MEPs have adopted a resolution calling on EU member states to work more closely together on cyber defence, following increasing cyber-attacks on civilians and military targets.”
Adopting the resolution in Brussels on Wednesday, members of the European parliament’s foreign affairs committee and security and defence sub-committee said Europe’s fragmented defence strategies and capabilities had led to its current vulnerability to cyber-attacks.
Member states are urged to enhance the ability of their armed forces to work together and to strengthen cyber cooperation at European level, with Nato and other partners.
Given the shortage of highly qualified cyber defence specialists, in particular experts in cyber forensics, MEPs called on member states to invest more in this field and to simplify cooperation between civil academic institutions and military academies.
They also called on the European External Action to strengthen the cyber defence expertise of the EU’s missions and operations.
Rapporteur, Estonian ALDE MEP Urmas Paet said, “Cyber defence remains a core competence of the member states, but due to the borderless nature of cyberspace, it is impossible for any one state to tackle the threats and challenges alone.”
“The EU needs to strengthen its cyber defence capabilities by boosting cooperation between member states, the EU and NATO. We also need to train more experts in cyber defence and organise joint exercises.”
The full parliament will vote on the cyber defence resolution at the June plenary session in Strasbourg.
The resolution comes as Nato secretary general Jens Stoltenberg warned that, “it is time we all woke up to the potential dangers of cyber threats.”
Speaking on Tuesday at a conference on cybercrime in Paris, Stoltenberg said, “During the Second World War there was a popular saying, “Loose lips sink ships.”
“Today, it is weak passwords, failing to add software updates, or opening unfamiliar emails. Simple things. But if we get them right, we can go a long way to protecting ourselves.”
“The EU needs to strengthen its cyber defence capabilities by boosting cooperation between member states, the EU and NATO. We also need to train more experts in cyber defence and organise joint exercises” Urmas Paet MEP
Stoltenberg said the need for effective deterrents was underlined by the fact that Nato is subject to a cyber-attacks “every single day.”
He said, “The digital revolution has improved our lives in many ways. But like the physical world, there are dangers that we must guard against.”
Stoltenberg was speaking at the École Militaire in the French capital during a major conference on Nato’s so-called “Cyber Defence Pledge” which, he said, had helped nations to look at their cyber-defences in a “far broader, more holistic way.”
Outlining the “many threats and challenges” in cyberspace, he said, “From the moment a rock was first used as a hammer, society has been driven by technology. Today’s great leap forward is not physical, but it is digital. But there is a dark side to this technology and in recent years, we have seen many large scale cyber-attacks.”
In France, TV-Cinq Monde was taken off air by hackers while ‘Fancy Bear’, a group associated with the Kremlin, hacked the main political parties in the United States in what Stoltenberg called "a brazen attempt to influence the 2016 election.”
Also in 2017 an attack forced Renault to halt production at several of its factories and a cyber-attack brought hospitals in the UK to a standstill.
Stoltenberg, opening the day-long event, told the audience, “The very nature of these attacks is a challenge. It is often difficult to know who has attacked you or even if you have been attacked at all. There are many different actors.
“Governments, but also criminal gangs, terrorist groups and lone individuals. Nowhere is the ‘Fog of War’ thicker than it is in cyberspace. Cyber-attacks are now “a part of our lives."
"If these were hard attacks, using bombs or missiles instead of computer code, they could be considered an act of war. But instead, some are using software to wage a soft-war - a soft-war with very real, and potentially deadly consequences” Nato secretary general Jens Stoltenberg
"If these were hard attacks, using bombs or missiles instead of computer code, they could be considered an act of war. But instead, some are using software to wage a soft-war - a soft-war with very real, and potentially deadly consequences.”
In 2014, Nato leaders agreed that a cyber-attack could trigger Article 5, meaning that an attack on one ally is treated as an attack on all allies.
“Traditionally," he said, "an Article 5 attack would be with tanks, aircraft and soldiers. Now it can come in the form of a cyber-attack.”
He added, “I am often asked, ‘under what circumstances would Nato trigger Article 5 in the case of a cyber-attack?’ My answer is: we will see. The level of cyber-attack that would provoke a response must remain purposefully vague. As will the nature of our response.
“But it could include diplomatic and economic sanctions, cyber-responses, or even conventional forces, depending on the nature and consequences of the attack. But whatever the response, Nato will continue to follow the principle of restraint. And act in accordance with international law.”
As a result of the Cyber Pledge, signed by the alliance in 2016, allies had increased investment in new, secure systems, he said.
In less than two years, almost every ally had upgraded their cyber defences with France leading the way, investing €1.6 billion and employing thousands more cyber experts.
Stoltenberg also pointed to Nato’s new Command Structure and Cyber Rapid Reaction teams which “are on standby to assist Allies, 24 hours a day.”
“Nato has hundreds of experts protecting our networks and systems around the clock.”
"And we need them. Nato is attacked every single day and the threat is evolving all the time. I hope that more allies will make similar offers at our next Summit in July."
The idea of deterrence is “simple”, he said, adding, “To make the potential costs of an attack too high and make the potential gains of an attack too low.
“By agreeing that a cyber-attack can trigger an Article 5 response we can make the potential cost of action by an aggressor high.”