As the very real risk of a major cyber attack increases in line with global insecurity and the shifting geopolitical situations around the world, the European Union is taking steps to protect itself.
Internal Market Commissioner Thierry Breton last week presented his Cyber Solidarity Act, effectively a European cyber security shield, the first details of which were revealed earlier this month.
"Our ambition is to create a 'European cyber shield' that will make it possible to better detect attacks upstream," RTBF reported the commissioner as saying. The mechanism will see six or seven Cyber Security Operations Centres created; three of which will be deployed as early as this year.
Equipped with supercomputers and artificial intelligence systems, these centres will be distributed across the EU and will work in symbiosis to thwart future cyber attacks. "Today, an average of 190 days elapse between the beginning of the spread of malware and the moment it is detected," RTBF reported Breton as saying. "We want to drastically reduce this time, to a few hours."
In addition, an army of volunteer cyber soldiers, a "cyber reserve, made up of several thousand responders, public and private providers, to support the defence effort in case of attack", will complement the EU-wide centres and will be made up of personnel from each of the 27 Member States. Cyber security is, however, a national competence, and some countries may be reluctant to join this defence pact.
The Cyber Solidarity Act will cost more than one billion euros, two-thirds of which will be financed by Europe. The European Commission already has some legislative apparatus in place. Last September, the EU introduced the "Cyber Resilience Act". This regulation establishes cyber security requirements for the production of connected products, while a directive planned for 2024, NIS 2, imposes new cyber security obligations on companies.
European cyber defence still standing
The global context in terms of cyber security is particularly critical today, at a time when the United States is experiencing a crisis following the leak of confidential documents. So much so that some specialists have been talking about a global cyber war for a few months now.
In the RTBF report, Thierry Breton pointed out that, since the beginning of the war in Ukraine, the EU has experienced a 140% increase in cyber attacks. A figure that Axel Legay, professor of cyber security at UCLouvain, believes shows the resilience of the measures already in place. "Despite this figure, European cyber defence has not fallen," he told RTBF. This is a good sign."
The eternal antagonist of the West in this cyber war is Russia. The Washington Post revealed last week that it had got its hands on confidential Russian government documents, establishing that barely 1% of Russian bots were discovered on social networks and search engines, such as TikTok and Facebook, Twitter, YouTube and Google. These bots infiltrate these networks to distil false information about health issues or about the course of the war in Ukraine.
- NATO targeted by cyber attacks
- Hospitals risk becoming major targets for cyberattacks following Saint-Pierre hacking
"We clearly do not yet have the perceptions of the dangers that await us, and particularly of the indirect effects," warned Axel Legay in his interview with RTBF. "There are especially problems with 'reporting' because the victims do not report enough information during an attack suffered. For me, the risks remain exponential and underestimated."
It remains to be seen how long the European Union can continue to act reactively to external threats. The EU says it is ready to equip itself with "deterrence capabilities and a policy of active and diverse sanctions", to be implemented when an attack has been attributed. "I think you should never present it in terms of offensive posture, but most defences can become attacks," Legay said. "Let us hope that this is never necessary and that it must never come to the end of having to 'defeat' the enemy to stop."