In March 2021, the European Council adopted conclusions on the EU’s cybersecurity strategy for the digital decade. This strategy was presented by the Commission and the High Representative for Foreign Affairs in December 2020. It outlines the framework for EU action to protect citizens and businesses from cyber threats, promote secure information systems and protect a global, open, free and secure cyberspace.
The conclusions note that cybersecurity is essential for building a resilient, green and digital Europe. They set as a key objective achieving strategic autonomy while preserving an open economy. This includes reinforcing the ability to make autonomous choices in the area of cybersecurity, with the aim of strengthening the EU’s digital leadership and strategic capacities.
In its conclusions, the Council highlights a number of areas for action in the coming years, including:
– The plans to create a network of security operation centres across the EU to monitor and anticipate signals of attacks on networks.
– The definition of a joint cyber unit which would provide a clear focus for the EU’s cybersecurity crisis management framework.
– Its strong commitment to applying and swiftly completing the implementation of the EU 5G toolbox measures and to continuing efforts to guarantee the security of 5G networks and the development of future network generations.
– The need for a joint effort to accelerate the uptake of key internet security standards, as they will be instrumental for increasing the overall level of security and openness of the global internet while increasing the competitiveness of EU industry.
– The need to support the development of strong encryption as a means of protecting fundamental rights and digital security while at the same time ensuring the ability of law enforcement and judicial authorities to exercise their powers both online and offline.
– Increasing the effectiveness and efficiency of the cyber diplomacy toolbox paying particular attention to preventing and countering cyberattacks with systemic effects that could affect supply chains, critical infrastructure and essential services, democratic institutions and processes and undermine economic security.
– The proposal on the possible establishment of a cyber intelligence working group to strengthen the EU’s dedicated capacity in this domain.
– The importance of strengthening cooperation with international organisations and partner countries in order to advance the shared understanding of the cyber threat landscape.
– The proposal to develop an EU external cyber capacity building agenda to increase cyber resilience and capacities worldwide.
In order to ensure the development, implementation and monitoring of the proposals presented in the cybersecurity strategy, the Council encourages the Commission and the High Representative to establish a detailed implementation plan. The Council will also monitor the progress in the implementation of the conclusions through an action plan which will be regularly reviewed and updated.