Towards efficient cyber resilience

-
The EU Perception of the threats

François Rivasseau
Head of Division Security policy and Space policy

20 November 2017
 An evolving threat landscape

• Drastic evolution of the cyber threat landscape

• Cybercrime business models
• Internet-of-things
• New motives
• Etc.

• Need to look at it at a more strategic level to protect the well-

being of our democracies, societies and economies
 An evolving threat landscape

• Both public and private sector are increasingly reliant on digital

tools

• Update of the EU cybersecurity strategy in September 2017

• "Resilience, Deterrence and Defence: Building strong cybersecurity in
Europe"
• The European Commission and the High Representative have proposed
a wide range of concrete measures that will further strengthen the EU’s
cybersecurity structures and capabilities with more cooperation
between the Member States and the different EU structures concerned.
These measures will ensure that the EU is better prepared to face the
ever-increasing cybersecurity challenges.
 EU responses

• Starts with an increased resilience, and policies able to restore

trust in digitalization.

• Comprehensive EU legislation is in place to fight cybercrime

and the level of cyber security in critical private and public
sector organizations within the EU has been increased.

• NIS Directive – adopted in July 2016, transposed by May 2018

Increased national
cyber security capabilities
Boosting the overall
EU level
online security in
cooperation
Europe
Risk management &
reporting
 NIS Directive

• Capabilities – all EU Member States will have in place:

Computer
NIS NIS competent Security
National national Incident
strategy authority Response Team
(CSIRT)

• Cooperation

Cooperation group CSIRT Network

- -
Strategic cooperation Operational cooperation
Between EU Member States Between national CSIRTs
 EU responses

• Framework for a joint diplomatic response to malicious cyber

activities
• The "toolbox"
• Use measures with the Common Foreign and Security Policy
• Encourages cooperation, facilitates mitigation of immediate and long-
term threats, and influences the behaviour of potential aggressors
 Cooperation on international security

• Strategic framework for conflict prevention, cooperation and

stability in cyberspace
• Strict application of international law
• Universal non-binding norms, rules and principles of State behaviour
( cf. UN GGE report 2015)
• Regional confidence building measures - OSCE was the first in 2013;
ARF and OAS started processes of development in 2017

• Negotiated between States, but the private sector should also

play a role in the implementation
• E.g. "[All relevant stakeholders] should take appropriate measures to
protect their critical infrastructure from ICT threats" also makes sense
• More broadly, the security of digital products and services can be
strengthened
 Cooperation on cybercrime

• Another issue, to be addressed separately

• Answer lies in the wide dissemination of the Budapest

Convention on Cybercrime
• Open to the accession of all countries
• Technology-neutral – applicable to both current and future technologies
• 55 Parties + 15 signatories (1/3 of UN members)
• An additional third of UN members have made use of the Budapest
Convention as a guideline or at least as a source when preparing
domestic legislation
• The EU has several capacity building programs supporting this
endeavour (GLACY, GLACY+, Cyber South)
Thank you