On Monday, the Council of the EU decided to prolong the framework for restrictive measures against cyber-attacks threatening the European Union or its member states for another year, until 18 May 2022. This framework allows the EU to impose targeted restrictive measures on persons or entities involved in cyber-attacks which cause a significant impact and constitute an external threat to the EU or its member states, a statement of the Council affirms. Restrictive measures can also be imposed in response to cyber-attacks against third states or international organizations where such measures are considered necessary to achieve the objectives of the Common Foreign and Security Policy (CFSP).
The European sanctions currently apply to eight individuals and four entities, including an asset freeze and a travel ban. Additionally, EU persons and entities are forbidden from making funds available to those listed. This latest prolongation is part of the EU’s scale-up of its resilience and its ability to prevent, discourage, deter and respond to cyber threats and malicious cyber activities to safeguard European security and interests from outside.
In June 2017, the EU stepped up its response by establishing a Framework for a Joint EU Diplomatic Response to Malicious Cyber Activities, the cyber diplomacy toolbox, which allows the Union and its Member States to use all CFSP measures. “The EU remains committed to global, open, stable, peaceful, and secure cyberspace and therefore reiterates the need to strengthen international cooperation to promote the rules-based order in this area,” the statement continues.
The digital transition of Europe is an ongoing process that today more than ever, also thanks to the Covid-19 pandemic, represents for all the member states of the Union a strategic tool for the recovery and relaunch of the economy, especially in most competitive sectors.
To do this, however, the European Union must invest more in technological autonomy, in cutting-edge digital services, and various key sectors, including supercomputing, artificial intelligence, machine learning, big data, infrastructures, blockchain, skills, and certainly cybersecurity. Precisely on this last point, Enisa, the European Union Agency for Information Security, has published a new report entitled “Cybersecurity Research Directions for the EU’s Digital Strategic Autonomy”, in which it identifies a series of priorities in research and innovation activities in cybersecurity, aimed at realizing and strengthening the digital autonomy of the EU.
Among these, the Agency Report includes data security, reliable hardware, and software platforms, cyber threat management and responsiveness, new encryption solutions, user-centered security practices, and tools; security of digital communication. For each of these areas of intervention, the Report illustrates the current situation, including advantages and possible criticalities, offering an assessment of the main issues around which discussion is still open and recommendations on particular research topics, again relating to cybersecurity.
The open challenges:
The digital transition is not only necessary and desirable but always brings with it new challenges, linked to the technological environment in which we have now lived for years, including our ability or not to maintain ownership and control of personal data, of our technological resources. and our freedom of choice and decision. The Covid-19 pandemic has done nothing but highlights, even more, the centrality of these challenges and the importance of our actions in this regard, which must always lead to a greater capacity for cybersecurity and resilience towards internal cyber threats and outside the Union.