Protection from upcoming cyberattacks: The EU joint cyber security proposal
Copyright 2022 Christiana Aristidou LLC
Due to the current technological nature of the current world where almost everything is connected through the internet, the world seems to be in an ever more vulnerable place on the issue of cyberattacks which are now easier to happen. These connected devices can be anything connected on the internet such as any smart home gadgets like cameras, voice assistants, lighting and household appliances to even more delicate and state of the art technological devices that belong to important agencies and authorities.
The existing framework on cybersecurity does not cover all types of digital products which is an issue that will be addressed by the relevant authority. Following the European Union Agency for Cyber Security, ENISA, online attacks and especially attacks on cloud infostructures increase rapidly every year. It is therefore essential for the EU to invest in ways to deal with the threads of cyberattacks. According to the European Commission, “to protect ourselves better, our only option is to act together, at European level”. For this reason, the Cyber Resilience Act has been introduced as part of the cybersecurity strategy, along with another proposal, titled the Directive on measures for high common level of cybersecurity across the Union (NIS 2) and current regulations like the Directive on the security of Network and Information Systems (NIS Directive) and the Cybersecurity Act that will all compliment each other with the purpose of trying to tackle the issue of cybersecurity and cyber defence.
Following the European Commission work programme for 2022 that was released on 19 October 2021, the proposal on the European Cyber Resilience Act (legislative) will be published at the end of 2022. As of March 16th 2022 and for the rest 10 weeks, up until May 25th 2022, the Commission invites citizens and organisations to share their views on the European Cyber Resilience Act. This public consultation aims to get feedback on the current and any possible future problems regarding cyberattacks as well as solutions in which these issues may be addressed and resolved or prevented.
This European Commission focuses on four concepts. These concepts are: to protect, to detect, to defend and to dissuade. By protect, it is meant that the collective resilience should be increased and in order to do so there must be technological sovereignty between the Member States within the area of cyber security that will allow the best possible technological solutions to be used for the protection of the public within the Member States. The main attribute of the Cyber Resilience Act is that it introduces new common standards for products as well as services that are brought to the market, therefore, they will be further regulated to try and protect the public as much as possible from the threat of cyberattacks.
To detect is another element of the act which will be referred to. This refers to detecting a cyberattack, at present takes an average of 190 hours for a sophisticated attack to be detected. Such numbers should be reduced remarkably in order to provide efficient protection to the users of connected devices since the sooner an attack is detected, the less damage it can cause and the easier it might be to stop it. In order to achieve something as such, it would include establishing a European network of Security Operation Centres (SOCs) which along with any national and private SOCs detect signals of cyberattacks even if they are not as strong, with the use of artificial intelligence technologies. Therefore, these centres will be acting as “cyber border guards” according to members of the European Commission.
The next element refers to defending. Currently, Europe is not equipped to a sufficient level that would be able to handle a large-scale attack. This is where the Joint Cyber Unit comes along, whose purpose is to create a well-established crisis management unit that will overlook the matter within the EU. The Joint Cyber Unit was introduced in June 2021 and has laid the foundations for a harmonised operation that will deal with cyberattacks as one instead of numerous different units that would do the job independently.
The final point refers to the element of dissuading, which is explained as the need to establish a doctrine on the issue of cyberattacks along with some protective and defending mechanisms. A first step towards tackling the issue is with the first-ever sanctions imposed by the EU on people who have carried out cyberattacks within Europe. The main purpose should be to develop an operational cyber backbone that would act as a defence against digital threats.
Having all that in mind and almost always being faced with threats, it can be seen that the EU seems to be urgently and substantially trying to develop strong paths which will lead them to being able to face digital security threats of any extent. It is very significant that everything possible is done to try and reduce as much as possible cyber security threats and increase resilience using the best means available.