Cyber security, as part of the so-called global commons, looms large in the analyses of Michele Flournoy, head of OSD policy and point person for the QDR, and many other senior OSD leaders. Kevin Coleman, a consultant for Strategic Command who writes for Defense Tech, looks at whether the European Union is doing its part to protect this global asset.
I hear that cyber spending may be as high as $10 billion this year (with much of that lurking in black accounts) so the US clearly has made a major commitment to protecting the web. This is one area where allied cooperation is absolutely crucial and the EU's incredibly byzantine and creaky structures apparently are not making this any easier. Should the EU set up common policies on protecting the web, it may be able to provide crucial safeguards for this part of the global commons.
Kevin's piece follows:
The threat posed by cyber attacks continue to evolve. As such governments around the world are scrambling to address the threat. One such governmental body is the European Union (EU). Earlier this year a thirty-four page document detailing a study on Cyber Security and Politically, Socially and Religiously Motivated Cyber Attacks was quietly released. It addresses three major areas.
Part 1 assesses the source and nature of cyber threats.Part 2 reviews current multilateral initiatives to address cyber security. Part 3 examines the European Union's responses to the cyber security challenge.
The study concludes with the two recommendations provided below:
There should be no attempt at a centralized, unified, cross-cutting approach to cyber security within the EU. Such an approach would conflict with the political character and bureaucratic structures of the EU, resulting in a loss of flexibility and a narrowing of the EU's response to the ever-widening challenge of cyber security.
The EU should adopt a policy described as Comprehensiveness in Diversity (or in similar language) with the following three aims: a. Establish a clear role within the overall cyber security response for the EU's Common Foreign and Security Policy. Uniquely within the EU, the CFSP will be able to bridge the civil-military divide where cyber-security is concerned, and will connect the internal and external aspects of cyber security. b. Establish the post of Cyber Security Co-ordinator with the Council Secretariat, acting in close liaison with EU institutions and member governments, and with relevant agencies such as ENISA, ESDP and EDA. c. Prepare a Common Operating Vision for cyber security. Emphatically not a strategic document, the Common Operating Vision would seek to achieve operational consistency across the EU.
Cyber security is an ever evolving problem that demands the flexibility discussed in the first recommendation. However, many of the EU states have still not formed a computer emergency readiness team (CERT). This begs the question how will the Cyber Security Co-ordinator identified in recommendation 2b function when, in many cases there is no one to coordinate with.
The European Union must be able to quickly and effectively take action if threatened by a cyber attack. Many of those I talked to did not think this study had enough content to even be considered a first step. While the EU is actively engaged in discussions about the growing threat of cyber security, like many other nations it does not have a comprehensive approach to the problem.
Will the EU rise to the challenge and address the growing threat of cyber attacks before it is too late? The answer is ... only time will tell, but it is not looking likely at this point.