Four things I would like to see in the EU’s upcoming Cyber Defence Policy

Last Saturday, all trains in Denmark came to a standstill for more than 7 hours. The subcontractor that provides IT solutions to DSB-the largest Danish train operating company, had to shut down all services following a ransomware attack. Cybercrime can be as disruptive as physical crime.

The Russian invasion of Ukraine has been a wake-up call to all Europeans that our collective defence should be taken seriously in peace as much as in war. Russia invaded Ukraine in February 2022, but the war had begun many years earlier. Since at least 2014, there has been an almost constant barrage of cyber-attacks on Ukrainian critical infrastructure.

The recent leak of the Nord Stream natural gas pipeline has revealed the fragility of the European energy infrastructure which could be further weakened by the prospect of cyberattacks this winter. However, instead of panicking, we should be prepared for any threats lying ahead. ?

The updated EU cyber defence policy could be a gamechanger if and only if:

1)?It puts digital technology at the heart of any defence strategy

Today, digital technologies are not simply components of defence systems; they are at the very heart of these systems. The Cyber Defence Policy should focus on emerging and disruptive technologies (EDTs) such as post-quantum cryptography, a technology that can counter potential threats of quantum computers. EDTs are set to have a tremendous impact on cyber defence and will revolutionise future military strategies and operations.

Today, innovation is significantly driven by the private sector and is picked up at a later stage by the military. Historically, it has been the other way around. The EU Cyber defence policy should empower SMEs in the field of security and defence to innovate and scale up in Europe, by boosting investment and making it easier for them to participate.

2)??It bolsters a strong cooperation with NATO, EU and allies

NATO and the EU should act in concert when it comes to cyber resilience. The Cyber Defence Policy should pave the way to a stronger coordination at multiple levels: crisis management, research and innovation as well as capacity building. It is vital that the EU Member States and NATO Allies remain at the forefront of technological advances, and that is clear who does what if Europe is attacked.

3)?It fosters a strong cooperation between the private and the public sector

The public – private cooperation that we have witnessed in Ukraine is revolutionising warfare. When the war in Ukraine started, the private sector was at the forefront of detecting and responding to massive cyberattacks.

Our Digital Resilience Executive Council at DIGITALEUROPE aims to break down the artificial line that sets the private and the public sector apart. ?We bring together NATO ambassadors, EU officials with cyber and digital resilience innovators to think about solutions for a more agile procurement approach, cyber governance and supply chains security.

It is crucial for the Cyber Defence Policy to strengthen trust between the two sectors and unlock the incredible potential of innovation especially among SMEs.

4)?It sets a solid plan to bridge the talent gap

Implementing a Cyber Defence Policy amid a deep tech talent crisis is like trying to treat patients in a hospital without doctors. Last year, Europe was lacking over 200,000 cybersecurity specialists, and the shortage is worsening as cyber threats from the war in Ukraine are growing in number and scale.

The EU Cyber Defence Policy should redouble skilling efforts through pan-European capacity building programmes.?Students and especially young girls and women should be highly encouraged to follow a career path in the field, such as through the Women4IT project. ?Today, women make up only 20% of the cybersecurity workforce.

And, finally, let me address the elephant in the room: the EU Treaties.

The above could be hard to achieve if security remained a national competence as President Ursula Van Der Leyen noted in her State of the Union address earlier this fall. The current legal structure does not allow for budget on defence to move across borders. If we can’t change the Treaties, can we at least find ways to work around them??