In order to counter the rising number of cybersecurity incidents, the European Commission issued a recommendation for a new Joint Cyber Unit.
The Unit should bring together all available resources of the Member States and unite the expertise of all participants, such as cybersecurity communities, law enforcement, diplomatic and cyber defence communities as well as private sector partners. This is the first step towards a European platform for solidarity and assistance to counter large-scale cyberattacks. By 30 June 2022, the Unit should commence its work and become fully functional within one year (by 30 June 2023). ENISA will act as secretariat in the preparation phase and further close cooperation between the Unit, ENISA and the Computer Emergency Response Team (CERT-EU) is planned.
The Joint Cyber Unit should act as a platform to coordinate EU-wide responses to cyber incidents and to offer assistance in recovering from attacks. At an operational and technical level, the Unit will establish and mobilise EU Cybersecurity Rapid Reaction Teams, facilitate the adoption of protocols for mutual assistance and establish national and cross-border monitoring and detection capabilities (including Security Opertaion Centres). Based on national plans, the Joint Cyber Unit will also work to deliver the EU Cybersecurity and Crisis Response Plan.
Presented in December 2020, the Cybersecuity Strategy identifies three areas which should contribute to a safe European cyberspace: resilience, building operative cybersecurity capacities and the promotion of a global open cyberspace.
The first Implementation Report shows progress in many of the 26 identified initiatives. Recently, the European Parliament and Council of the European Union approved the Cybersecurity Competence Centre and Network. The legal framework for ensuring the resilience of essential services will be revised with the NIS-2 Directive. Most Member States are implementing the EU 5G Toolbox. Once the European Code for Electronic Communications (EECC) is transposed in all Member States (including Austria), it will reinforce the requirements for mobile network operators. In addition, ENISA is preparing a candidate EU cybersecurity certification scheme for 5G networks.
The event RTR-Netz-Werk-Digital: Digitale Europäische Sicherheitspolitik (European Digital Security Policy) revolved around many of these topics. In the press release following the event, some of the core arguments of manufacturers, operators and regulators are illustrated.