With the breaking news which found that the European Union wants to launch a new cyber unit to respond to cyberattacks, according to a draft of the plan seen by POLITICO. The European Commission will present its plan on Wednesday to set up what it calls the “Joint Cyber Unit,” which would allow national capitals hit by cyberattacks to ask for help from other countries and the EU, including through rapid response teams that can swoop in and fight off hackers in real-time, according to the draft.
<p>The Joint Cyber Unit is going to have to get information sharing right. There are already many cyber security information security sharing communities and work groups out there who already suffer from speed and timeliness issues. It’s hard to see how adding the inevitable layer of regulation and red tape is going to help improve matters.</p>
<p>From experience, EU member states treat Cyber Threats very differently. So, it’s going to be difficult for them to agree on effective rules of engagement. What happens if a breach becomes classified information in one of the member states? This can be seen in other multi-national coordination efforts the EU takes part in. For example, intelligence sharing in NATO is fraught with pitfalls and delays as decisions have to be made as to what is shared, and most importantly, when it is shared.</p>
<p>It’s a step forward that governments are coming together to offer support and protection to organisations affected by these attacks, what help they will be only time will tell. But really it’s the responsibility of the organisations to protect themselves to the best of their ability and not just to meet some regulation or compliance, good enough security isn’t good enough anymore.</p>
<p>Over the last few weeks we have seen governments take positive steps to bolster cyber security, and this is another positive step. Cyber security is always most effective when there is healthy collaboration between groups, and in that light the formation of the Joint Cyber Unit by the European Commission is very welcome. It’s a logical progression from the 2016 NIS Directive which required individual member states to be appropriately equipped, facilitated strategic cooperation and information exchange, and imbibed a culture of security in sectors critical to the economy and security.</p>