Since the start of 2020, there has been explosive growth in the number of sophisticated cyberattacks directed at public- and private-sector entities around the world. Some of these attacks have been broadscale, such as the SolarWinds attack that successfully compromised approximately 100 companies (including leading high-tech companies such as Microsoft, Intel and Cisco and approximately a dozen U.S. government agencies (including the Departments of Defense, Energy, Justice, and the Treasury). Others have been narrowly targeted, such as ransomware attacks directed at critical infrastructure companies including Colonial Pipeline and meat producer JBS.
Moreover, these cyberattacks are rapidly increasing the costs that governments and businesses must bear. One recent report estimates that global cybercrime costs will increase by 15 percent per year over the next five years, reaching $10.5 trillion annually by 2025.
Although many of the widely reported cyberattacks focused on American targets, Europe is no less vulnerable to such attacks. According to the European Union Agency for Cybersecurity (ENISA), in 2020 there were 304 significant malicious attacks against critical sectors in 2020 — more than twice as many as recorded in 2019 (146), and a 47 percent increase in cyberattacks on hospitals and health care networks.
The European Union (EU) has taken a variety of measures to provide closer coordination on cybercrime issues, such as Europol’s European Cybercrime Centre and the Joint Cybercrime Action Task Force. But the speed and severity of recent cyberattacks, particularly when conducted by state actors confident of their impunity, make clear that closer coordination and information-sharing among EU Member States is essential to cope with such attacks.
In response to these developments, on June 23 the European Commission (EC) announced that it was proposing the creation of a new Joint Cyber Unit “to tackle the rising number of serious cyber incidents impacting public services, as well as the life of businesses and citizens across the European Union.” First proposed by EC President Ursula von der Leyen in her Political Guidelines for 2019-2024, the Cyber Unit would constitute “a virtual and physical platform of cooperation” that would bring together cybersecurity communities (including civilian, law enforcement, diplomatic, and cyberdefense communities, as well as private sector partners) to “build progressively a European platform for solidarity and assistance to counter large-scale cyberattacks.”
The EC announcement stated that the Joint Cyber Unit would allow participants, who would be expected to contribute operational resources to the Unit, to share best-practice and real-time threat information:
It will also work at an operational and at a technical level to deliver the EU Cybersecurity Incident and Crisis Response Plan, based on national plans; establish and mobilise EU Cybersecurity Rapid Reaction Teams; facilitate the adoption of protocols for mutual assistance among participants; establish national and cross-border monitoring and detection capabilities, including Security Operation Centres (SOCs); and more.”
The EC also outlined “a gradual and transparent process” for building the new Unit, with the aim of moving the Unit to the operational phase by June 30, 2022 and full establishment by June 30, 2023. ENISA is to serve as secretariat for the preparatory phase of the Unit, which reportedly will operate close to the Brussels offices of ENISA and the office of CERT-EU, the Computer Emergency Response Team for the EU institutions, bodies, and agencies.
Nation-state adversaries and cybercrime organizations are certain to maintain, if not to increase, the number and sophistication of their cyberattacks against European agencies and companies of all sizes. For that reason, key European information-technology and industrial firms should actively support the Joint Cyber Unit and be prepared to provide the necessary operational resources to stand it up as early as possible. As one EC official put it, the EU must prepare against “the nightmare scenario” that the Colonial Pipeline attack presented. The faster that cyberattackers can infiltrate and compromise critical infrastructure, the faster that coordinated public-private responses to such attacks need to become.