Europe map on digital display with reflection and pixels showing cyber response to security incidents

European Union Proposes a Joint Cyber Response Unit To Coordinate Reaction to Security Incidents

The EU Cybersecurity Commission proposes a Joint Cyber Unit (JCU) to respond to the rising number of serious cyber incidents impacting public services, businesses, and citizens across the European Union.

The new cyber response unit would consolidate European Union member states’ resources and expertise to deter and respond to security incidents. It would also include private companies, law enforcement agencies, and other cyber defense communities. The partnership would allow the EU to respond collectively and exchange relevant information about cyber threats in the EU.

The EU cybersecurity commission says it will establish the unit through a gradual and transparent process and allow co-ownership with various partners.

Proposed cyber response unit responsible for coordination, knowledge sharing, and advance warning

The European Commission cyber response unit will provide a coordinated response to large-scale cybersecurity incidents in the Union. Additionally, it will assist members to recover from such events, share knowledge to defend from common threats, and even forewarn members.

Participants will provide resources for mutual assistance and share best practices and information on defending from common threats. It will also create an incidence and response plan, mobilize rapid reaction teams, and create a framework for mutual assistance, and establish cross-border monitoring capabilities.

The EU will fund the cyber response unit through the Digital Europe Programme, while the European Defence Fund would finance the Member States’ cyber-defense capabilities.

The cyber response unit will be operational within two years, with the private sector partnership slated to complete by June 2023.

EU cyber response unit will address security incidents without confronting perpetrators

The EU agency will only respond to cyber attacks without confronting the perpetrators. EU’s strategy is fundamentally different from NATO’s proposed response that could involve military action against perpetrators.

This decision could be informed by the European Union’s lack of a centralized army to respond to cybersecurity incidents militarily. Additionally, while the EU could declare cybersecurity incidents as national security issues, each country is at liberty of adopting an independent response towards the perpetrator. Similarly, the involvement of the private sector could also complicate the process of cyber retribution. Lastly, getting the EU member countries to agree on a particular cyber response towards specific security incidents could prove problematic.

However, EU NATO members could turn to the alliance to address specific security incidents originating from specific countries such as Russia and China.

Effectiveness of the EU cyber response unit

The effectiveness of the EU cyber response unit without key players such as the United States and the UK is questionable.

Since Brexit, the Union lost a key member who is also part of the 5-Eyes intelligence group that monitors cyber threats globally. However, ENISA, EU Agency for Cybersecurity told SecurityWeek that it had a Trade and Cooperation Agreement on several issues, including cybersecurity. Consequently, the Joint Cyber Response Unit could work closely with UK’s GCHQ. Through this association, the JCU could cooperate with other players outside Europe, such as the NSA.

Although the JCU lacks offensive capabilities at the moment, such abilities could likely be considered in the future.

Ilia Kolochenko, Co-Founder, CEO, and Chief Architect at ImmuniWeb lauded the EU initiative. He noted that international collaboration was crucial in addressing the rising number of cybersecurity incidents.

“We should, however, bear in mind that coordinated defense, response, and eventual prosecution of cybercrime is virtually impossible without cohesive global cooperation. The EU countries may face the well-known challenges of foreign jurisdictions that continually refuse to extradite their citizens charged with cybercrime abroad.”

However, he recommended a cautious approach because nation-state actors frequently framed their rivals by hacking their infrastructure and proxying their attacks through compromised systems.

“Eventually, even the best forensic investigation will be misled and likely misattribute the attack. This uncertainty undermines cyber-self-defense, as you risk counterattacking an innocent party, provoking further escalation and violating international law.”

He suggested increasing resilience and promoting the best cybersecurity practices and education within organizations to address the increasing security incidents.