Cyber-defence: The new security challenge

The EDA plays a central role in improving Europe’s capacity to protect itself from cyber-threats, writes Jorge Domecq.

Jorge Domecq | Photo credit: EDA

By Jorge Domecq

21 Nov 2017


These are exciting times for European defence cooperation. Political leaders have taken bold, far-reaching decisions on governance and funding instruments, while member states and the EU institutions are hard at work turning political declarations into reality, delivering the capabilities needed to keep our citizens safe. 

The challenge is no longer the ‘why’ or the ‘what’, but the ‘how’. Nowhere will it be more important to maintain momentum than in the so-called ‘fifth domain’ - the cyber world.

The digital dimension permeates our society and our way of life and citizens all over the world are embracing this increasingly-connected world. The revolution brought about by the advent of the internet has yielded countless opportunities, and will continue to do so in ways we probably cannot currently fathom. 

However, a new, more complex generation of threats has arisen, one that no nation alone can counter. As the EU continues to address these cyber threats in both the civilian and military domains, it is important to bear in mind three key aspects to ensure the success of our combined efforts.

First, it is time to stop cybersecurity being an afterthought when developing technologies, systems and products. Whether consumer goods, military aviation, satellite communication or future soldier systems, cybersecurity aspects must be embedded by design.

Cyber constitutes one of the EDA’s four main areas of work in supporting member states’ capability development. Requirements in the military cyber domain are to prepare for, prevent, detect, respond to, recover from and learn lessons from attacks.

As our capabilities, technologies and systems become increasingly connected, so securing infrastructure and information flows become a central thought when ideating future capabilities.

The EDA has a central role to play in supporting member states setting priorities for capability development and in research and technology for future capabilities. As such, it can ensure that cybersecurity and cyber-defence aspects are at the root of every future capability project. 

In addition, as the central interface for member states on wider EU defence policies, it can ensure that military specificities are taken into account by EU institutions in any future policy developments, such as the Commission’s recent cyber package.

Second, improved cooperation and collaboration will be fundamental in achieving security in the cyber domain. The latter is characterised by a complex web of national and international actors; member states, EU institutions, Nato, industry and the research community. 

It is fundamental that these actors work in harmony, avoiding duplication. They must ensure that cyber threats and challenges are addressed efficiently in a cross-sectoral, fully coordinated and comprehensive manner. 

While cyber-defence capabilities remain a national competence, we must build trust at all levels to ensure security and superiority to cyber adversaries. A central task of the EDA is to help member states prioritise cooperative activities and EU-funded activities.

The upcoming revision of the capability development plan, to be delivered in spring 2018, together with the overarching strategic research agenda (OSRA), will provide a coherent framework for future capability development. The coordinated annual review on defence (CARD), of which the first trial run has just begun, will support the assessment and evaluation of these priorities.

Member states will have the possibility to advance these new projects as part of the permanent structured cooperation (PESCO), and to receive EU support through the European defence fund (EDF).

The EDA is at the centre of these initiatives as secretariat to both the CARD and PESCO, and it continues to cooperate with Nato to achieve coherence of output. The Agency serves the member states, and works with the Commission on a number of initiatives, including the EDF. 

This places the EDA at the heart of the web of cyber actors and gives it both the intergovernmental and community expertise to help build trust and ensure impactful cooperation for improved cybersecurity.

Last but not least, is the importance of sustained political momentum in cybersecurity and cyber-defence. Cyber must leave the confines of the IT department, and senior decision-makers must be kept firmly in the loop of developments.

The CYBRID2017 exercise, co-organised by the Estonian EU Council presidency and the EDA in September, was the first-ever tabletop exercise to target EU defence ministers. The exercise demonstrated the importance of awareness and decision-making in cyber at the highest political level.

Political will must be matched by action, i.e. by policies and funding. The EDA continues to work with the Commission in supporting dual-use research in the H2020 programme.

PESCO and the research and capability windows of the European defence fund will offer member states significant collaborative instruments to advance their work on cybersecurity and cyber-defence.

Europe’s efforts to tackle the constantly evolving threats in the fifth domain must continue to ensure our member states and their citizens continue to enjoy the opportunities of the digital revolution.