Mar 21, 2024

Cybersecurity Coalition EU Policy Roadmap 2024-2029

MISSION STATEMENT

The war in Ukraine has demonstrated the fundamental role the digital domain will play in future international conflicts, and how widely the impacts of malicious cyber actors can be felt across different industries, sectors, and borders. Destructive cyber-attacks, often combined with kinetic strikes, by Russian government-backed actors targeted far more than just Ukrainian government and military entities, expanding their scope to include critical infrastructure, utilities and public services, and the media and information space too. These attacks have highlighted the need to address cybersecurity risk and bolster the resilience of critical infrastructure around the world.

The power of international cooperation and partnership to support collective defence and more resilient cybersecurity has been a significant factor in ensuring Ukraine has been able to continue to provide essential services to its citizens. Almost immediately, industry and governments around the world mobilized to provide cybersecurity assistance to Ukraine. Recently, European Union (EU)support was formalized via a cyber cooperation agreement in November 2023 between the European Union Agency for Cybersecurity (ENISA) and Ukraine’s National Cybersecurity Coordination Centre (NCCC).

The war shows how enhanced and wider international cooperation can enable a more robust and resilient global cybersecurity ecosystem, while ensuring the sovereignty of nation under attack. As the largest trading bloc globally, the EU has established a foundation of cybersecurity policy and certifications – some voluntary, some binding. The EU’s legislative focus has only expanded to address emerging technologies like artificial intelligence and quantum computing.

The passage of the Cyber Resilience Act (CRA) and the AI Act, as well as the upcoming elections, offer the EU an opportunity to establish a new vision for collective digital resilience. As the EU is confronted with new cybersecurity and technology risks maintaining focus on working toward amore secure and resilient European cyber landscape is paramount. Creating greater digital resilience requires those tasked with advancing the EU’s future safety and prosperity to implement necessary policies without siloing Europe from the global cyber ecosystem.

A roadmap to ensure Europe’s collective digital resilience in the years ahead should seek to incorporate the following factors:

1. STRENGTHEN THE EUROPEAN CYBERSECURITY ECOSYSTEM

The EU should take policy steps to ensure its digital workforce and industry partnership model is able to respond to a major cyber incident, potentially in a time of conflict. In this effort, a stronger and more robust relationship with trusted industry partners will be vital, including greater information sharing. Europe must also continue to take steps to strengthen the cybersecurity workforce and best practice adoption across member states.

2. PROMOTE INTERNATIONAL PARTNERSHIPS,INTEROPERABILITY & REGULATORY ALIGNMENT Interoperability with non-EU partners is increasingly vital for cyber resilience, as the war in Ukraine made abundantly clear. Many international partners stand ready and willing to engage in cooperation through information sharing, free trade agreements, and more. Europe should seek to engage proactively across the Atlantic, through the G7, and with emerging international groupings like the Quadrilateral Security Dialogue (Quad). Aligning cybersecurity regulation between the EU and the US, as well as other key jurisdictions, is imperative. Alignment around regulatory best practices and lessons learned will enhance collective cyber resilience, while enabling industry to focus on operational security investments, rather than an unnecessarily complex global system of compliance regimes.

3. ADOPT A FUTURE-FOCUSED APPROACH TO POLICY MAKING

Lastly, Europe needs to set itself up for long term success by future-proofing its cybersecurity environment. At the forefront of this is ensuring that cybersecurity and risk management are proactively incorporated into dialogue around emerging technologies such as artificial intelligence and quantum computing. Europe must also lay the groundwork for a sustainable and skilled cyber workforce to lead in these areas.