THE DEVELOPMENT OF EU CYBERSECURITY POLICY: FROM A COORDINATING ACTOR TO A CYBER POWER?

Abstract

The aim of the article is to elaborate on the institutional and normative evolution of the European Union (EU) cybersecurity policy. The article primarily argues that the EU’s approach to cyberspace has recently focused on economic and security concerns. Secondly, the article contends that the actorness of the EU in the cyberspace has been evolved from a coordinating role to a more powerful one. The article is structured as follows: In the first part of the article, the literature on the EU’s actorness in cyberspace is reviewed. In the second part, the institutional and normative development of EU cybersecurity policy is evaluated. Three strategy papers published by the European Commission in 2013, 2017, and 2020 are elaborated, respectively.

Keywords

• Cyber-power
• Cybersecurity
• Cyberspace
• European Union
• Digital Technologies

Avrupa Siber Güvenlik Politikasının Gelişimi: Eşgüdümcü Rol’den Siber Güce?

Öz

Makalenin amacı, Avrupa Birliği (AB) siber güvenlik politikasının kurumsal ve normatif evrimini derinlemesine incelemektir. Makale, AB’nin siber uzaya yaklaşımının ekonomik ve güvenlik ile ilgili kaygılara odaklandığını ileri sürmektedir. İkinci olarak, AB’nin siber uzaydaki aktörlüğünün eşgüdümcü bir rolden siber güce doğru evrildiği makalede iddia edilmektedir. Makalenin içeriği şu şekildedir: İlk kısımda AB’nin siber uzaydaki aktörlüğü üzerine yapılmış olan araştırmalar üzerine bir değerlendirme yapılmaktadır. İkinci kısımda AB siber güvenlik politikasının kurumsal ve normatif gelişimi ele alınmaktadır. Makalenin geri kalanında Avrupa Komisyonu tarafından sırasıyla 2013, 2017 ve 2020’de yayımlanan üç siber güvenlik strateji belgesi ayrıntılı olarak incelenmektedir.

Anahtar Kelimeler

• Siber Güç
• Siber Güvenlik
• Siber Uzay
• Avrupa Birliği
• Dijital Teknolojiler

References

1. Backman, Sarah. “Risk vs. threat-based cybersecurity: the case of the EU.” European Security, Online first publication. Accessed date: December 16, 2022, doi: 10.1080/09662839.2022.2069464.
2. Barrinha, André and George Christou. “Speaking sovereignty: the EU in the cyber domain.” European Security, 31 no 3 (2022): 356-376. Accessed date: December 16, 2022, doi:10.1080/09662839.2022.2102895.
3. Bossong, Raphael. “The European Programme for the protection of critical infrastructures – meta-governing a new security problem?”. European Security, 23 no 2 (2014):210‒226. Accessed date: December 16, 2022, doi: 10.1080/09662839.2013.856307.
4. Brandão, Ana P. and Isabel Camisão. “Playing the Market Card: The Commission’s Strategy to Shape EU Cybersecurity Policy.” Journal of Common Market Studies, 60 no 5 (2022): 1335–1355. Accessed date: December 16, 2022, https://doi.org/10.1111/jcms.13158.
5. Buono, Laviero. “Gearing up the Fight against Cybercrime in the European Union: A New Set of Rules and the Establishment of the European Cybercrime Centre (Ec3).” New Journal of European Criminal Law, 3 no (3–4), 2012: 332–343. Accessed date: December 16, 2022,https://doi.org/10.1177/203228441200300307
6. Carrapico, Helena and André Barrinha. “European Union cyber security as an emerging research and policy field.” European Politics and Society, 19 no 3 (2018): 299–303. Accessed date: December 16, 2022, doi:10.1080/23745118.2018.1430712.
7. Carrapico, Helena and André Barrinha. “The EU as a Coherent (Cyber)Security Actor?”. Journal of Common Market Studies, 55 no 6 (2017): 1254–1272. Accessed date: December 16, 20022, doi: 10.1111/jcms.12575.
8. Csernatoni, Raluca. The EU’s rise as a defense technological power: from strategic autonomy to technological sovereignty, Carnegie Europe, 2021. Accessed date: December 16, 2022, https://carnegieeurope.eu/2021/08/12/eu-s-rise-as-defense technological-power-from-strategic-autonomy-to-technological-sovereignty/$

9. Commission of the European Communities. Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions Globalisation and the Information Society: The Need for Strengthened Coordination, COM(1998) 50 final. Brussels, February 04, 1998. Accessed date: April 25, 2022, https://eur lex.europa.eu/legal content/EN/TXT/PDF/?uri=CELEX:51998DC0050&from=EN. 492
10. Commission of the European Communities. Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions Network and Information Security: Proposal for A European Policy Approach, COM(2001) 298 final. Brussels, June 6, 2001. Accessed date: April 25, 2022, https://eur lex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2001:0298:FIN:EN:PDF.
11. Commission of the European Communities. Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions A strategy for a Secure Information Society – “Dialogue, partnership and empowerment, COM(2006) 251 final. Brussels, May 31, 2006. Accessed date: April 25, 2022, https://eur lex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2006:0251:FIN:EN:PDF.
12. Commission of the European Communities. Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions on Critical Information Infrastructure Protection, COM(2009) 149 final. Brussels, March 30, 2009. Accessed date: April 25, 2022, https://eur-lex.europa.eu/LexUriServ/ LexUriServ.do?uri=COM:2009:0149:FIN:EN:PDF
13. Council of the European Union. Shared Vision, Common Action: A Stronger Europe. A Global Strategy for the European Union’s Foreign and Security Policy, June, 2016. Accessed date: April 25, 2022, http://eeas.europa.eu/archives/docs/top_stories/pdf/eugs_review_web.pdf. Council of the European Union. EU Cyber Defence Policy Framework, 15585/14. Brussels, November 18, 2014. Accessed date: April 25, 2022, https://ccdcoe.org/uploads/2018/11/EU-141118-
14. EUCyberDefencePolicyFrame-2.pdf. Christou, George. “The challenges of cybercrime governance in the European Union.” European Politics and Society, 19 no 3 (2018): 355–375. Accessed date: December 16, 2022, doi: 10.1080/23745118.2018.1430722.
15. Christou, George. Cybersecurity in the European Union: Resilience and Adaptability in Governance Policy. Basingstoke: Palgrave Macmillan, 2016.
16. “Cyber Ranges: EDA’s First Ever Cyber Defence Pooling & Sharing Project Launched By 11 Member States”. European Defence Agency, May 12, 2017. Accessed date: April 25, 2022, https://eda.europa.eu/news-and events/news/2017/05/12/cyber-ranges-eda-s-first-ever-cyber-defence-pooling sharing-project-launched-by-11-member-states
17. Dunn Cavelty, Myriam. “Europe’s cyber-power.” European Politics and Society, 19 no 3 (2018): 304–320. Accessed date: December 16, 2022, doi: 10.1080/23745118.2018.1430718.
18. European Commission. Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions A Digital Agenda for Europe, COM(2010) 245 final. Brussels, May 19, 2010. Accessed date: April 25, 2022, https://eur lex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2010:0245:FIN:EN:PDF.
19. European Commission. Communication from the Commission to the European Parliament, the Council, The EU Internal Security Strategy in Action: Five steps towards a more secure Europe, COM(2010) 673 final. Brussels, November 22, 2010. Accessed date: April 25, https://eur-lex.europa.eu/legal content/EN/TXT/PDF/?uri=CELEX:52010DC0673&from=EN.
20. European Commission and High Representative. Joint Communication to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions Cybersecurity Strategy of the European Union: An Open, Safe and Secure Cyberspace, JOIN(2013) 1 final. Brussels, December 7, 2013. Accessed date: April 25, 2022, https://eur lex.europa.eu/legal content/EN/TXT/PDF/?uri=CELEX:52013JC0001&from=EN.
21. European Commission and High Representative. Joint Communication to the European Parliament, the Council Resilience, Deterrence and Defence: Building strong cybersecurity for the EU, JOIN(2017) 450 final. Brussels, September 13, 2017. Accessed date: April 25, 2022, https://eur lex.europa.eu/legal content/EN/TXT/PDF/?uri=CELEX:52017JC0450&from=en
22. European Commission and High Representative. Joint Communication to The European Parliament and The Council The EU’s Cybersecurity Strategy for the Digital Decade, JOIN(2020) 18 final. Brussels, December16, 2020. Accessed date: April 25, 2022, https://eur-lex.europa.eu/legal content/EN/TXT/PDF/?uri=CELEX:52020JC0018&from=EN.
23. European Union Agency for Network and Information Security. Definitions of Cybersecurity: Gaps and Overlaps in Standardisation, v1.0. Brussels, 2015. Accessed date: April 25, 2022, https://www.enisa.europa.eu/publications/definition-of cybersecurity/view/++widget++form.widgets.fullReport/@@download/Cybers ecurity_Definition_Gaps_v1_0.pdf.
24. Fahey, Elaine. “EU’s Cybercrime and Cyber Security Rule-Making: Mapping the Internal and External Dimensions of EU Security’. European Journal of Risk 494 KADRİ KAAN RENDA Regulation, 5 no 1 (2014): 46–60. Accessed date: December 16 2022, http://www.jstor.org/stable/24323486.
25. Juncker, Jean Claude. State of the Union Address 2017. Transcript of Speech delivered at the European Parliament, Brussels, September 13, 2017. Accessed date: April 25, 2022, https://ec.europa.eu/commission/presscorner/detail/en/SPEECH_17_3165
26. “Key Objectives”. The European Cybercrime Centre, March 01, 2022, https://www.europol.europa.eu/about-europol/european-cybercrime-centre-ec3.
27. Köksoy, Fulya. “Avrupa Birliği’nin Siber Güvenlik Politikası: Kurumsalcılık mı Tutarlılık mı?”. Güvenlik Stratejileri Dergisi, 16 (2020): 635–674. Accessed date: December 1, 2022, doi: 10.17752/guvenlikstrtj.807014.
28. Official Journal of the European Union. Regulation (EU) 2019/881 of The European Parliament And of The Council on ENISA (the European Union Agency for Cybersecurity) of 17 April 2019 and on information and communications technology cybersecurity certification and repealing Regulation (EU) No 526/2013 (Cybersecurity Act).
29. Brussels, June 7, 2019. Accessed date: April 25, 2022, https://eur-lex.europa.eu/legal content/EN/TXT/PDF/?uri=CELEX:32019R0881&from=EN.
30. Pâris, Constant. Guardian of the Galaxy? Assessing the European Union’s International Actorness in Cyberspace. College of Europe, 2021. Accessed date: December 16, 2022, Accessed date: https://www.coleurope.eu/ sites/default/files/research-paper/edp_1_2021_paris_0.pdf
31. “PESCO Projects: Cyber Rapid Response Teams and Mutual Assistance in Cybersecurity (CRRT)”. Permanent Structured Cooperation. Accessed date: April 25, 2022, https://www.pesco.europa.eu/project/cyber-rapid-response teams-and-mutual-assistance-in-cyber-security/
32. “PESCO Projects: Cyber Threats and Incident Response Information Sharing Platform (CTIRISP)”. Permanent Structured Cooperation. Accessed date: April 25, 2022, https://www.pesco.europa.eu/project/cyber-threats-and-incident response-information-sharing-platform/
33. “PESCO Projects: Cyber and Information Domain Coordination Center (CIDCC)”. Permanent Structured Cooperation. Accessed date: April 25, 2022, https://www.pesco.europa.eu/project/cyber-and-information-domain coordination-center-cidcc/
34. Pursiainen, Christer. “The Challenges for European Critical Infrastructure Protection”. European Integration, 31 no 6 (2009): 721‒739. Accessed date: December 16, 2022, doi: 10.1080/07036330903199846.
35. Sieber, Ulrich. Legal Aspects of Computer-related Crime in the Information Society (COMCRIME Study) prepared for the European Commission. Würzburg, January 1, 1998.
36. Sliwinski, Krzysztof F. “Moving beyond the European Union’s Weakness as a Cyber-Security Agent.” Contemporary Security Policy, 35 no 3 (2014): 468– 486. Accessed date: December 16, 2022, doi: 10.1080/13523260.2014.959261.
37. Tocci, Nathalie. “Resilience and the role of the European Union in the world,” Contemporary Security Policy, 41 no 2 (2020): 176-194. Accessed date: December 16, 2022, doi: 10.1080/13523260.2019.1640342.
38. Wagner, Wolfgang and Rosanne Anholt. “Resilience as the EU Global Strategy’s new leitmotif: pragmatic, problematic or promising?”. Contemporary Security Policy, 37 no 3 (2016): 414‒430. Accessed date: December 16, 2022, doi: 10.1080/13523260.2016.1228034
39. Youngs, Richard. The EU’s strategic autonomy trap, Carnegie Europe, 2021. Accessed date: December 16, 2022, https://carnegieeurope.eu/publications/ 83955.