FIC 2023 How the war in Ukraine boosted the construction of Europe’s cyberdefence

For the first time in modern history, a cyberwar preceded a so-called « traditional » war. In the night of 13-14 January 2022, a few weeks before Russian troops crossed into its territory, Ukraine suffered a wave of cyberattacks targeting its vital infrastructure and government sites. Since cyberspace knows no geographical borders, Russia used « wiper » attacks. This type of destructive malware caused collateral damage to European businesses and institutions.

Long before it sent tanks, the European Union came to Ukraine’s aid in cyberspace at the start of the conflict. Outside its borders, it deployed its Cyber Rapid Response Team (CRRT), which works under the Permanent Structured Cooperation (PESCO) that structures cooperation between Member States in security and defence.

A European « cyber shield » in 2024

« Ukraine has been a wake-up call for our cyberdefence, » Thierry Breton said in November 2022. The European Commissioner for the Internal Market pointed out Europe’s lack of sovereignty in the area. « We had to obtain resources that were not European to defend ourselves, » he said.

Five months later, Thierry Breton could see the work that had been done. Before his speech to FIC 2023, he officially launched the European « cyber shield ». This mechanism will be operational in early 2024 with an allocated budget of €1 billion to identify attacks more quickly and ahead of time. It will rely on a network of five or six security operations centres (SOCs).

Allied countries must work together

The EU’s cyberdefence efforts are not limited to the cyber shield. In recent months, Europe has taken a number of initiatives to try to catch up. France’s Presidency of the European Union in the first half of 2022 made progress in governance. One such initiative was the creation of the European Cyber Commanders Strategic Conference (CyberCo).

More recently on 10 November, the European Commission presented the EU’s cyberdefence policy and the Action Plan on Military Mobility 2.0 « to address the deteriorating security environment following Russia’s aggression against Ukraine« .

In addition to boosting its protective capabilities, the plan mentioned the necessary coordination effort between « national and EU cyber defence players, to increase information exchange and cooperation between military and civilian cybersecurity communities« . It also plans to create an emergency fund and a reserve of cyber resources to mobilise certified service providers.

A few days later, 18 Member States, including France, launched MICNET (Military Computer Emergency Response Team Operational Network). Managed by the European Defence Agency (EDA), it aims for greater cooperation between national CERTs.

« The war in Ukraine has caused a paradigm shift«

At a round table at FIC 2023, Wiktor Staniecki, Deputy Head of Division at the European External Action Service (EEAS), stressed that cooperation between Member States and an increase in bilateral relationships between cyber diplomatic services are necessary. « Our resilience requires exchanging information and sharing best practices. »

He also mentioned potential cooperation with NATO, which has its Cyber Defence Centre of Excellence based in Tallinn, Estonia. In a joint statement on 10 January 2023, the EU and NATO acknowledged the need to cooperate in « countering hybrid and cyber threats« .

Alessandro Cignoni, head of the « Information Superiority » unit at the European Defence Agency, also spoke in favour of a « unified approach in the cyber strategy ». « The war in Ukraine is a paradigm shift for us. Actions must be triggered more quickly. This requires long-term efforts, » he said.

European Affairs Director at Rasmussen Global Arthur de Liedekerke agrees. « Ukraine’s current cyber resistance hasn’t come from nowhere; it took years of preparation. EU Member States must work together to prepare themselves. »

A stricter regulatory framework

The experts at this round table also stressed the need for private sector involvement in the (cyber)war effort. The support for Ukraine from America’s big tech companies has been widely reported in the media. The Kiev administration migrated its sensitive data to AWS and Microsoft’s cloud computing servers to ensure its activities could continue should its datacentres be destroyed. However, « European cybersecurity companies have also helped Ukraine with donated software licences, » said Arthur Liedekerke.

Europe’s cyber-resilience will also require a stricter regulatory framework. Unveiled on 16 December 2022, the EU’s new cybersecurity strategy mentions two new directives, one of which (revised NIS or NIS 2) aims to protect companies’ networks and IT systems more effectively. The second directive will be dedicated to the resilience of critical entities.