Skip navigation links
banner
logo ridotto
logo-salomone
CSSII Centro Universitario di Studi Strategici Internazionali e Imprenditoriali

European Union

The EU, with its 27 members, have been working for more than a decade on cybersecurity and cybercrimes. In 2013 it published its first official document dealing with the wide range of cyber threats – the EU strategy on cybersecurity. This strategy lays out the vision, roles, responsibilities and actions necessary for the EU, while underlining that a centralized Eu response is not the answer. The EU faces cybersecurity upon three pillars: web and information security; law enforcement corps; defense.

 

CYBER POLICY

 

Cybersecurity Strategy of the European Union

http://ec.europa.eu/information_society/newsroom/cf/dae/document.cfm?doc_id=1667

The document contains the principles for a cyberspace that promotes the growth of EU member countries. To achieve this result, 5 strategic priorities and actions in the area of ​​cybersecurity, cyber defense and fight against cybercrime are identified.

 

EU Cyber Defence Policy Framework

http://www.europarl.europa.eu/meetdocs/2014_2019/documents/sede/dv/sede160315eucyberdefencepolicyframework_/sede160315eucyberdefencepolicyframework_en.pdf

The document sets out the priorities for the EU's cyber-defense framework. In particular, it highlights 5 priorities: support for the development of the cyber capabilities of Member States in connection with the CSDP, enhancement of the protection of CSDP communication channels, promotion of civil-military synergies within the EU, improvement of exercises, training and education, improvement of the cooperation with international partners

 

Common approach to EU cyber security

https://www.consilium.europa.eu/en/policies/cybersecurity/#

This page contains a set of measures undertaken by the EU to strengthen cybersecurity, including the 2019 Cybersecurity Act, the revision of ENISA and the adoption of a community certification scheme for cybersecurity.

 

Coordinated Response to Large Scale Cybersecurity Incidents and Crises

https://ec.europa.eu/transparency/regdoc/rep/3/2017/EN/C-2017-6100-F1-EN-MAIN-PART-1.PDF

https://ec.europa.eu/transparency/regdoc/rep/3/2017/EN/C-2017-6100-F1-EN-ANNEX-1-PART-1.PDF

Commission’s Recommendation indicating the need to implement a community framework for responding to cybersecurity crises. A project is also provided suggesting ideas in this regard.

 

Cyber Diplomatic Toolbox

https://www.consilium.europa.eu/en/press/press-releases/2017/06/19/cyber-diplomacy-toolbox/

http://data.consilium.europa.eu/doc/document/ST-9916-2017-INIT/en/pdf

A description of the principles on the Cyber ​​Diplomatic Toolbox, a framework that allows an EU community response to malicious cyber-activities.

 

Resilience, Deterrence and Defence: Building strong cybersecurity for the EU

https://eur-lex.europa.eu/legal-content/EN/TXT/?qid=1505294563214&uri=JOIN:2017:450:FIN

Detailed report on EU proposals for cybersecurity, with reference to cyber-resilience, cyber-deterrence and cyber-defense.

 

Making the most of NIS (Directive (EU) 2016/1148) thus promoting its effective implementation which concerns measures for a high common level of network security and information systems across the Union. 

https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=COM:2017:476:FIN

Communication from the Commission to the European Parliament and the Council on how to implement Directive 2016/1148. It contains an annex document that deals with multiple topics regarding the effective implementation of the NIS Directive, operations and best practices.

 

Assessing the extent to which the Member States have taken the necessary measures in order to comply with Directive 2013/40/EU on attacks against information systems and replacing Council Framework Decision 2005/222/JHA

https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:52017DC0474&from=EN

Conclusions on the effective implementation of Directive 2013/40 by EU Member States.

 

On the Mid-Term Review on the Implementation of the Digital Single Market Strategy: A Connected Digital Single Market for All

https://eur-lex.europa.eu/content/news/digital_market.html

Commission’s request to review the 2013 cybersecurity strategy by September 2017.

 

Strengthening Europe's Cyber Resilience System and Fostering a Competitive and Innovative Cybersecurity Industry

http://ec.europa.eu/newsroom/dae/document.cfm?doc_id=16546

Commission’s communication indicating the principles to be followed to strengthen cybersecurity, with reference to cooperation, education, the cybersecurity single market, the use of CPPP (Contractual Public Private Partnership) as to stimulate innovations in the sector.

 

Joint Framework on countering hybrid threats, a European Union response

https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A52016JC0018

Detailed document indicating the possibilities to counter the hybrid threats of cyberspace, with references to communication, the creation of a center of excellence, the resilience of critical infrastructures and cybersecurity.

 

The European Agenda on Security

https://ec.europa.eu/home-affairs/sites/homeaffairs/files/e-library/documents/basic-documents/docs/eu_agenda_on_security_en.pdf

The document indicates 5 key principles for EU security collaboration, measures to strengthen the pillars of EU action and 3 priority areas to work on in the next 5 years: terrorism, organized crime and cyber-crime.

 

2010 EU Internal Security Strategy in Action: Five Steps towards a more secure Europe

https://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2010:0673:FIN:EN:PDF

Document that establishes 5 security objectives (actions against criminals and terrorists, raising cybersecurity and cyber-resilience) as well as the actions to be taken to achieve them.

 

Protecting Europe, at a Critical Information Infrastructure Protection’s level, from a large scale of cyber attacks and disruption by enhancing preparedness, security and resilience.

https://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2009:0149:FIN:EN:PDF

Document that underlines the importance of the resilience of critical infrastructures to cyber-attacks, indicating measures to be taken which are necessary to achieve this goal.

 

REGULATION

 

Regulation: Cybersecurity Act

https://ec.europa.eu/info/law/better-regulation/have-your-say/initiatives/1090-Review-of-ENISA-Regulation-and-laying-down-a-EU-ICT-security-certification-and-labelling

A revision proposal on regulation No. 256/2013, which concerns ENISA and the certification of cybersecurity for ICT. Specifically, the role of ENISA is to be reviewed to ensure greater support for EU Member States.

 

Directive: Combating fraud and counterfeiting of electronic payments

https://ec.europa.eu/info/law/better-regulation/have-your-say/initiatives/1086-Combating-fraud-and-counterfeiting-of-electronic-payments

Proposal for the creation of an adequate framework for new online payment systems.

 

The Directive on security of network and information systems (NIS Directive)

https://ec.europa.eu/digital-single-market/en/network-and-information-security-nis-directive

Directive adopted in 2016 by the European Parliament which aims to raise the general level of cybersecurity in the EU. It requires Member States to create national CSIRTs and a competent authority on NIS. It promotes collaboration between States through a specific cooperation group and the creation of a CSIRT Network.

 

Regulation (EU) 2016/679

https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679&from=EN

https://ec.europa.eu/info/law/law-topic/data-protection/eu-data-protection-rules_en

Set of rules introduced following the adoption of the GDPR (May 2018) concerning the protection of personal data by all operating companies in the EU. This act entails greater control over personal data while benefitting the competitiveness of businesses.

 

Directive (EU) 2016/680

https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016L0680&from=EN

Directive detailing the process of personal data by competent authorities for prevention, investigation or detention purposes. It also contains the abolition of Council Decision 2008/977 / JHA.

 

Directive 2013/40/EU

https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=CELEX%3A32013L0040

Directive that aims to create shared rules in EU countries for the definition of crimes and sanctions in cyberspace.

 

 

COOPERATION

 

European Council Meeting

https://www.consilium.europa.eu/media/21620/19-euco-final-conclusions-en.pdf

This document contains the conclusions of the European Council on migration and digital Europe.

 

Tallinn Digital Summit

https://ec.europa.eu/commission/publications/tallinn-digital-summit-factsheets_en

https://www.digitalsummit.ee/

Meeting on digitalization, with the presence of multiple ICT actors.

 

Meeting of the CSIRTs Network

https://www.enisa.europa.eu/events/first-csirts-network-meeting/first-csirts-network-meeting

First formal meeting of the CSIRT Network, held in Malta in February 2017.

 

Cyber Europe 2018

https://www.enisa.europa.eu/topics/cyber-exercises/cyber-europe-programme

Exercise at EU level normally held every 2 years. It simulates large-scale cybersecurity incidents based on realistic scenarios.

 

Cyber SOPEx

https://www.enisa.europa.eu/news/enisa-news/enisa-organises-cyber-exercise-to-boost-csirt-cooperation

Exercise that saw the first collaboration between various national CSRITs through the "CSIRT Network".

 

Permanent Structured Cooperation on security and defence (PESCO)

https://www.consilium.europa.eu/media/32000/st14866en17.pdf

https://www.consilium.europa.eu/media/32082/pesco-overview-of-first-collaborative-of-projects-for-press.pdf

Defense cooperation platform consisting of 25 of the 27 EU members, which includes an information-sharing platform on cyber threats and incidents.

 

European Cybersecurity Month

https://cybersecuritymonth.eu/

An initiative to raise awareness on cybersecurity in EU citizens and organizations.

 

Global Action on Cybercrime Extended (GLACY+)

https://www.coe.int/en/web/cybercrime/glacyplus

Initiative born from the GLACY program (2013-2016) to strengthen the capacity of States outside the EU and to promote international cooperation against cybercrime.

 

Global Action on Cybercrime (GLACY)

https://www.coe.int/en/web/cybercrime/glacy

Project for the implementation of the Budapest Convention in countries outside the EU, promoting international cooperation against cybercrime.

 

Contractual public private partnership on cybersecurity (cPPP)

https://ec.europa.eu/digital-single-market/en/news/commission-decision-establish-contractual-public-private-partnership-cybersecurity-cppp

Contract signed following the decision of the European Commission regarding the creation of public-private partnerships for cybersecurity research and innovation in the EU.

 

Memorandum of Understanding, EU Institutions

https://www.europol.europa.eu/newsroom/news/four-eu-cybersecurity-organisations-enhance-cooperation

Memorandum signed by representatives of ENISA, EDA, CERT-EU and EC3, for the creation of a framework promoting cooperation between these agencies.

 

Cooperation Agreement, EU-NATO

https://www.nato.int/cps/en/natohq/news_149848.htm

Agreement between NATO and EU to strengthen collaboration for cyber-defense, following a meeting in which the current state of cooperation (regarding information exchange, cyber exercises and training between the two bodies) was assessed.

 

EU-NATO (15283/16)

http://data.consilium.europa.eu/doc/document/ST-15283-2016-INIT/en/pdf

Council’s conclusions for the implementation of the EU and NATO Joint Declaration: it contains proposals to combat hybrid threats, strengthen cybersecurity and defensive capabilities.

 

ITU-ENISA Regional Cybersecurity Forum

https://www.itu.int/en/ITU-D/Regional-Presence/Europe/Pages/Events/2016/RCYBF/Regional-Cybersecurity-Forum.aspx

Forum held in Sofia in November 2016, with the participation of BDT, ITU and ENISA, with the aim of creating a platform to strengthen regional cooperation in the field of cybersecurity.

 

EU-NATO Joint Declaration

https://www.consilium.europa.eu/media/36096/nato_eu_final_eng.pdf

Declaration renewing the commitment to a deeper collaboration between NATO and the EU in the defense sector.

 

EU-Malaysia Partnership and Cooperation Agreement (PCA)

https://eeas.europa.eu/headquarters/headquarters-homepage/10340/european-union-malaysia-partnership-and-cooperation-agreement-initialled-today_en

Agreement for bilateral cooperation between the EU and Malaysia in a number of areas of common interest.

 

EU-Japan Cyber Dialogue

https://www.consilium.europa.eu/uedocs/cms_data/docs/pressdata/en/ec/142520.pdf

Collaboration between EU and Japan which began in 2014, with the aim of exchanging respective experiences and knowledge on the cyber domain.

 

EU-NATO Technical Arrangement

https://eeas.europa.eu/headquarters/headquarters-homepage/5254_en

Agreement for the collaboration between NCIRC and CERT-EU on information sharing, prevention and response to cyber incidents.

 

Global Forum on Cyber Expertise

https://www.thegfce.com/about

Multi-Stakeholder Organization composed of more than 115 members (both government related and Civil Society) with the aim of reducing duplicate effort on cyber capacity building while assuring a more free and secure cyberspace.

 

AGENCIES AND COMMITTEES

 

European Cybercrime Centre (EC3)

https://www.europol.europa.eu/about-europol/european-cybercrime-centre-ec3

Agency created in 2013 to strengthen the EU's cybercrime response capacity.

 

Computer Emergency Response Team for the European Union (CERT-EU)

https://cert.europa.eu/cert/plainedition/en/cert_about.html

Agency, created in 2012, which includes IT security experts from all major European institutions and cooperates with various national CERTs.

 

European Union Agency for Network and Information Security (ENISA)

https://www.enisa.europa.eu/

Cybersecurity agency, founded in 2004 with headquarters in Greece. It has consultancy and support functions on implementation and creation of cybersecurity policies.

 

Telecommunications Ministerial Council of the European Union

https://www.consilium.europa.eu/en/council-eu/configurations/tte/

An EU Council with a guiding role in the EU on telecommunications, transport and energy. It deals with the security of critical infrastructures.

 

 
last update: 20-Nov-2020
Unifi Home Page Dipartimento di Scienze per l'Economia e l'Impresa Dipartimento di Scienze Politiche e Sociali

Back to top