Edition: International | Greek
MENU

Home » Europe

EU institutions, member states in competition over cyber intelligence

The European Commission and the EU’s diplomatic service are setting up two competing initiatives to collaborate with private companies on cybersecurity threats

By: EBR - Posted: Thursday, March 23, 2023

In recent months, the European External Action Services (EEAS), the bloc’s diplomatic arm, has been working on updating its EU Cyber Diplomacy Toolbox, an initiative to coordinate a diplomatic response to malicious cyber activities.
In recent months, the European External Action Services (EEAS), the bloc’s diplomatic arm, has been working on updating its EU Cyber Diplomacy Toolbox, an initiative to coordinate a diplomatic response to malicious cyber activities.

by Luca Bertuzzi

The European Commission and the EU’s diplomatic service are setting up two competing initiatives to collaborate with private companies on cybersecurity threats. Meanwhile, EU governments appear keen to keep sensitive intelligence for themselves.

In recent months, the European External Action Services (EEAS), the bloc’s diplomatic arm, has been working on updating its EU Cyber Diplomacy Toolbox, an initiative to coordinate a diplomatic response to malicious cyber activities.

The proposal, briefly previewed in the EU’s military strategy, the so-called Strategic Compass, was earmarked last year for implementing “preventive measures and sanctions on external actors for malicious cyber activities against the Union and its member states”.

As part of the revamping, the EEAS has engaged with cybersecurity companies and associations to develop a Public-Private Partnership, according to a series of documents seen by EURACTIV.

According to a discussion paper on the initiative, “the EEAS is exploring setting up a structured and regular engagement with the private sector, which could be a platform for the exchange of high-level observations on strategic cybersecurity trends in the context of foreign and security policy”.

Following the Ukrainian model, the idea is to create a ‘win-win framework’ for the private sector to pool in cyber threat intelligence to coordinate responses to malicious cyber actions.

Cyber Diplomacy Toolbox

The EU’s diplomatic service has organised in recent months closed-door workshops in collaboration with the European Cyber Agora, a multi-stakeholder initiative driven by Microsoft and the German Marshall Fund of the United States.

The first meeting in November was arranged at the premises of Microsoft, a leading company in the cybersecurity field that has regular intelligence exchanges with the US security services.

EU and US intelligence agencies have had a troubled history regarding intelligence sharing. Therefore, European companies are questioning to what extent the cyber threat information can be of high quality if Washington is involved, albeit indirectly.

The second workshop dedicated to using cases for cyber threat intelligence took place last Thursday (16 March).

The last workshop is expected in the coming week, focusing on testing identified solutions, with the final reform to be presented during the European Cyber Agora conference on 25-26 April.

However, with one month to go, the shape of this Public-Private Partnership remains undefined, as private companies currently do not see the advantage of sharing threat intelligence with the service, according to sources informed on the matter.

To make things worse, the European Commission is also working on a similar, but separate, initiative.

European Cyber Reserve

Next month, the Commission is due to present the Cyber Solidarity Act, a proposal to set up the legal framework for distributing financing from the cybersecurity emergency fund to provide incident response and cybersecurity audits to critical entities.

The private companies providing these services will have to qualify via a cybersecurity certificate and will form a Cyber Reserve. In return for this privileged access to publicly-financed contracts, the trusted service providers will most likely be expected to share threat intelligence.

A critical part of the Cyber Solidarity initiative is the establishment of a European Detection Infrastructure, intended to provide a secure platform for sharing threat intelligence.

However, the question is not only about raw data but primarily about the capacity to analyse it in real time. In this regard, the Commission recently allocated a grant to establish a situational room to manage cybersecurity incidents affecting Europe.

In other words, the EU executive is mostly focused on incident responses to large cyber-attacks, whilst the EEAS is merely interested in being able to attribute responsibility to the malicious actors to inform the EU’s diplomatic responses, like economic sanctions.

The two EU services are working on separate groups with different approaches. The EEAS invited the Commission to attend its second workshop, but the EU executive did not send a representative.

Meanwhile, member states are also trying to keep cyber threat intelligence in their hands.

Valued vulnerabilities

An essential part of cyber threat intelligence relates to exploited vulnerabilities, weaknesses that hackers exploit to gain unauthorised access.

How to deal with exploited vulnerabilities is a sensitive topic in the discussions over the Cyber Resilience Act, a draft law to introduce cybersecurity requirements for connected devices.

The original Commission proposal required product manufacturers to signal these vulnerabilities to ENISA, the EU cybersecurity agency.

However, many raised doubts that the EU agency might not have the capacity to manage such a volume of data, and a centralised repository of such sensitive information would be very appealing to malicious actors.

Instead, EU countries want these notifications sent to the national Cyber Security Incident Response Team (CSIRTs). In last week’s compromise text on the draft cybersecurity law, the wording was made even broader for a national CSIRT to refuse to share information with its peers.

Moreover, last week Heise reported that Germany’s federal police and Central Office for Information Technology have been working since October 2021 with authorities in France, the Netherlands, and Norway to identify zero-day exploits.

The project’s intent, coordinated by the French minister of interior and having its €4.2 million budget 90% covered by EU funding, is to find the type of vulnerabilities that allow law enforcement to crack passwords and spy on encrypted smartphones.

Zero-day exploits are the Holy Grail of vulnerabilities, as they are unknown to the software provider. They are considered highly sensitive as they can be used to hack not only criminal organisations but also sensitive targets in foreign countries.

*first published in: Euractiv.com

 

READ ALSO

EU Actually

Border controls are the new normal in the Schengen area

N. Peter KramerBy: N. Peter Kramer

Prime Minister, Michel Barnier, announced that France will control all its borders for illegal immigration from November 1

View 04/2021 2021 Digital edition

Magazine

Current Issue

04/2021 2021

View past issues
Subscribe
Advertise
Digital edition

Europe

Italy divided over Fitto securing a European Commission spot

Italy divided over Fitto securing a European Commission spot

EU lawmakers’ approval of Raffaele Fitto as one of the European Commission’s new executive vice presidents has provoked mixed reactions in Italy

Business

Value-based trade policies are on the rise- Here’s what businesses need to know

Value-based trade policies are on the rise- Here’s what businesses need to know

Trade policy is no longer just there to promote efficiency and productivity in the flow of goods and services

MARKET INDICES

Powered by Investing.com
All contents © Copyright EMG Strategic Consulting Ltd. 1997-2024. All Rights Reserved   |   Home Page  |   Disclaimer  |   Website by Theratron