecture study for MGCS in early 2020. In addition, France and Germany will examine steps for a further consolidation and evolution of their land systems industries. The project will be open to other European nations. MARITIME PATROL SYSTEM France and Germany also reaffirm the objective to award, in early 2020, a contract for a feasibility study for the Maritime Patrol Aircraft project (MAWS). ARMS EXPORTS Pursuant to Article 4 of the Aachen Treaty of 22 January 2019, France and Germany have committed to developing a common position on exports of common arms projects. France and Germany have concluded their negotiations with a legally binding agreement of which the final steps will be implemented as soon as possible.

Source: Toulouse declaration, 16.10.2019 > Web https://bit.ly/32mgQOI

LAND AND AIRLAND DEFENCE AND SECURITY EXHIBITION

08-12 JUNE 2020 / PARIS THE UNMISSABLE

WORLDWIDE

EXHIBITION 1,802

exhibitors

+14,7%

from 63 countries 65,9% of international

65 startups at Eurosatory LAB

98,721

Total attendance (exhibitors, visitors, press, organisers)

227 Official delegations from 94 countries and 4 organisations (representing 760 delegates)

696

journalists

from 44 countries

75 Conferences 2,102 Business meetings made

2018 key figures

ANYTHING.

In operations, the Eurofighter Typhoon is the proven choice of Air Forces. Unparalleled reliability and a continuous capability evolution across all domains mean that the Eurofighter Typhoon will play a vital role for decades to come.

Air dominance. We make it fly.

airbus.com

The European Security and Defence Union Issue 33

Articles inside

Interview with Bruce R. Eggers, Andover, MA The Future of European Integrated Air and Missile Defence The Patriot partnership community

Last but not least

Conference report by Hartmut Bühl, Brussels Life Support Solutions – Field Camp Services International workshop at Kärcher Futuretech

Dirk Zickora, Munich The importance of a European Air Power solution The role of space and cyberspace

Raymond Hernandez, Erkrath No more dead through contaminated water! Potable water – easily produced everywhere

Round table interview with Patrick Bellouard, Paris, Hans-Christoph Atzpodien, Berlin, and Trevor Taylor, London Germany – a touchstone for the arms export policy of the European Union

Conference report by Nannette Cazaubon, Paris The EU CBRN Centres of Excellence Initiative 7 th meeting of National Focal Points

Timo Kivinen, Helsinki Finland promotes an EU defence cooperation Make European forces more operational

Carlos Bandin Bujan, Brussels We need more efficient cybersecurity building worldwide A transversal issue in development and cooperation

Rob Wainwright, Amsterdam, and Beth McGrath, Washington The new role of the Defence Chief Information Security Officer (CISO) CISOs are more than technology officers

Documentation 5G networks, “fake news” and disinformation

Wolfgang Röhrig, Brussels Cyber defence in the European Union is part of its defence capabilities Cyber strongly influences capability development

Secunet, Essen NAPMA further expands its SINA Secure Remote Access capability Advertorial

Peter Martini, Bonn The crucial role of cybersecurity for a resilient energy supply Vulnerability will increase with digitalisation

Interview with Arne Schönbohm, Bonn Europe needs coherent national strategies and EU operational concepts Make cybersecurity a top priority

Michael Singh, Washington, DC The world needs the EU as a global player Europe strategic dependence

Jean-Louis Gergorin /Léo Isaac Dognin, Paris Democracies must learn to withstand, in peacetime, a permanent war in cyberspace Governance remains the number one challenge

Angelika Niebler MEP, Brussels/Strasbourg How MEPs work to boost Europe’s cybersecurity Cyber resilience is a top issue in the EU

Roberto Viola, Brussels Taking a cyber leap forward A European response to cyber threats

Guest commentary by Jean-Dominique Giuliani, Paris Our freedom starts with Hong kong

Commentary by Hartmut Bühl, Paris Security must be palpable