• 5G and cybersecurity, EU countries take action. Spotlight on the new Cyberspace Unit
• Presented the project on the joint unit that aims to cope with the increase in serious computer accidents. A virtual and physical platform of cooperation is available. Full operation by June 2023. Vestager: “Security is a prerequisite for a digital and connected Europe”
23 Giu 2021 Mila Fiordalisi Direttore
“In most EU countries, the implementation of the 5G tool package is progressing rapidly, and the necessary frameworks have already been set up, or are almost ready, to impose appropriate restrictions on 5G providers”This is stated in the Report presented today by the European Commission on the progress made in recent months in the context of the Security Union Strategy. The European Electronic Communications Code reinforces the obligations of mobile network operators, while the European Union Cybersecurity Agency (Enisa) is preparing a proposal for an EU system to certify the cybersecurity of 5G networks.
Enisa headquarters in Brussels
The Report pairs that presented by the Commission and the High Representative of the Union for Foreign Affairs and Security Policy with that on the implementation of the Cyber Security Strategy, as requested by the European Council.
And the fifth progress report on the implementation of the 2016 Joint Framework to Tackle Hybrid Threats and the 2018 Joint Communication on Strengthening Resilience and Capacity Building to Address has also been published today hybrid threats.
The Commission also adopted the decision establishing the office of the European Union Cybersecurity Agency (Enisa) in Brussels, but above all presented the draft of a new joint unit for cyberspace “to cope with the increase in serious computer accidents affecting public services and the lives of businesses and citizens throughout the European Union”. The Commission stresses that “it is becoming increasingly necessary to put forward advanced and coordinated cybersecurity responses in place in the face of an increasing number of cyber attacks with ever-increasing size and impact on our security.
All stakeholders in the EU must be prepared to respond collectively and to exchange relevant information on the basis of the principle of the need to share, rather than the simple “need to know”.
Cyberspace, Joint Unit Off: Full Operation in 2023
The Cyberspace Joint Unit aims to pool the resources and expertise available to the EU and its Member States for effective prevention, deterrence and response to large-scale cyber crises and incidents.
“Cybersecurity is a prerequisite for a digital and connected Europe. In today’s society it is essential to respond in a coordinated way to threats. The joint cyberspace unit will help us achieve this goal. Together we can really make a difference”, comments Margrethe Vestager, EU Vice-president.
A virtual and physical platform for cooperation will be made available: the relevant EU institutions, bodies and agencies, together with the Member States, will progressively build a European platform of solidarity and assistance to counter large-scale cyber attacks. Participants will be invited to provide operational resources for mutual assistance in the framework of the Cyberspace Joint Unit (list of proposed participants available here).
L’unità congiunta per il cyberspazio punta a riunire le risorse e le competenze a disposizione dell’Ue e degli Stati membri per una prevenzione, deterrenza e risposta efficaci alle crisi e agli incidenti informatici su vasta scala.
The objective is to ensure that the Joint Unit starts operations from 30 June 2022 and is fully operational within the following 12 months, that is to say by 30 June 2023. The European Union Cybersecurity Agency (ENISA) will act as a secretariat in the preparatory phase and the Joint Cybersecurity Unit will operate in the vicinity of ENISA’s Brussels office and Cert-EU, the institutions’ IT-ready team, EU bodies and agencies.
The investments needed to set up the Cyberspace Joint Unit will be financed by the Commission, mainly through the Digital Europe programme. The funds will be used to build the physical and virtual platform, to create and maintain secure communication channels and to improve detection capabilities. Further contributions, in particular to developing the Member States’ cybersecurity capabilities, may come from the European Defence Fund.
5G, the Italian MISE to work on “cyber” certification
The announcement of the director of the ministry, Eva Spina: “We are at an early stage, waiting for the European reference scheme that will be implemented by Enisa”.
the Ministry of Economic Development working on 5G certification. The announcement was made by Eva Spina, general manager of the Mise, heard in the Defense Committee of the House regarding the profiles of cybersecurity related to national defense.
“In the EU one of the cyber certifications on which we are starting to work is 5G. In the within of the Work Stream of the 5G of the Nis Cooperation Group is proposed a subgroup on because the Commission’s proposal to ask Enisa to draw up this certification scheme was approved”.
As part of the EU Recommendation on the cyber security of 5G networks, “the report of the risk assessment has evidenced that the majority of the Member States estimate the level of exposure in the comparisons of the suppliers like medium-high – Spina has pointed out – As a result of this report, the EU commission has elaborated the toolbox’ with the measures of security, adopted on 29 January 2020. In particular, eight strategic measures and eleven technical measures were identified which Member States could decide to implement. Ten support actions have also been identified to increase the effectiveness of the strategic measures”.
Spina then made it known that in 5G “regarding the Golden Power application was immediate. Therefore, the control on the purchase of all the products related to the 5G network – it was carried out from the first moment – and this has allowed to issue prescriptions at the time when the networks were being built in Italy. Let’s not forget that Italy, compared to other EU countries, was among the first to organize the race for 5G frequencies. We started immediately”.
5G, the EU strategy for network security
In the new strategy on cybersecurity, presented by the European Commission on 16 December, Member States are encouraged to complete the implementation of the EU’s toolkit package for 5G networks, establishing a comprehensive approach based on objective risks to the security of 5G and next-generation networks by the second quarter of 2021.
Three lines of action of the strategic plan:
1. resilience, technological sovereignty and leadership
In this line of action, the Commission proposes to reform the rules on the security of networks and IT systems as part of a Directive on measures for a common high level of cybersecurity across the Union (revised NIS Directive or “NIS 2”) in order to increase the level of cyberspace in the essential public and private sectors:
hospitals, energy networks, railways, but also data centres, public administrations, laboratories for research and production of medical devices and medicines, as well as other essential infrastructure and services that must remain impermeable in an increasingly rapid and complex threat context.
The Commission also proposes to set up a network of operational safety centres throughout the EU, powered by artificial intelligence (AI), which will be a real cyber-security barrier for the EU to detect signals of a cyber-attack in a timely manner and allow proactive action before damage occurs. Further measures will include support for small and medium-sized enterprises (Smes) in the framework of digital innovation poles and increased efforts to improve the skills of the workforce, attracting and retaining the best cybersecurity talents and investing in open, competitive and excellence-based research and innovation.
2. Development of operational capacity for prevention, deterrence and response
As part of a progressive and inclusive process with Member States, the Commission is preparing, a new joint cyber space unit to strengthen collaboration between EU bodies and Member State authorities responsible for preventing, deterring and responding to cyber attacks, including civilian communities, diplomatic, contrast and cyber defense.
The High Representative has put forward proposals to strengthen the EU’s IT diplomacy toolkit in order to prevent, deter and respond effectively to malicious IT activities, in particular those affecting our infrastructures, essential supply chains, institutions and democratic processes.
The EU also aims to further strengthen cooperation in the field of cyber defence and to develop state-of-the-art cyber defence capabilities, building on the work of the European Defence Agency and encouraging Member States to make full use of permanent structured cooperation and the European Defence Fund.
3. Promoting global and open cyberspace through increased cooperation
The EU will intensify cooperation with international partners to strengthen the rule-based world order, promote security and stability in cyberspace and protect human rights and fundamental freedoms online. It will promote international standards and standards that reflect these fundamental values of the EU by cooperating with its international partners in the United Nations and other relevant contexts
The EU will further strengthen its IT diplomacy toolkit and intensify efforts to build IT capabilities in third countries by developing a dedicated EU external agenda. Cyber-security dialogues with third countries and regional and international organisations, as well as with the multi-stakeholder community, will be intensified. The EU will also set up a network for cyber diplomacy around the world to promote its vision of cyberspace.