The EU Parliament is pushing for a common cyber defense policy and extensive EU cooperation in building better cyber capabilities. In a resolution adopted on Thursday by 591 votes to 65, with 26 abstentions, it called for a common cyber unit to be set up. This should help to improve the inadequate exchange of information between the organs, institutions and agencies of the EU and to promote a secure and fast information network.
The MPs left it open whether the required military command should also be given the authority to “actively counteract cyber defense” alias hackbacks, for which the outgoing federal government has spoken out in its controversial cybersecurity strategy. However, they are calling for joint and coordinated responses to cyber attacks, which would also have to involve NATO. Sanctions could be imposed on hostile actors who threaten transatlantic security interests.
“Hybrid threats” concern
Parliament shows itself in the report Concerned about the systematic aggressive behavior particularly exhibited by China, Russia and North Korea in cyberspace. You refer to numerous IT attacks on government institutions and private companies, the traces of which pointed in the direction of these countries. We are talking about “hybrid threats”. Attackers rely on a combination of classic military operations, economic pressure, cyber attacks and even propaganda in the media and social networks.
Parliament considers these hybrid conflicts to be particularly dangerous and destabilizing for democracies, as they blurred the line between war and peace or attacks on digital service providers and critical infrastructures. But they are not serious enough to trigger the collective defense clauses under Article 5 of the NATO treaty or the defense and solidarity clauses of the EU treaties. In order to remove this legal vacuum, the provisions are to be reinterpreted to enable voluntary joint countermeasures.
“Cyber Resilience” law is to come
In her State of the Union address in mid-September, Commission President Ursula von der Leyen (CDU) announced a draft law “on cyber resilience”, but without going into the details. There is already a “Cyber Diplomacy Toolbox” for sanctions, which the EU first put in place last year. The MPs now emphasize that it is essential to overcome the current fragmentation and complexity of the entire cyber architecture of the EU and to develop a common vision for security and stability in cyberspace.
The resolution cites the NSO Group’s Pegasus spyware scandal as an example of large numbers of journalists, human rights activists, elected officials and other EU citizens being spied on. Therefore, Parliament also underlines the pioneering role of the EU in the development of standards that shape the cybersecurity landscape.