7/2/2013 Ref: EU13-049EN
Summary: 7 February 2013, Brussels - A free and open Internet is at the heart of the new Cyber Security Strategy by the European Union High Representative Catherine Ashton and the European Commission. The new Communication is the first comprehensive policy document that the European Union has produced in this area. It comprises internal market, justice and home affairs and the foreign policy aspects of cyberspace issues.
The Strategy is accompanied by a legislative proposal (a Directive) from the European Commission to strengthen the security of information systems in the EU. This would encourage economic growth as people's confidence in buying goods online and using the Internet would be strengthened.
The Strategy is offering clear priorities for the EU international cyberspace policy:
- Freedom and openness: The Strategy outlines the vision and principles on applying the EU core values and fundamental rights in cyberspace. Human Rights should also apply online and we will promote cyberspace as an area of freedom and fundamental rights. Expanding access to the Internet should promote democratic reform worldwide. The EU believes that increased global connectivity should not be accompanied by censorship or mass surveillance.
- The laws, norms and EU core values apply as much in the cyberspace as in the physical world: The responsibility for a more secure cyberspace lies with all players of the global information society, from citizens to governments.
Developing cyber security capacity building: The EU will engage with international partners and organisations, the private sector and civil society to support global capacity building in third countries. It will include improving access to information and to an open Internet and preventing cyber threats.
- Fostering international cooperation in cyberspace issues: To preserve open, free and secure cyberspace is a global challenge, which the EU will address together with the relevant international partners and organisations, the private sector and civil society.
FAQ's on the International aspects of the Cyber Security Strategy
How can the core values be ensured in the worldwide web?
One example is human rights, which should also apply online as the European Union will promote cyberspace as an area of freedom and fundamental rights. Expanding access to the Internet should advance democratic reform worldwide. The EU believes that increased global connectivity should not be accompanied by censorship or mass surveillance.
What EU norms and laws should be used in cyberspace?
The responsibility for a more secure cyberspace lies with all players of the global information society, from people to governments. The EU supports the efforts to define norms of behaviour in cyberspace that all stakeholders should adhere to. Just as the EU expects citizens to respect civic duties, social responsibilities and laws online, so should states abide by norms and existing laws. An important pre-condition for free and open Internet that brings political and economic benefits to societies worldwide, is to maintain a multi-stakeholder governance model of the Internet.
Will there be new laws to address cyber threats?
No, the EU believes we have many international law instruments already that should be applied in cyberspace. However, some governments have proposed new treaties and conventions in cyber issues that the EU cannot support. We fear that the argument of cyber security will be used as a pretext to justify limiting the freedom of expression and access to information. For instance, the Budapest Convention includes all the important elements to assist in investigation, prosecution, and international cooperation to address cybercrime.
At present 49 countries have signed the Convention and many countries outside Europe have introduced its principles into their legislation. The EU has assisted the Council of Europe in disseminating the principles of this Convention worldwide, and we are currently financing new programs to promote the Budapest Convention and increase the rule of law in this area.
What does the EU intend to do on capacity building?
The EU will engage with international partners and organisations, the private sector and civil society to support global capacity-building in third countries. It will include improving access to information and to an open Internet and preventing cyber threats. The EU will also actively participate in developing donor coordination for helping capacity-building efforts. These actions will focus on enhancing criminal justice capabilities in training prosecutors and judges, and introducing the Budapest Convention (Cybercrime Convention) principles in recipient countries' legal framework, building law enforcement capacity to advance cybercrime investigations and assisting countries to address cyber incidents.
How does the Strategy contribute to international cooperation in cyberspace?
To preserve an open, free and secure cyberspace is a global challenge, which the EU should address together with the relevant international partners and organisations, the private sector and civil society. The EU will place a renewed emphasis on dialogue with third countries and international organisations, with a special focus on like-minded partners that share EU values. At bilateral level, cooperation with the United States is particularly important and will be further developed.
What the EU is doing on cyber defence issues?
Within the Common Security and Defence Policy, the European Defence Agency (EDA) is developing cyber defence capabilities and technologies, improving cyber defence training & exercises. Given that threats are multifaceted, synergies between civilian and military approaches in protecting critical cyber assets should be enhanced. These efforts should be supported by research and development, and closer cooperation between governments, the private sector and academia in the EU.
The EU is also promoting early involvement of industry and academia in developing solutions and in strengthening Europe's defence industrial base and associated R&D innovations in both civilian and military organisations. The EDA will promote civil-military dialogue and contribute to the coordination between all actors at EU level - with particular emphasis on the exchange of good practices, information exchange and early warning, incident response, risk assessment and establishing a cyber-security culture.
Why does the Strategy address civilian and military issues?
Given that threats are multifaceted, synergies between civilian and military approaches in protecting critical cyber assets should be enhanced. These efforts should be supported by research and development, and closer cooperation between governments, the private sector and academia in the EU. To avoid duplication, the Union will explore possibilities on how the EU and NATO can complement their efforts to heighten the resilience of critical governmental, defence and other information infrastructures on which the members of both organisations depend.
Are the EU and NATO cooperating in cyber security?
There is a regular cooperation going on between the experts. After the Strategy is adopted, we intend to intensify cooperation with NATO in cyber security. Dialogue with NATO should ensure effective defence capabilities, identify areas for cooperation and avoid duplication of efforts.
Next Steps
The Directive must pass through the Council of Ministers and the European Parliament before adoption whilst the Cyber Security Strategy will remain as it is as it is not legislation.
Links
DG Connect
http://ec.europa.eu/digital-agenda/cyber-security
EU Justice and Home Affairs
http://ec.europa.eu/justice/index_en.htm