European Union
The EU, with its 27 members, have been working for more than a decade on cybersecurity and cybercrimes. In 2013 it published its first official document dealing with the wide range of cyber threats – the EU strategy on cybersecurity. This strategy lays out the vision, roles, responsibilities and actions necessary for the EU, while underlining that a centralized Eu response is not the answer. The EU faces cybersecurity upon three pillars: web and information security; law enforcement corps; defense.
Cybersecurity Strategy of the European Union
http://ec.europa.eu/information_society/newsroom/cf/dae/document.cfm?doc_id=1667
The document contains the principles for a cyberspace that promotes the growth of EU member countries. To achieve this result, 5 strategic priorities and actions in the area of cybersecurity, cyber defense and fight against cybercrime are identified.
EU Cyber Defence Policy Framework
The document sets out the priorities for the EU's cyber-defense framework. In particular, it highlights 5 priorities: support for the development of the cyber capabilities of Member States in connection with the CSDP, enhancement of the protection of CSDP communication channels, promotion of civil-military synergies within the EU, improvement of exercises, training and education, improvement of the cooperation with international partners
Common approach to EU cyber security
https://www.consilium.europa.eu/en/policies/cybersecurity/#
This page contains a set of measures undertaken by the EU to strengthen cybersecurity, including the 2019 Cybersecurity Act, the revision of ENISA and the adoption of a community certification scheme for cybersecurity.
Coordinated Response to Large Scale Cybersecurity Incidents and Crises
https://ec.europa.eu/transparency/regdoc/rep/3/2017/EN/C-2017-6100-F1-EN-MAIN-PART-1.PDF
https://ec.europa.eu/transparency/regdoc/rep/3/2017/EN/C-2017-6100-F1-EN-ANNEX-1-PART-1.PDF
Commission’s Recommendation indicating the need to implement a community framework for responding to cybersecurity crises. A project is also provided suggesting ideas in this regard.
Cyber Diplomatic Toolbox
https://www.consilium.europa.eu/en/press/press-releases/2017/06/19/cyber-diplomacy-toolbox/
http://data.consilium.europa.eu/doc/document/ST-9916-2017-INIT/en/pdf
A description of the principles on the Cyber Diplomatic Toolbox, a framework that allows an EU community response to malicious cyber-activities.
Resilience, Deterrence and Defence: Building strong cybersecurity for the EU
https://eur-lex.europa.eu/legal-content/EN/TXT/?qid=1505294563214&uri=JOIN:2017:450:FIN
Detailed report on EU proposals for cybersecurity, with reference to cyber-resilience, cyber-deterrence and cyber-defense.
Making the most of NIS (Directive (EU) 2016/1148) thus promoting its effective implementation which concerns measures for a high common level of network security and information systems across the Union.
https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=COM:2017:476:FIN
Communication from the Commission to the European Parliament and the Council on how to implement Directive 2016/1148. It contains an annex document that deals with multiple topics regarding the effective implementation of the NIS Directive, operations and best practices.
Assessing the extent to which the Member States have taken the necessary measures in order to comply with Directive 2013/40/EU on attacks against information systems and replacing Council Framework Decision 2005/222/JHA
https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:52017DC0474&from=EN
Conclusions on the effective implementation of Directive 2013/40 by EU Member States.
On the Mid-Term Review on the Implementation of the Digital Single Market Strategy: A Connected Digital Single Market for All
https://eur-lex.europa.eu/content/news/digital_market.html
Commission’s request to review the 2013 cybersecurity strategy by September 2017.
Strengthening Europe's Cyber Resilience System and Fostering a Competitive and Innovative Cybersecurity Industry
http://ec.europa.eu/newsroom/dae/document.cfm?doc_id=16546
Commission’s communication indicating the principles to be followed to strengthen cybersecurity, with reference to cooperation, education, the cybersecurity single market, the use of CPPP (Contractual Public Private Partnership) as to stimulate innovations in the sector.
Joint Framework on countering hybrid threats, a European Union response
https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A52016JC0018
Detailed document indicating the possibilities to counter the hybrid threats of cyberspace, with references to communication, the creation of a center of excellence, the resilience of critical infrastructures and cybersecurity.
The European Agenda on Security
The document indicates 5 key principles for EU security collaboration, measures to strengthen the pillars of EU action and 3 priority areas to work on in the next 5 years: terrorism, organized crime and cyber-crime.
2010 EU Internal Security Strategy in Action: Five Steps towards a more secure Europe
https://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2010:0673:FIN:EN:PDF
Document that establishes 5 security objectives (actions against criminals and terrorists, raising cybersecurity and cyber-resilience) as well as the actions to be taken to achieve them.
Protecting Europe, at a Critical Information Infrastructure Protection’s level, from a large scale of cyber attacks and disruption by enhancing preparedness, security and resilience.
https://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2009:0149:FIN:EN:PDF
Document that underlines the importance of the resilience of critical infrastructures to cyber-attacks, indicating measures to be taken which are necessary to achieve this goal.
Regulation: Cybersecurity Act
A revision proposal on regulation No. 256/2013, which concerns ENISA and the certification of cybersecurity for ICT. Specifically, the role of ENISA is to be reviewed to ensure greater support for EU Member States.
Directive: Combating fraud and counterfeiting of electronic payments
Proposal for the creation of an adequate framework for new online payment systems.
The Directive on security of network and information systems (NIS Directive)
https://ec.europa.eu/digital-single-market/en/network-and-information-security-nis-directive
Directive adopted in 2016 by the European Parliament which aims to raise the general level of cybersecurity in the EU. It requires Member States to create national CSIRTs and a competent authority on NIS. It promotes collaboration between States through a specific cooperation group and the creation of a CSIRT Network.
Regulation (EU) 2016/679
https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679&from=EN
https://ec.europa.eu/info/law/law-topic/data-protection/eu-data-protection-rules_en
Set of rules introduced following the adoption of the GDPR (May 2018) concerning the protection of personal data by all operating companies in the EU. This act entails greater control over personal data while benefitting the competitiveness of businesses.
Directive (EU) 2016/680
https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016L0680&from=EN
Directive detailing the process of personal data by competent authorities for prevention, investigation or detention purposes. It also contains the abolition of Council Decision 2008/977 / JHA.
Directive 2013/40/EU
https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=CELEX%3A32013L0040
Directive that aims to create shared rules in EU countries for the definition of crimes and sanctions in cyberspace.
European Council Meeting
https://www.consilium.europa.eu/media/21620/19-euco-final-conclusions-en.pdf
This document contains the conclusions of the European Council on migration and digital Europe.
Tallinn Digital Summit
https://ec.europa.eu/commission/publications/tallinn-digital-summit-factsheets_en
Meeting on digitalization, with the presence of multiple ICT actors.
Meeting of the CSIRTs Network
https://www.enisa.europa.eu/events/first-csirts-network-meeting/first-csirts-network-meeting
First formal meeting of the CSIRT Network, held in Malta in February 2017.
Cyber Europe 2018
https://www.enisa.europa.eu/topics/cyber-exercises/cyber-europe-programme
Exercise at EU level normally held every 2 years. It simulates large-scale cybersecurity incidents based on realistic scenarios.
Cyber SOPEx
Exercise that saw the first collaboration between various national CSRITs through the "CSIRT Network".
Permanent Structured Cooperation on security and defence (PESCO)
https://www.consilium.europa.eu/media/32000/st14866en17.pdf
Defense cooperation platform consisting of 25 of the 27 EU members, which includes an information-sharing platform on cyber threats and incidents.
European Cybersecurity Month
https://cybersecuritymonth.eu/
An initiative to raise awareness on cybersecurity in EU citizens and organizations.
Global Action on Cybercrime Extended (GLACY+)
https://www.coe.int/en/web/cybercrime/glacyplus
Initiative born from the GLACY program (2013-2016) to strengthen the capacity of States outside the EU and to promote international cooperation against cybercrime.
Global Action on Cybercrime (GLACY)
https://www.coe.int/en/web/cybercrime/glacy
Project for the implementation of the Budapest Convention in countries outside the EU, promoting international cooperation against cybercrime.
Contractual public private partnership on cybersecurity (cPPP)
Contract signed following the decision of the European Commission regarding the creation of public-private partnerships for cybersecurity research and innovation in the EU.
Memorandum of Understanding, EU Institutions
https://www.europol.europa.eu/newsroom/news/four-eu-cybersecurity-organisations-enhance-cooperation
Memorandum signed by representatives of ENISA, EDA, CERT-EU and EC3, for the creation of a framework promoting cooperation between these agencies.
Cooperation Agreement, EU-NATO
https://www.nato.int/cps/en/natohq/news_149848.htm
Agreement between NATO and EU to strengthen collaboration for cyber-defense, following a meeting in which the current state of cooperation (regarding information exchange, cyber exercises and training between the two bodies) was assessed.
EU-NATO (15283/16)
http://data.consilium.europa.eu/doc/document/ST-15283-2016-INIT/en/pdf
Council’s conclusions for the implementation of the EU and NATO Joint Declaration: it contains proposals to combat hybrid threats, strengthen cybersecurity and defensive capabilities.
ITU-ENISA Regional Cybersecurity Forum
Forum held in Sofia in November 2016, with the participation of BDT, ITU and ENISA, with the aim of creating a platform to strengthen regional cooperation in the field of cybersecurity.
EU-NATO Joint Declaration
https://www.consilium.europa.eu/media/36096/nato_eu_final_eng.pdf
Declaration renewing the commitment to a deeper collaboration between NATO and the EU in the defense sector.
EU-Malaysia Partnership and Cooperation Agreement (PCA)
Agreement for bilateral cooperation between the EU and Malaysia in a number of areas of common interest.
EU-Japan Cyber Dialogue
https://www.consilium.europa.eu/uedocs/cms_data/docs/pressdata/en/ec/142520.pdf
Collaboration between EU and Japan which began in 2014, with the aim of exchanging respective experiences and knowledge on the cyber domain.
EU-NATO Technical Arrangement
https://eeas.europa.eu/headquarters/headquarters-homepage/5254_en
Agreement for the collaboration between NCIRC and CERT-EU on information sharing, prevention and response to cyber incidents.
Global Forum on Cyber Expertise
Multi-Stakeholder Organization composed of more than 115 members (both government related and Civil Society) with the aim of reducing duplicate effort on cyber capacity building while assuring a more free and secure cyberspace.
European Cybercrime Centre (EC3)
https://www.europol.europa.eu/about-europol/european-cybercrime-centre-ec3
Agency created in 2013 to strengthen the EU's cybercrime response capacity.
Computer Emergency Response Team for the European Union (CERT-EU)
https://cert.europa.eu/cert/plainedition/en/cert_about.html
Agency, created in 2012, which includes IT security experts from all major European institutions and cooperates with various national CERTs.
European Union Agency for Network and Information Security (ENISA)
Cybersecurity agency, founded in 2004 with headquarters in Greece. It has consultancy and support functions on implementation and creation of cybersecurity policies.
Telecommunications Ministerial Council of the European Union
https://www.consilium.europa.eu/en/council-eu/configurations/tte/
An EU Council with a guiding role in the EU on telecommunications, transport and energy. It deals with the security of critical infrastructures.