Telecoms ministers adopted on 6 June the EU Master Plan for Cybersecurity Crisis Management, which provides guidance for the EU’s response to large-scale cybersecurity incidents or cybersecurity crises.
The EU Cybersecurity Master Plan is an important guidance resource through which Member States can improve their preparedness for cybersecurity incidents, as well as their detection and response capabilities. It builds on the foundations of the 2017 Cybersecurity Master Plan and takes into account important recently adopted legal acts such as the SRI 2 Directive and the Cybersolidarity Regulation.
The EU Cybersecurity Master Plan aims to address an increasingly complex cyber threat landscape by strengthening existing EU networks, fostering cooperation between Member States and stakeholders and overcoming obstacles.
Key elements of the Cybersecurity Master Plan
This master plan highlights the importance of digital technology and global connectivity as underpinnings of the EU’s economic growth and competitiveness. However, an increasingly interconnected and digitised society also brings with it an increased risk of cybersecurity incidents and cyber-attacks. Hybrid campaigns and cyber-attacks can directly affect EU security, economy and society.
Member States are primarily responsible for managing cybersecurity incidents and crises, but their response capacity can be overwhelmed when large-scale incidents occur, which can cause major disruptions or even affect several Member States.
As such an incident could develop into a full-blown crisis that prevents the proper functioning of the EU internal market or poses serious risks to public safety and security, cooperation at technical, operational and political levels is essential to manage this type of crisis effectively.
In order to determine concretely what constitutes a large-scale incident or cybersecurity crisis in the Union, the Cybersecurity Master Plan explains clearly when the crisis framework should be activated and what are the roles of the relevant EU networks, actors and mechanisms, such as the EU Cybersecurity Agency (ENISA) or the European Network of National Liaison Organisations for Cybersecurity Crises (EU-CyCLONe). The text also points to the importance of coordinating public communication before, during and after a crisis.
The EU Cybersecurity Master Plan stresses the importance of civil-military cooperation in the context of cybersecurity crisis management – also in collaboration with NATO – through enhanced information-sharing mechanisms where possible and necessary.
Finally, this new master plan also includes chapters on recovery and aims to improve the sharing of lessons learned among member states.
Background
Since 2017, the EU cybersecurity threat landscape and framework has changed significantly thanks to the creation of several instruments on cybersecurity management, such as the SRI 2 Directive or the Cybersolidarity Regulation. This led to the need to amend the 2017 master plan.
Discussions on the EU Cybersecurity Master Plan intensified during the Polish Presidency, in particular during the informal Transport, Telecommunications and Energy Council meeting on 4-5 March in Warsaw, which was entirely devoted to the issue of cybersecurity.
More information: Council of the European Union
Leave a Reply