Cyber attack against the European Medicines Agency, cyber espionage of documents related to vaccines against Covid-19, cyber theft of sensitive data in hospitals in Germany, Finland, or the Czech Republic… At the time of the pandemic, the cyber threat is – more than ever – a reality on our European continent.
Cybersecurity is first and foremost a matter of security. Our digital infrastructures ensure the security of every aspect of our life: our transport, our energy, our health, our public administration all depend on critical systems that must enjoy the highest levels of protection that the citizens they serve, deserve.
Cyber security is ultimately about protecting our European way of life.
Whether for economic, espionage, criminal, destabilization or military purposes, cyber attacks are all attacks on our security, our interests, our sovereignty and our values.
Europe, a prime target for cyber hackers
Europe is an economic, geopolitical and military power of values. As such, it is a privileged target of cyber hackers, whose means and frequency of attacks are increasing. However, in our ultra-connected world, our strength is commensurate with the weakest link.
Europe has always been at the forefront of cybersecurity: it is the first place in the world where 27 countries have jointly agreed on a common approach, a regulatory framework for cybersecurity, known as the NIS directive, and even ” a master plan to respond to large-scale cyber attacks in Europe. The European Cybersecurity Agency was also the first of its kind to bring its know-how and expertise in an area that suffers from a skills shortage and a lack of know-how.
It is urgent for Europe to strengthen its technological, operational and political means enabling it to cope with a major cyberattack, which would simultaneously affect several countries of the Union.
Our objectives are clear: detect, defend, deter.
For this, we must build a European cyber shield. It is our collective responsibility to protect the information space in which we work, consume, socialize, learn and, beyond that, our societies, our democracies, our economies, our industries. This is the meaning of the new European cybersecurity strategy that we will present on December 16.
Our first priority will be to provide Europe with the necessary infrastructure to protect itself. The entire data technology chain must be secured, from telecoms networks (4G, 5G and soon 6G) to data centers and the on-board cloud, already anticipating the impact that will have quantum technologies on cryptography.
No time to waste
Faced with the scale of cyber risk, humans are no longer enough: artificial intelligence plays an essential role in allowing us to detect sufficiently early on. “Weak signals”, harbingers of malicious intentions. We must drastically reduce the average detection time of a typical intrusion from 190 days today to a few minutes. Europe will therefore launch – with the Member States – a European network of interconnected operational centers (SOC), making it possible to protect Europe and its infrastructures and to alert it in the event of an intrusion. A kind of network of “Cyber border guards”.
Our second priority will be to organize the security of the European internal market, whether within companies, in particular the most exposed, or through a secure Internet of Things. We therefore propose to extend and strengthen the obligations of economic players around common and harmonized rules, in particular to ensure the security of value chains, such as for example the manufacture of vaccines, data centers, or companies. of telecoms. Likewise, we will establish the cybersecurity standards that connected objects must comply with, with one principle in mind: cybersecurity. “By design”.
Our third priority will be to strengthen operational cooperation at European level. Today Europe is in dispersed order, relying on the capacities of a few Member States. We must breathe new life into our ambition so that information can be exchanged, so that a common crisis management capacity is established, and so that the foundations for real European solidarity and mutual assistance are put in place. . Because it is together that we will be stronger. It is not a question of replacing the Member States in their mission, but of organizing the European level. This will be the ambition and the objective of the Joint Cyber Unit that we wish to initiate at the beginning of next year.
Finally, Europe must assert itself on the international scene by imposing a real cyber doctrine. Those who carry out attacks against the vital interests of Europe must know that this can no longer be done without consequences. For the first time, in July, Europe adopted sanctions following cyber attacks.
But we must go further, so as not to miss anything. We must prepare and improve our ability to attribute attacks, and not hesitate to name those responsible. Finally, we must – and this is delicate – ask ourselves the question of the development of operational, defensive and offensive capabilities in cyber defense, which the European defense fund could help finance. Because this is also Europe as a power.
Protective infrastructures, a secure internal market, operational capacities to anticipate attacks and react to them more quickly, and effective diplomatic and defense doctrine: this is our ambition for a European cyber shield to serve the security of Europeans. There’s no time to lose.
– .