While the issue of cybersecurity is pervasive, cyber defence is not.
Not only are documents such as the EU Global Strategy replete with references to the challenges emanating from cyber, but EU member states and institutions are taking important steps (such as greater investment in cyber capabilities and the establishment of dedicated national authorities) to ensure Europe’s cybersecurity. Yet less attention has been paid to the specific defence dimensions of the EU’s cybersecurity efforts. Although this is perhaps to be expected, cyber defence cannot be overlooked, not least because it has treaty implications related to EU solidarity (Article 222 TFEU) and mutual defence (Article 42.7 TEU) in case of an attack aimed at EU member states.
Cyber defence is an important part of protecting European forces during EU-led operations under the Common Security and Defence Policy (CSDP). Cyber-attacks against militaries during operations may compromise command, control, communications and computer (C4) channels (i.e. hacking of space infrastructure), disclose or mimic troop movements and tactical intentions (i.e. create at-sea collisions), sabotage and/or take control of capabilities and logistics (i.e. drones and power outages), etc. These threats are particularly important in an era of ‘network centric warfare’, where emphasis is placed on connecting military units during operations with sophisticated C4 technologies.
Given that cyber is referred to as the ‘fifth domain’ of warfare alongside air, sea, land and space, it is worth analysing how the EU is integrating cyber into its broader operational and doctrinal approach to crisis management. This is a particularly salient question given the recent table-top exercise on cyber defence, the revision of the EU Cyber Security Strategy and the 2018 Capability Development Plan (CDP). Yet, more than just simply looking at the operational and doctrinal aspects of EU cyber defence strategies, it is also an opportune moment to reflect on the technological and industrial aspects of cyber defence; especially in the context of the ongoing development of the European Defence Fund (EDIF).
Daniel Fiott is the Security and Defence Editor at the EUISS.