Insights European Commission proposes Joint Cyber Unit to step up response to large-scale security incidents

The Commission has published a Recommendation setting out its vision to build a new Joint Cyber Unit to tackle the rising number of serious cyber incidents impacting public services, as well as businesses and citizens across the EU. The Commission says that innovative and co-ordinated responses in the field of cybersecurity have become increasingly necessary, as cyberattacks grow in number, scale and consequences, impacting heavily on security. Stakeholders in the EU need to be prepared to respond collectively and exchange relevant information on a “need to share”, rather than a “need to know”, basis, the Commission says.

The Commission explains that the Joint Cyber Unit would aim to bring together resources and expertise across the EU to effectively prevent, deter and respond to mass cyber incidents and crises. Cybersecurity communities, including civilian, law enforcement, diplomatic and cyber defence, as well as private sector partners, too often operate separately. With the Joint Cyber Unit, they would have a virtual and physical platform of cooperation: relevant EU institutions, bodies and agencies, together with Member States, would build a European platform for solidarity and assistance to counter large-scale cyberattacks.

As part of the package, the Commission has also reported on progress made under the Security Union Strategy over the past months. Further, the Commission and the High Representative of the Union for Foreign Affairs and Security Policy have presented the first implementation report under the Cybersecurity Strategy, as requested by the European Council, as well as the Fifth Progress Report on implementation of the 2016 Joint Framework on countering hybrid threats and the 2018 Joint Communication on increasing resilience and bolstering capabilities to address hybrid threats. Finally, the Commission has issued a decision on establishing the office of the European Union Agency for Cybersecurity (ENISA) in Brussels, in accordance with the Cybersecurity Act. To read the Commission’s press release in full, click here.