Citation[]
European Union, Policy Department External Policies, Cyber Security and Politically, Socially and Religiously Motivated Cyber Attacks (EP/EXPO/B/AFET/FWC/2006-10/Lot4/15) (Feb. 2009) (full-text).
Overview[]
This paper examines Cyber-Security and Politically, Socially and Religiously Motivated Cyber-Attacks, focusing on the European Union as an international organisation with a fragmented yet developing interest in cybersecurity. The paper is presented in three parts.
- Part 1 assesses the source and nature of cyber threats. Society's increasing dependence on Information and Communications Technology (ICT) infrastructure creates vulnerabilities and corresponding opportunities to be exploited by the unscrupulous, ranging from low-level, individual computer hacking to serious and organized crime, ideological and political extremism, and state-sponsored cyber attacks such as those perpetrated against Estonia in 2007. ICT also has an important enabling function in each of these cases. The Internet seems to fit the requirements of ideological and political extremists particularly well, and governments can only expect the "ungoverned space" of the global ICT infrastructure to be ever more closely contested.
- Part 2 reviews current multilateral initiatives to address cybersecurity, focusing on the work of the United Nations, the Organization for Economic Co-operation and Development, the Organization for Security and Co-operation in Europe, the Council of Europe, the North Atlantic Treaty Organization, and the Group of Eight. In each case, the organization in question has recognized the breadth and complexity of the cybersecurity challenge and that its response to the cybersecurity challenge can be but one part of the whole.
- Part 3 examines the European Union's responses to the cybersecurity challenge. The EU is very closely engaged in cybersecurity but cannot be said to have a comprehensive approach to the problem: the EU's responses are diverse, lack coherence and could at times conflict. The picture emerges of a vast and ambitious undertaking in government and administration, touching upon most conceivable aspects of societal, commercial and private life, yet which appears unable to organise a comprehensive approach to cybersecurity challenges which, if taken together, could be said to threaten the EU comprehensively. A more coherent approach could be achieved in one of two ways:
- — either by uniting the EU's cybersecurity efforts around one central strategy (and perhaps even within a new institutional framework); or by seeking a more efficient co-ordination of effort, while maintaining institutional and role specialisations. The latter approach is preferable; a co-ordinated approach reflects more closely the politics and structures of the EU and would be more responsive to the complex and evolving challenge of cybersecurity. This approach — described as Comprehensiveness in Diversity
- — would require a more prominent role for the Common Foreign and Security Policy, the establishment within the Council Secretariat of a Cyber-Security Co-ordinator, and the preparation of an EU-wide Common Operating Vision for cybersecurity.