Thierry Breton announces that Europe will equip itself with a “cyber shield” and a “cyber reserve”.
EU Commissioner Thierry Breton announced on Wednesday that Europe intends to equip itself with a “cyber shield” including a “backup cyber army” to withstand larger cyber attacks such as those on Ukraine. These devices are provided for by a new regulation, the Cyber Solidarity Law, which he will present on April 18th.
“Our goal is to create a “European cyber protection shield” that will make it easier to identify attacks in advance. Today, an average of 190 days elapse between the start of malware proliferation [logiciel malveillant] and the moment it is discovered,” underlined Mr Breton, responsible for the internal market and digital, before the International Cybersecurity Forum. “We want to drastically reduce this time to a few hours,” he said.
“With the war in Ukraine, cyber attacks in Europe increased by 140% last year. In this context, the joining and coordination of our forces at European level becomes more necessary than ever as the threat will spread,” Thierry Breton told Les Echos newspaper. “Coincidentally” these activities are increasing in countries that are sending arms to Ukraine, he added in an interview with LCI on Wednesday morning.
Attack detection is entrusted to a European network of six or seven SOCs (Cybersecurity Operation Centers), also provided for in the Cyber Solidarity Act. Equipped with supercomputers and artificial intelligence systems, they will work along the lines of the Galileo satellite system, he added.
Three first major SOCs will be deployed this year without waiting for the vote on this new regulation.
Another novelty: the creation of a “cyber reserve, made up of several thousand stakeholders, public and private service providers on a voluntary basis, to support defense efforts in the event of an attack,” explained Thierry Breton. “This cyber reserve will be ready to intervene at the request of any Member State,” he said.
The new regulation also provides for a partnership between member states to strengthen the resilience of critical infrastructures in the European Union (airports, power plants, gas pipelines, electricity grids, internet cables, etc.) with attack scenarios and penetration tests to uncover vulnerabilities.
In the event of a large-scale attack, a “cyber emergency mechanism” is provided: immediate information exchange, joint crisis management and mutual assistance. The investment will be “more than 1 billion euros, two-thirds financed by Europe,” he told Les Echos.
Finally, the EU must “equip itself with a doctrine that provides for a deterrent capability and a policy of active and direct sanctions”. The new regulation will therefore encourage affected countries to take offensive action as soon as an attack is attributed.
The European Union has already equipped itself with a legislative arsenal, such as the Cyber Resilience Act announced at the end of last year, which lays down common rules for connected objects, or the NIS2 directive planned for 2024, which imposes new security obligations on companies.