Towards a European Cyber Shield Agency

The security of cyberspace has gradually become a key priority both for the protection of critical infrastructure and for military purposes. The defence of cyberspace, however, is often at a structural disadvantage, especially against attacks of a global or cross-border nature. In Europe, this is due to the fragmented nature of defence strategies and uneven capacities, which are primarily determined by national governments. Various initiatives have been undertaken to strengthen coordination, including a revision of the mandate of ENISA (the EU Agency for Network Security, based in Greece); the creation of Computer Emergency Response Teams (CERTs) in each member state; and the adoption of the Network and Information Security (NIS) Directive, which creates an unprecedented set of information-sharing obligations between private players and public authorities.

Although the measures that have been taken so far in the EU are positive, given the very fragmented nature of the cybersecurity landscape in Europe, its ability to operate as a single player, through a unique coordination point within the EU, is critical for the successful implementation of these measures. Therefore, it is high time to discuss the creation of a European Cyber Shield Agency (ECSA). Such a discussion is also timely as the EU’s Common Security and Defence Policy (CSDP) is developing further by setting up permanent structured cooperation (PESCO) between 23 member states.

Against this background, CEPS is setting up a Task Force to provide input to the ongoing reflections on the EU’s contribution to cyber defence. European Commission Vice-President Jyrki Katainen expressed support for such an initiative while attending a CEPS event on January 19th on the “Future of European Defence". This event is covered in a separate article in this issue of CEPS News.