On 10 November, the European Commission and the High Representative put forward a Joint Communication on an EU Cyber Defence policy to address the deteriorating security environment following Russia’s aggression against Ukraine and to boost the EU’s capacity to protect its citizens and infrastructure.

The cyber domain is increasingly contested and the number of cyber-attacks against the EU and its Member States continues to grow. The Russian attack on the KA-SAT satellite network which disrupted communication across several public authorities as well as the Ukrainian armed forces is an example of how much civilian and defence players rely on the same critical infrastructure. This reinforces the need to secure such critical infrastructure.  

To protect its armed forces, and citizens, as well as the EU’s civilian and military crisis management missions and operations, the EU needs to boost cooperation and investments in cyber defence to enhance its ability to prevent, detect, deter, recover, and defend against cyber-attacks.  

The need for a review of the EU’s cyber defence policy framework was noted in the 2020 EU Cybersecurity Strategy. Furthermore, President von der Leyen called for the development of a European Cyber Defence Policy in her 2021 State of the Union address. The Strategic Compass for Security and Defence approved by the Council in March this year called for an EU Cyber Defence Policy by 2022. In May, in the Council conclusions on the development of the European Union’s cyber posture, Member States invited the High Representative together with the Commission to table an ambitious proposal for an EU Cyber Defence Policy in 2022. 

The EU Policy on Cyber Defence is built around four pillars that cover a wide range of initiatives that will help the EU and Member States:

• • Act together for a stronger EU cyber defence: The EU will reinforce its coordination mechanisms among national and EU cyber defence players, to increase information exchange and cooperation between military and civilian cybersecurity communities, and further support military CSDP missions and operations.  

• • Secure the EU defence ecosystem: Even non-critical software components can be used to carry out cyber-attacks on companies or governments, including in the defence sector. This calls for further work on cybersecurity standardisation and certification to secure both military and civilian domains.  

• • Invest in cyber defence capabilities: Member States need to significantly increase investments in modern military cyber defence capabilities in a collaborative manner, using the cooperation platforms and funding mechanisms available at the EU level, such as PESCO, the European Defence Fund, as well as Horizon Europe and the Digital Europe Programme.

• Partner to address common challenges: Building on existing security and defence as well as cyber dialogues with partner countries, the EU will seek to set up tailored partnerships in the area of cyber defence.  

For More Information 

• • Joint Communication on the EU Policy on Cyber Defence

• • Question and Answers on the EU Policy on Cyber Defence

• • Factsheet on the EU Policy on Cyber Defence

• • Factsheet on the new EU Cybersecurity Strategy 

• • Council conclusions on the development of the European Union’s cyber posture 

• • Joint Communication on defence investment gaps 

• • Proposal for a Cyber Resilience Act 

• • Factsheet on Cybersecurity: EU External Action 

• • Cyber defence activities of the European Defence Agency  

• • European Security Union 

• • More on Cybersecurity 

• • More on the NIS Directive