The Cyber Security Strategy is due to be published in the coming weeks, but leaked draft copies have been circulating in Brussels, prompting Sophie in’t Veld, a Dutch member of the European Parliament, to comment that, based on what she has read of it, “there doesn’t seem to be any real strategy.”
“It looks like almost every Directorate General [department] in the Commission wanted to write its own bit of the strategy. It bothers me that all these different policy areas are being lumped together in one document. It covers so much, from Internet fraud and illegal downloading, to child pornography and international security,” she said.
She also took exception to calls for a new category of crime, as stated in this section of the draft text: “Cyber security incidents could disrupt the supply of essential services we take for granted such as water, sanitation, electricity and mobile networks. Threats emanate from many different areas including criminal, politically motivated or terrorist attacks. The increase of economic espionage and state-sponsored activities in cyberspace poses a new category of threat to E.U. governments and companies.”
In’t Veld disagrees, saying that “fraud, theft, child porn, and so on, all happen in the offline world, too, so there is no need for a new category of crime.”
The Commission says its “vision” is to make “the E.U.’s online environment the safest in the world.” But with plans ranging from adding cyber-defence policy to the framework of the Common Security and Defence Policy, explaining values, strengthening the digital single market to defining norms of responsible behaviour and launching a project to fight botnets, in’t Veld said, “this is not a cyber-strategy, but a cyber-hotchpotch.”
“There is a big difference between secure payment systems, making systems secure and a single security military defence. The lines are being blurred and I think we are on a slippery slope here. We need to safeguard the fundamental rights we expect in a democracy and not cede disproportionate powers to law enforcement,” in’t Veld said.
The Commission draft text says that “synergies between civilian and military approaches in protecting critical cyber assets should be enhanced” and adds that the Budapest convention on cybercrime should serve as a model for future plans.
The strategy also proposes to introduce legislation to establish common minimum requirements for Network and Information Security (NIS) at the national level with an E.U. Directive to be proposed in coming years.
The Commission also wants more European companies involved in developing cyber security solutions and seeks to create favourable market conditions for this. “There is a risk that Europe could become over-dependent on security solutions developed beyond its frontiers,” says the draft text.