A free and open Internet is
at the heart of the new Cyber Security Strategy by the High
Representative Catherine Ashton and the European Commission. The new
Communication is the first comprehensive policy document that the
European Union has produced in this area. It comprises internal market,
justice and home affairs and the foreign policy aspects of cyberspace
issues.
The
Strategy is accompanied by a legislative proposal (a Directive) from the
European Commission to strengthen the security of information systems
in the EU. This would encourage economic growth as people's confidence
in buying goods online and using the Internet would be strengthened.
The Strategy is offering clear priorities for the EU international cyberspace policy:
-
Freedom and openness: The Strategy outlines the vision and principles on applying the EU core values and fundamental rights in cyberspace. Human Rights should also apply online and we will promote cyberspace as an area of freedom and fundamental rights. Expanding access to the Internet should promote democratic reform worldwide. The EU believes that increased global connectivity should not be accompanied by censorship or mass surveillance.
-
The laws, norms and EU core values apply as much in the cyberspace as in the physical world: The responsibility for a more secure cyberspace lies with all players of the global information society, from citizens to governments.
Developing cyber security capacity building: The EU will engage with international partners and organisations, the private sector and civil society to support global capacity building in third countries. It will include improving access to information and to an open Internet and preventing cyber threats. -
Fostering international cooperation in cyberspace issues: To preserve open, free and secure cyberspace is a global challenge, which the EU will address together with the relevant international partners and organisations, the private sector and civil society.
FAQ's on the International aspects of the Cyber Security Strategy
How can the core values be ensured in the worldwide web?
One
example is human rights, which should also apply online as the European
Union will promote cyberspace as an area of freedom and fundamental
rights. Expanding access to the Internet should advance democratic
reform worldwide. The EU believes that increased global connectivity
should not be accompanied by censorship or mass surveillance.
What EU norms and laws should be used in cyberspace?
The
responsibility for a more secure cyberspace lies with all players of the
global information society, from people to governments. The EU supports
the efforts to define norms of behaviour in cyberspace that all
stakeholders should adhere to. Just as the EU expects citizens to
respect civic duties, social responsibilities and laws online, so should
states abide by norms and existing laws. An important pre-condition for
free and open Internet that brings political and economic benefits to
societies worldwide, is to maintain a multi-stakeholder governance model
of the Internet.
Will there be new laws to address cyber threats?
No, the
EU believes we have many international law instruments already that
should be applied in cyberspace. However, some governments have proposed
new treaties and conventions in cyber issues that the EU cannot
support. We fear that the argument of cyber security will be used as a
pretext to justify limiting the freedom of expression and access to
information. For instance, the Budapest Convention includes all the
important elements to assist in investigation, prosecution, and
international cooperation to address cybercrime.
At
present 49 countries have signed the Convention and many countries
outside Europe have introduced its principles into their legislation.
The EU has assisted the Council of Europe in disseminating the
principles of this Convention worldwide, and we are currently financing
new programs to promote the Budapest Convention and increase the rule of
law in this area.
What does the EU intend to do on capacity building?
The EU
will engage with international partners and organisations, the private
sector and civil society to support global capacity-building in third
countries. It will include improving access to information and to an
open Internet and preventing cyber threats. The EU will also actively
participate in developing donor coordination for helping
capacity-building efforts. These actions will focus on enhancing
criminal justice capabilities in training prosecutors and judges, and
introducing the Budapest Convention (Cybercrime Convention) principles
in recipient countries’ legal framework, building law enforcement
capacity to advance cybercrime investigations and assisting countries to
address cyber incidents.
How does the Strategy contribute to international cooperation in cyberspace?
To
preserve an open, free and secure cyberspace is a global challenge,
which the EU should address together with the relevant international
partners and organisations, the private sector and civil society. The EU
will place a renewed emphasis on dialogue with third countries and
international organisations, with a special focus on like-minded
partners that share EU values. At bilateral level, cooperation with the
United States is particularly important and will be further developed.
What the EU is doing on cyber defence issues?
Within
the Common Security and Defence Policy, the European Defence Agency
(EDA) is developing cyber defence capabilities and technologies,
improving cyber defence training & exercises. Given that threats are
multifaceted, synergies between civilian and military approaches in
protecting critical cyber assets should be enhanced. These efforts
should be supported by research and development, and closer cooperation
between governments, the private sector and academia in the EU.
The EU
is also promoting early involvement of industry and academia in
developing solutions and in strengthening Europe’s defence industrial
base and associated R&D innovations in both civilian and military
organisations. The EDA will promote civil-military dialogue and
contribute to the coordination between all actors at EU level – with
particular emphasis on the exchange of good practices, information
exchange and early warning, incident response, risk assessment and
establishing a cyber-security culture.
Why does the Strategy address civilian and military issues?
Given
that threats are multifaceted, synergies between civilian and military
approaches in protecting critical cyber assets should be enhanced. These
efforts should be supported by research and development, and closer
cooperation between governments, the private sector and academia in the
EU. To avoid duplication, the Union will explore possibilities on how
the EU and NATO can complement their efforts to heighten the resilience
of critical governmental, defence and other information infrastructures
on which the members of both organisations depend.
Are the EU and NATO cooperating in cyber security?
There is
a regular cooperation going on between the experts. After the Strategy
is adopted, we intend to intensify cooperation with NATO in cyber
security. Dialogue with NATO should ensure effective defence
capabilities, identify areas for cooperation and avoid duplication of
efforts.
Next Steps
The
Directive must pass through the Council of Ministers and the European
Parliament before adoption whilst the Cyber Security Strategy will
remain as it is as it is not legislation.