Opinion & Analysis

The cybridisation of EU defence, by D. Fiott

While the issue of cybersecurity is pervasive, cyber defence is not.

Not only are documents such as the EU  Global  Strategy  replete  with  references  to  the  challenges emanating from cyber, but EU member states  and  institutions  are  taking  important  steps  (such as greater investment in cyber capabilities and the establishment of dedicated national authorities) to ensure Europe’s cybersecurity. Yet less attention has  been  paid  to  the  specific  defence  dimensions  of  the  EU’s  cybersecurity  efforts.  Although  this  is  perhaps  to  be  expected,  cyber  defence  cannot  be  overlooked, not least because it has treaty implications  related  to  EU  solidarity  (Article  222  TFEU)  and  mutual  defence  (Article  42.7  TEU)  in  case  of  an attack aimed at EU member states.

Cyber  defence  is  an  important  part  of  protecting  European  forces  during  EU-led  operations  under  the Common Security and Defence Policy (CSDP). Cyber-attacks  against  militaries  during  operations  may  compromise  command,  control,  communications  and  computer  (C4)  channels  (i.e.  hacking  of  space  infrastructure),  disclose  or  mimic  troop  movements and tactical intentions (i.e. create at-sea collisions), sabotage and/or take control of capabilities and logistics (i.e. drones and power outages), etc. These threats are particularly important in an era of ‘network centric warfare’, where emphasis is placed on connecting military units during operations with sophisticated C4 technologies.

Given that cyber is referred to as the ‘fifth domain’ of  warfare  alongside  air,  sea,  land  and  space,  it  is  worth  analysing  how  the  EU  is  integrating  cyber  into its broader operational and doctrinal approach to crisis management. This is a particularly salient question given the recent table-top exercise on cyber defence, the revision of the EU Cyber Security Strategy  and  the  2018  Capability  Development  Plan (CDP). Yet, more than just simply looking at the  operational  and  doctrinal  aspects  of  EU  cyber  defence strategies, it is also an opportune moment to  reflect  on  the  technological  and  industrial  aspects of cyber defence; especially in the context of the ongoing development of the European Defence Fund (EDIF).

Daniel Fiott is the Security and Defence Editor at the EUISS.