Conceptualizing Cyber-Security From EU Perspective

Introduction

In 2004, ENISA (European Network and Information Security Agency) was founded in order to facilitate ‘best’ practice among Member States with regard to cyber security policies with regard to EU’s Information Society agenda. In 2007, due to DDoS (Distributed Denial of Service) attacks on the public infrastructure of Estonia, the EU along with NATO and other related actors considered to change their approach. As a result, the EU’s policy has been developed within the light of the Europe 2020 strategy. The European Cybersecurity Strategy (2013) and its Guidelines and Principles for Internet Resilience (March 2011) focus on the significance of global partnerships to address both military and civilian aspects of cyber security challenges.

According to EU Cybersecurity strategy, the Internet must be kept protected and ‘open and free’ based on the same values and principles that the EU considers for offline space (EU Cybersecurity Strategy). EU Cybersecurity Strategy and its Directive on Network and Information Security (NIS Directive) were published on 7 February 2013, to require the reporting of significant cyber incidents across all critical infrastructure sectors (NIS Directive 2013). For the first time, the EU tried to specify priorities with regard to the protection of cyberspace via means of this strategy as previously there was no coordination with regard to the construction of an effective security ecosystem for cyberspace (Klimburg & Tirmaa-Klaar 2011).

This paper will be structured as follows: After a brief overview of the conceptual landscape of the EU’s cyber security development, the suggested tools for cyber security policy of EU will be explained. Next an overview of the EU’s way of dealing with cyber security threats will be explained. The final section will provide recommendations for EU’s cooperation with other states on cybersecurity in the future.