Home » EUROPE » The European Union’s Cyber security Governance: The Missing Link (Part 2/2)

The European Union’s Cyber security Governance: The Missing Link (Part 2/2)

In the terms described in the pre­vi­ous part of this art­icle, the EU developed its own digital policy, ensur­ing that it addresses both oppor­tun­it­ies and chal­lenges of the digital world. To achieve this, the EU approved a decent­ral­ised struc­ture, where the dif­fer­ent insti­tu­tions are respons­ible for the three aspects of the digital world. First, in 2010 the EU launched its Digital Agenda for Europe, under the respons­ib­il­ity of the Com­mis­sioner for Inform­a­tion Soci­ety and Media N.Kroes. The aim is to pro­mote the new tech­no­lo­gies in order to increase eco­nomic and social pro­spects. In the frame­work of the Agenda, the EU adop­ted sev­eral laws address­ing, for instance, broad­band cov­er­age, roam­ing har­mon­iz­a­tion, E-Commerce, eID, eSig­na­tures, as well as the pro­tec­tion of Intel­lec­tual Property.

Second, in order to ensure the pro­tec­tion of the infra­struc­ture against cyber attacks, EU estab­lished a spe­cial­ised agency the European Net­work and Inform­a­tion Secur­ity Agency (ENISA), that has the man­date to “ensure a high and effect­ive level of net­work and inform­a­tion secur­ity within the Com­munity and in order to develop a cul­ture of net­work and inform­a­tion secur­ity for the bene­fit of the cit­izens, con­sumers, enter­prises and pub­lic sec­tor organ­isa­tions of the European Union”.

Estab­lished in 2005, the ENISA has already demon­strated its effect­ive­ness by organ­ising the first pan-European cyber secur­ity exer­cise in 2012, and by pub­lish­ing, in Octo­ber 2012, its first report on annual incid­ents that occurred in 2011. This report provides an eval­u­ation of the pro­tec­tion of infra­struc­ture against cyber attacks. In fact, it shows that in 2011, 51 sig­ni­fic­ant incid­ents occurred in 11 Mem­ber States which affected around 300.000 users. Only 6% of those incid­ents were caused by mali­cious attacks, while 47% and 33% were respect­ively caused by hardware/software fail­ure and Third Party fail­ure. This means that from the 51 severe incid­ents, only 3 were actual cyber offences against crit­ical infra­struc­tures. It is, how­ever, note­worthy that, the ENISA “estim­ates that the num­ber of incid­ents, that will be repor­ted over the year 2012, will increase by a factor 10 because most coun­tries now have mature imple­ment­a­tion of the incid­ent report­ing pro­cess”.

Third, cyber crimes are also covered by the pleth­ora of EU digital policies and insti­tu­tions, espe­cially under the super­vi­sion of EU Com­mis­sioner for Justice and Home Affairs, Cecilia Malmström, as well as the recently estab­lished Cyber­crime Centre which has the man­date to “pool expert­ise and inform­a­tion, sup­port crim­inal invest­ig­a­tions and pro­mote EU-wide solu­tions, while rais­ing aware­ness of cyber­crime issues across the Union”. It is inter­est­ing to observe the first res­ults of this new spe­cial­ised agency, as it will exam­ine the real pic­ture of the exist­ing cyber crimes in the EU. Addi­tion­ally, the EU took steps for­ward to fight against cyber­crimes, by adopt­ing EU laws on the pro­tec­tion against Sexual abuse and sexual exploit­a­tion of chil­dren and child por­no­graphy on the Inter­net, as well as on the fight against online fraud.

Finally, the European Par­lia­ment can be con­sidered as an essen­tial actor in the cyber secur­ity gov­ernance of the EU. Indeed, the European Par­lia­ment served as the guard­ian of civil liber­ties and fun­da­mental freedoms in sev­eral con­tro­ver­sial cases such as the PNR and the ACTA nego­ti­ations with the U.S., where it ensured the coher­ence between eco­nomic oppor­tun­it­ies, cit­izens’ rights and cyber threats’ pre­ven­tion. As a mat­ter of fact, the EP is often the last ram­part pro­tect­ing European val­ues in the EU’s part­ner­ships with the rest of the world.

Cyber secur­ity is a global phe­nomenon and there­fore, it is prim­or­dial for the EU to cooper­ate with other States and regions of the world. Yet, so far, those part­ner­ships have been rel­at­ively pre­cari­ous. The inter­na­tional pos­i­tion of the EU can be best illus­trated by the recent devel­op­ments in mul­ti­lat­eral cyber secur­ity nego­ti­ations dur­ing the World Con­fer­ence on Inter­na­tional Tele­com­mu­nic­a­tions (WCIT) in Decem­ber 2012. The cent­ral ques­tion of the Con­fer­ence was whether the Inter­na­tional Tele­com­mu­nic­a­tions Reg­u­la­tions should be revised to expressly ref­er­ence the Inter­net, thereby deeply affect­ing the gov­ernance of the Inter­net and open­ing the door to States’ con­trol over the con­tent of the Inter­net.

Dur­ing the Con­fer­ence, the EU, that was rep­res­en­ted by the European Com­mis­sion (non voter Mem­ber) and the twenty seven EU Mem­ber States (voters Mem­bers), suc­cess­fully reached a com­mon pos­i­tion, and acted and spoke with one voice. Those efforts were insuf­fi­cient to shape the debate against Inter­net cen­sor­ship, and a con­tro­ver­sial Res­ol­u­tion that expli­citly encour­ages ITU mis­sion creep toward the Inter­net was approved. Addi­tion­ally, the fail­ure of the EU dur­ing those nego­ti­ations also affects its cooper­a­tion with the United States, as the core ele­ment of the part­ner­ship in cyber secur­ity relies on mutual assist­ance to shape the global debate on the issue of cyber secur­ity and cyber­crimes.

While both the U.S. and the EU appeared united at the WCIT, the rest of the EU-U.S. cyber secur­ity part­ner­ship remains shiv­er­ing between high level of cooper­a­tion in the fight against cyber crimes, and dis­agree­ments on issues related to privcacy and data pro­tec­tion. Finally, the EU-U.S. cooper­a­tion is furthered through NATO to pro­tect crit­ical infra­struc­tures against cyber threats. Yet the level of the cooper­a­tion is tein­ted of dis­agree­ments between NATO Mem­ber States’ ideo­lo­gies, national interests, and fear to loose their sov­er­e­ignity.

To con­clude, the struc­ture of the gov­ernance of the EU in the field of cyber secur­ity reveals that the European Union fully under­stood the nature of the Inter­net, its social and eco­nomic bene­fits, as well as the threats that exist in the digital world. It, there­fore, struc­tured its gov­ernance accord­ingly by estab­lish­ing the ENISA to pre­vent threats against crit­ical infra­struc­tures, the Cyber­crime Centre to tackle all online crimes and by con­tinu­ously pro­mot­ing the devel­op­ment of eco­nomic and social oppor­tun­it­ies online, through the European Commission’s Digital Agenda for Europe. Finally, the European Par­lia­ment plays an increas­ing role in defend­ing cit­izens rights and freedoms, while ensur­ing a coher­ent bal­ance between eco­nomic oppor­tun­it­ies, cyber secur­ity and indi­vidual rights. How­ever, the European Union’s record at the inter­na­tional level is less impress­ive as it fails to lead the debate and defend its val­ues dur­ing mul­ti­lat­eral nego­ti­ations, moreover, it faces ideo­lo­gical dis­agree­ments with its closest part­ners: the United States and NATO. This poor record on inter­na­tional cooper­a­tion in the field of cyber secur­ity is highly prob­lem­atic as it impedes all efforts by the European Union to reach out the rest of the world and pro­mote its coher­ent and com­pre­hens­ive mode of gov­ernance in the field of cyber­se­cur­ity, which could serve as a model for other parts of the world in order to secure the digital world at a global stage.

– Jean-Baptiste Houdart

Dis­claimer: This art­icle was ori­gin­ally pub­lished as ”  The European Union’s Cyber security Governance: The Missing Link (Part 2/2) “ on February 16, 2013 in The European Student Think Tank, a PB cooper­a­tion partner


(Featured photo: AttributionNoncommercial  Defence Images, Creative Commons, Flickr)

About Guest Writer

Check Also

The Hopeful Few: Ambitious Countries Fighting Climate Change

Almost a year ago, world leaders agreed on a common goal for climate change in the ...

Leave a Reply

Your email address will not be published. Required fields are marked *