Home » EUROPE » The European Union’s Cyber security Governance: The Missing Link (Part 2/2)

The European Union’s Cyber security Governance: The Missing Link (Part 2/2)

In the terms described in the pre­vi­ous part of this art­icle, the EU developed its own digital policy, ensur­ing that it addresses both oppor­tun­it­ies and chal­lenges of the digital world. To achieve this, the EU approved a decent­ral­ised struc­ture, where the dif­fer­ent insti­tu­tions are respons­ible for the three aspects of the digital world. First, in 2010 the EU launched its Digital Agenda for Europe, under the respons­ib­il­ity of the Com­mis­sioner for Inform­a­tion Soci­ety and Media N.Kroes. The aim is to pro­mote the new tech­no­lo­gies in order to increase eco­nomic and social pro­spects. In the frame­work of the Agenda, the EU adop­ted sev­eral laws address­ing, for instance, broad­band cov­er­age, roam­ing har­mon­iz­a­tion, E-Commerce, eID, eSig­na­tures, as well as the pro­tec­tion of Intel­lec­tual Property.

Second, in order to ensure the pro­tec­tion of the infra­struc­ture against cyber attacks, EU estab­lished a spe­cial­ised agency the European Net­work and Inform­a­tion Secur­ity Agency (ENISA), that has the man­date to “ensure a high and effect­ive level of net­work and inform­a­tion secur­ity within the Com­munity and in order to develop a cul­ture of net­work and inform­a­tion secur­ity for the bene­fit of the cit­izens, con­sumers, enter­prises and pub­lic sec­tor organ­isa­tions of the European Union”.

Estab­lished in 2005, the ENISA has already demon­strated its effect­ive­ness by organ­ising the first pan-European cyber secur­ity exer­cise in 2012, and by pub­lish­ing, in Octo­ber 2012, its first report on annual incid­ents that occurred in 2011. This report provides an eval­u­ation of the pro­tec­tion of infra­struc­ture against cyber attacks. In fact, it shows that in 2011, 51 sig­ni­fic­ant incid­ents occurred in 11 Mem­ber States which affected around 300.000 users. Only 6% of those incid­ents were caused by mali­cious attacks, while 47% and 33% were respect­ively caused by hardware/software fail­ure and Third Party fail­ure. This means that from the 51 severe incid­ents, only 3 were actual cyber offences against crit­ical infra­struc­tures. It is, how­ever, note­worthy that, the ENISA “estim­ates that the num­ber of incid­ents, that will be repor­ted over the year 2012, will increase by a factor 10 because most coun­tries now have mature imple­ment­a­tion of the incid­ent report­ing pro­cess”.

Third, cyber crimes are also covered by the pleth­ora of EU digital policies and insti­tu­tions, espe­cially under the super­vi­sion of EU Com­mis­sioner for Justice and Home Affairs, Cecilia Malmström, as well as the recently estab­lished Cyber­crime Centre which has the man­date to “pool expert­ise and inform­a­tion, sup­port crim­inal invest­ig­a­tions and pro­mote EU-wide solu­tions, while rais­ing aware­ness of cyber­crime issues across the Union”. It is inter­est­ing to observe the first res­ults of this new spe­cial­ised agency, as it will exam­ine the real pic­ture of the exist­ing cyber crimes in the EU. Addi­tion­ally, the EU took steps for­ward to fight against cyber­crimes, by adopt­ing EU laws on the pro­tec­tion against Sexual abuse and sexual exploit­a­tion of chil­dren and child por­no­graphy on the Inter­net, as well as on the fight against online fraud.

Finally, the European Par­lia­ment can be con­sidered as an essen­tial actor in the cyber secur­ity gov­ernance of the EU. Indeed, the European Par­lia­ment served as the guard­ian of civil liber­ties and fun­da­mental freedoms in sev­eral con­tro­ver­sial cases such as the PNR and the ACTA nego­ti­ations with the U.S., where it ensured the coher­ence between eco­nomic oppor­tun­it­ies, cit­izens’ rights and cyber threats’ pre­ven­tion. As a mat­ter of fact, the EP is often the last ram­part pro­tect­ing European val­ues in the EU’s part­ner­ships with the rest of the world.

Cyber secur­ity is a global phe­nomenon and there­fore, it is prim­or­dial for the EU to cooper­ate with other States and regions of the world. Yet, so far, those part­ner­ships have been rel­at­ively pre­cari­ous. The inter­na­tional pos­i­tion of the EU can be best illus­trated by the recent devel­op­ments in mul­ti­lat­eral cyber secur­ity nego­ti­ations dur­ing the World Con­fer­ence on Inter­na­tional Tele­com­mu­nic­a­tions (WCIT) in Decem­ber 2012. The cent­ral ques­tion of the Con­fer­ence was whether the Inter­na­tional Tele­com­mu­nic­a­tions Reg­u­la­tions should be revised to expressly ref­er­ence the Inter­net, thereby deeply affect­ing the gov­ernance of the Inter­net and open­ing the door to States’ con­trol over the con­tent of the Inter­net.

Dur­ing the Con­fer­ence, the EU, that was rep­res­en­ted by the European Com­mis­sion (non voter Mem­ber) and the twenty seven EU Mem­ber States (voters Mem­bers), suc­cess­fully reached a com­mon pos­i­tion, and acted and spoke with one voice. Those efforts were insuf­fi­cient to shape the debate against Inter­net cen­sor­ship, and a con­tro­ver­sial Res­ol­u­tion that expli­citly encour­ages ITU mis­sion creep toward the Inter­net was approved. Addi­tion­ally, the fail­ure of the EU dur­ing those nego­ti­ations also affects its cooper­a­tion with the United States, as the core ele­ment of the part­ner­ship in cyber secur­ity relies on mutual assist­ance to shape the global debate on the issue of cyber secur­ity and cyber­crimes.

While both the U.S. and the EU appeared united at the WCIT, the rest of the EU-U.S. cyber secur­ity part­ner­ship remains shiv­er­ing between high level of cooper­a­tion in the fight against cyber crimes, and dis­agree­ments on issues related to privcacy and data pro­tec­tion. Finally, the EU-U.S. cooper­a­tion is furthered through NATO to pro­tect crit­ical infra­struc­tures against cyber threats. Yet the level of the cooper­a­tion is tein­ted of dis­agree­ments between NATO Mem­ber States’ ideo­lo­gies, national interests, and fear to loose their sov­er­e­ignity.

To con­clude, the struc­ture of the gov­ernance of the EU in the field of cyber secur­ity reveals that the European Union fully under­stood the nature of the Inter­net, its social and eco­nomic bene­fits, as well as the threats that exist in the digital world. It, there­fore, struc­tured its gov­ernance accord­ingly by estab­lish­ing the ENISA to pre­vent threats against crit­ical infra­struc­tures, the Cyber­crime Centre to tackle all online crimes and by con­tinu­ously pro­mot­ing the devel­op­ment of eco­nomic and social oppor­tun­it­ies online, through the European Commission’s Digital Agenda for Europe. Finally, the European Par­lia­ment plays an increas­ing role in defend­ing cit­izens rights and freedoms, while ensur­ing a coher­ent bal­ance between eco­nomic oppor­tun­it­ies, cyber secur­ity and indi­vidual rights. How­ever, the European Union’s record at the inter­na­tional level is less impress­ive as it fails to lead the debate and defend its val­ues dur­ing mul­ti­lat­eral nego­ti­ations, moreover, it faces ideo­lo­gical dis­agree­ments with its closest part­ners: the United States and NATO. This poor record on inter­na­tional cooper­a­tion in the field of cyber secur­ity is highly prob­lem­atic as it impedes all efforts by the European Union to reach out the rest of the world and pro­mote its coher­ent and com­pre­hens­ive mode of gov­ernance in the field of cyber­se­cur­ity, which could serve as a model for other parts of the world in order to secure the digital world at a global stage.

– Jean-Baptiste Houdart

Dis­claimer: This art­icle was ori­gin­ally pub­lished as ”  The European Union’s Cyber security Governance: The Missing Link (Part 2/2) “ on February 16, 2013 in The European Student Think Tank, a PB cooper­a­tion partner

 

(Featured photo: AttributionNoncommercial  Defence Images, Creative Commons, Flickr)

About Guest Writer

Check Also

The Pariahs of the European Union

As the European Union (EU) struggles to dig itself out of an unimaginably large pit of ...

Leave a Reply

Your email address will not be published. Required fields are marked *