Abstract:

The coordinated Denial of Service attacks in Estonia 2007, the successful hacker attacks against the German Bundestag 2015 and the increasing number of cyber-crimes challenge the European Union (EU). In order to overcome these challenges the EU initiated a cyber security strategy in 2013. This paper follows up the question, whether the measures of this strategy are adequate in order to tackle the challenges of the cyberspace in modern times and which improvements can be done. The focus will rely on the analysis of the EU’s cyber security strategy 2013 as well as its advancement of 2017. The three issues ‘cyber resilience‘, ‘reducing cybercrime’ and ‘cyber defence policy and capabilities’ shall be analyzed. The unlimited sphere of the cyberspace, the invisible and barely identifiable opponents and the focus on national regulations seem to be an unsolved dilemma in the EU. After analyzing the current state, the paper shall formulate future recommendations for action to postulate an improved ‘pooling and sharing’ as well as the coordination and involvement of existing member states’ cyber capabilities. The devolution of responsibilities regarding cyber security to the EU stage is desirable in order to increase the European potency, because a divided EU will have great difficulties enforcing its interests over attacking opponents.

References:

[1] BARTH, J. D. / SCHLEGELMILCH, W.: Cyber Democracy: The Future of Democracy?, in: Carayannis, E. G./ Campbell, D. F. J./ Efthymiopoulos, M. P. (ed.), Cyber- Development, Cyber-Democracy and Cyber-Defence. Challenges, Opportunities and Implications for Theory, Policy and Practice, Springer, New York/ Heidelberg/ Dordrecht/ London, 2014, p. 195-206. [2] MITTERLEHNER, B.: Cyber-Democracy and Cybercrime: Two Sides of the Same Coin, in: Carayannis, E. G./ Campbell, D. F. J./ Efthymiopoulos, M. P. (ed.), Cyber-Development, Cyber-Democracy and Cyber-Defence. Challenges, Opportunities and Implications for Theory, Policy and Practice. Springer, New York/ Heidelberg/ Dordrecht/ London, 2014, p. 207-230. [3] TAMMINGA, O.: Zum Umgang mit hybriden Bedrohungen. Auf dem Weg zu einer nationalen Resilienzstrategie, SWP-Aktuell 2015/A 92, November 2015, available online: https://www.swp-berlin.org/fileadmin/contents/products/aktuell/2015A92_tga.pdf, 11/2015, p. 2f. (Accessed on January 14, 2018). [4] BENDIEK, A.: Das neue Europa der Sicherheit. Elemente für ein europäisches Weißbuch zur Sicherheit und Verteidigung, in: SWP-Aktuell 2017/A 37, Berlin 2017, available online: https://www.swp-berlin.org/fileadmin/contents/products/aktuell/2017A37 _bdk.pdf, p. 5. (Accessed on February 2, 2018). [5] EUROPEAN COMMISSION (2017): Proposal for a regulation – COM(2017) 477/947932 [6] EUROPEAN UNION: Regulation (EU) 2013/526 [7] EUROPEAN UNION: Directive (EU) 2016/1148 [8] EUROPEAN COMMISSION: Cybersecurity - EU Agency and Certification Framework, available online: https://ec.europa.eu/digital-single-market/en/news/cybersecurity-eu-cybersecurity-agency-and-eu-framework-cybersecurity-certification, 2017. (Accessed on January 18, 2018). [9] EUROPEAN COMMISSION: Commission Recommendation (EU) 2017/1584 [10] EUROPEAN COMMISSION: Joint Communication to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions. Cybersecurity Strategy of the European Union: An Open, Safe and Secure Cyberspace. [11] BENDIEK, A./ BOSSONG, R./ SCHULZE, M.: Die erneuerte Strategie der EU zur Cybersicherheit. Halbherziger Fortschritt angesichts weitreichender Herausforderungen. SWP-Aktuell 2017/A 72, October 2017, available online: https://www.swp-berlin.org/fileadmin/contents/products/aktuell/2017A72_bdk_etal.pdf, 2017, p. 2-4; 4f. (Accessed on January 08, 2018). [12] COUNCIL OF THE EUROPEAN UNION: Draft Council conclusions on the Joint Communication to the EP and the Council: Resilience, Deterrence and defence: Building strong cybersecurity for the EU, 14435/17, available online: http://www.consilium.europa.eu/media/31666/st14435en17.pdf, 2017. (Accessed on January 21, 2018). [13] PETRATOS, P.: Cybersecurity in Europe: Cooperation and Investment, in: Carayannis, E. G./ Campbell, D. F. J./ Efthymiopoulos, M. P. (ed.), Cyber-Development, Cyber-Democracy and Cyber-Defence. Challenges, Opportunities and Implications for Theory, Policy and Practice, Springer, New York/ Heidelberg/ Dordrecht/ London, 2014, p. 279-302. [14] CSIS- CENTER FOR STRATEGIC AND INTERNATIONAL STUDIES: Net losses estimating the global cost of Cybercrime. Economic impact of cybercrime II, Report, available online: https://www.sbs.ox.ac.uk/cybersecurity-capacity/system/files/McAfee%20and%20CSIS%20-%20Econ%20Cybercrime.pdf, 2014, p. 20. (Accessed on January 09, 2018). [15] EUROPOL: The relentless growth of cybercrime, available online: https://www.europol.europa.eu/newsroom/news/relentless-growth-of-cybercrime, 2016. (Accessed on January 09, 2018). [16] BENDIEK, A.: Europäische Cybersicherheitspolitik. SWP-Studie, available online: https://www.swp-berlin.org/fileadmin/contents/products/studien/2012_S15_bdk.pdf, Berlin, 2012. (Accessed on January 12, 2018). [17] EUROPOL IOCTA: Internet Organized Crime Threat Assessment, available online: www.europol.europa.eu, 2016, p. 7f.; 40. (Accessed on February 02, 2018). [18] EUROPEAN COMMISSION: Commission Staff Working Document. Assessment of the EU 2013 Cybersecurity Strategy, available online: https://ec.europa.eu/transparency/regdoc/rep/other/SWD-2017-295-F1-EN-0-0.PDF, 2017, p. 36-41. (Accessed on February 01, 2018). [19] EUROPEAN COMMISSION: Joint Communication to the European Parliament and the Council. Resilience, Deterrence and Defence: Building strong cybersecurity for the EU, Brussels, 2017, p. 12-14. [20] EUROPEAN COMMISSION: Reflection Paper on the Future of European Defence, available online:https://ec.europa.eu/commission/sites/beta-political/files/reflection-paper-defence_en.pdf, Brussels, 2017, p.12-14. (Accessed on February 01, 2018). [21] NATO COOPERATIVE CYBER DEFENCE CENTRE OF EXCELLENCE: Mitigating Risks arising from False-Flag and No-Flag Cyber Attacks, Pihelgas M. (ed.), available online: https://ccdcoe.org/sites/default/files/multimedia/pdf/False-flag%20and%20no-flag%20-%2020052015.pdf, Tallinn, 2015, p. 8; 21. (Accessed on February 01, 2018). [22] TABANSKY, L.: Cyber Security Challenges: The Israeli Water Sector Example, in: Clark, M. R./ Hakim, S. (ed.), Cyber-Physical Security. Protecting Critical Infrastructure at the State and Local Level, Philadelphia, 2017, p. 205-221. [23] REINHOLD, T. / SCHULZE, M.: Digitale Gegenangriffe. Eine Analyse der technischen und politischen Implikationen von „hack backs“, in: SWP, available online: https://www.swp-berlin.org/fileadmin/contents/products/arbeitspapiere/AP_Schulze_Hackback_08_2017.pdf, Hamburg, 2017, p. 8f. (Accessed on February 02, 2018). [24] MATTHEWS, E. D./ ARATA III, H. J./ HALE, B. L.: Cyber Situational Awareness, in: Connolly, C. (ed.), The Cyber Defence Review. A dynamic multidisciplinary dialogue, New York, 2016, p. 35-48. [25] CHATHAM HOUSE: Building a Stronger International Legal Framework on Cybercrime https://www.chathamhouse.org/expert/comment/building-stronger-international-legal-framework-cybercrime, 2017. (Accessed on February 01, 2018).