Council documents: responses to offensive cyber operations; "cyber capacity building" in non-EU countries; implementation report on Cyber Defence Policy Framework


NOTE from: Presidency to: Delegations: Non-paper: Developing a joint EU diplomatic response against coercive cyber operations - final revised text (5797/6/16 REV 6, LIMITE 19 May 2016, pdf):

 

"This non-paper argues that certain coercive cyber operations may require a response beyond defending the networks of the EU and its Member States and improving resilience. State and nonstate actors carry out such operations for politico-military purposes on the basis of a rational cost/benefit analysis. The paper argues that cyber diplomacy is one of the tools to influence this analysis by increasing the costs of coercive cyber operations and establishing a deterrent effect. The paper identifies a number of diplomatic instruments that could be utilized in different circumstances and proposes that the EEAS together with Member States develops this further as a Framework."

See also: the penultimate version (5797/5/16, 29 April 2016, pdf) and the first version of the "non-paper" (5797/16, 9 February 2016, pdf)

NOTE from: Presidency to: Delegations: Cyber capacity building: towards a strategic European approach (8732/1/16 REV 1, 30 June 2016, LIMITE, pdf):

"The EU is a strong supporter of the vision of a free, open and secure Internet as the basis for economic and social development. At the moment, not all parts of the world benefit from the positive effects of the Internet, in particular due to a lack of open, secure, ,interoperable and reliable access. The EU will therefore provide third states with necessary capacities to implement this vision for the Internet and will continue to support third countries’ efforts in their quest to ensure access and use of the Internet for their people, guaranteeing its integrity and security and effectively fighting cybercrime.

Cyber capacity building is aimed at building functioning and accountable institutions in third countries which are a prerequisite for responding effectively to security threats and for enhancing resilience. It is an essential component of international cooperation; fostering international solidarity with a common vision and a common purpose - to secure a free, open and secure cyberspace for everyone - while ensuring compliance with human rights and the rule of law.

The EU and its Member States have made and are making substantial efforts to provide both the technical, organizational and financial means to build cyber in third countries. They should continue to approach cyber capacity building in a strategic manner and the EU should further integrate it in its diplomatic cyber strategy."

NOTE from: Politico-Military Group (PMG) to: Political and Security Committee (PSC): Six Monthly Report on the Implementation of the Cyber Defence Policy Framework (9701/16, 1 June 2016, LIMITE, 30 pages, pdf):

"Several priorities identified in the EU CDPF have already been implemented, and the work is ongoing on key objectives.

The integration of cyber defence and security into CSDP missions and operations will be supported by the extensive revision of the EU Concept on Cyber Defence, also taking into account the need for intensified civil-military cooperation, coordination, as well as broader information sharing.

Several successes can already be highlighted, notably the adoption of a Technical Arrangement between CERT-EU and NCIRC, the ongoing considerations of cyber aspects in operations and missions, as well as first efforts to install a strategic cyber threat assessments for CSDP planning, the ongoing development of several Pooling & Sharing (P&S) projects, the ongoing development of cyber training requirements for CSDP headquarters, missions and operations, and the integration of an effective cyber-dimension to Multi-Layer (ML) and MILEX exercises in 2016. The establishment of an internal EEAS cyber steering board will further mainstream both cyber defence and cyber security aspects in the crisis management structures' daily work.

As the implementation of the EU Cyber Defence Policy Framework moves forward, the Member States' involvement alongside the EU institutions will remain vital in all areas. It remains essential that, as the cyber threats develop, new cyber defence requirements are regularly identified."

 

Spotted an error? If you've spotted a problem with this page, just click once to let us know.

Report error