In March of this year powerful cyber-attackers breached the German Foreign Ministry’s computer network and gained access to highly-sensitive information. Similarly, in June 2017 the property arm of France’s biggest bank (BNP Paribas) became the largest financial institution to be affected by an extortion campaign originating in Russia and Ukraine. Only a few years ago, the Estonian government networks were paralyzed following another cyber-attack.
These attacks are not happening in isolation. They are being carried-out as an element of modern warfare by highly-skilled and hostile political actors who view our member states’ digital infrastructures as a new frontier for cyberwarfare. Their goal is to exploit our perceived cybersecurity weaknesses to further their political aims.
The gravity of these threats cannot be underestimated, and we must now take cyberspace as seriously as military operations on sea, land, air and space.
Indeed, it is not unimaginable to foresee a situation in the near future where states engaging in conflict target basic infrastructures like electricity, airports or hospitals to generate panic and fear among people and distrust in their government.
Our citizens expect us to guarantee their safety and security, whether this is economically, socially or digitally. This means that as politicians we have a duty to understand and protect our citizens from new and emerging threats.
The European People’s Party (EPP) has always been forward-looking and proactive in this regard. Already in March last year, the EPP outlined the need to strengthen resilience to cyber war and prepare an EU response to hybrid warfare and cyber war in the Europe Secures our Future resolution at its Congress in Malta.
Our approach must be guided by the principle of deterrence, that is that the potential costs of an attack will be too high relative to the benefits to make it worthwhile.
So, what must we do to reinforce Europe’s cyber-defence? An effective cyber-defence policy for the 21st century should combine institutional reinforcement, self-sufficiency and investment in research and development.
Firstly, institutional reinforcement means the creation of an EU Cyber authority. This will allow member states to coordinate operations, build trust and serve as a point of liaison between individual Member states’ cyber authorities and NATO. Central to this is our firm belief that effective cyber deterrence is an activity that is best be tackled cooperatively.
Secondly, our approach to cyber-defence must emphasize self-sufficiency to adapt to the realities of the modern international political sphere. While we will work closely with our allies, Europe must act independently and not rely on others to protect our citizens from cyber threats.
Finally, we must prioritize investment in research and development so that we can establish a single cybersecurity market and develop international norms and enforcement in cyberspace. By investing heavily in education, we can ensure that Europe becomes a world-leader in the field of cybersecurity.
For 25 years EPP has been proactive on issues of security and defence policy. Guided by a desire to provide security and stability for our citizens and through our commitment to common European values, we must be prepared to adapt this approach to the realities and emerging threats of the 21st century.
Antonio López-Istúriz White is the European People’s Party Secretary General and the European Parliament EPP rapporteur for the Cyber-defence report of the Subcommittee on Security and Defence