If a major cyber incident strikes as soon as in the coming years, it would be responded to by an international cyber response force. A Declaration of Intent signed on development of the Lithuanian-initiated EU Cyber Rapid Response Force teams at a session of the EU Foreign Affairs Council in Luxembourg today has laid a foundation for that.
“EU countries have not had the opportunity to address cyber incidents together so far, and in the meanwhile, the attacks are not limited by country borders. Lithuania has taken up the role of leadership in proposing first a practical solution in strengthening collective defence in cyber space and countering threats in a new dimension,” Minister of National Defence Raimundas Karoblis says.
According to Minister, the Declaration of Intent was the first and vital step in the effort towards a closer cooperation of member states in the implementation of the project: the document served as a basis for the legal act that would follow and consolidate the commitment.
Lithuania started an initiative to create a EU Cyber Rapid Response Teams that would be formed by specialists from cyber incident investigation and other security institutions of the participating countries and rotate on a bi-annual basis.
“In reality it would look like this: each participant would need to have a standing cyber security unit which could join the neutralisation and investigation in virtual or even in physical reality in the event of a significant cyber incident,” Minister R. Karoblis says.
The first of the EU Cyber Rapid Response Teams is planned to take part in the cyber security exercise in Lithuania this autumn.
The Declaration of Intent was signed by Lithuania, Estonia, Croatia, the Netherlands, Romania and Spain, while four more countries will sign by the end of the year.
According to the data of the National Cyber Security Centre under the Ministry of National Defence, the number of cyber incidents is growing annually by one tenth, while cyber investigations reveal their growing sophistication. Both, Lithuania and other parties of the EU cyber response force projects are concerned about the incidents found in critical infrastructures, such as energy, law enforcement, and foreign affairs. Such incidents need to be responded to particularly quickly and a new type of preparedness and instruments are required.
As the project is developed, during the first phase the participating countries are assessing technical and legal aspects for operation of such EU cyber teams, analyse the possibilities to finance the project from the EU budget. Next step – joint continual exercises and prospects for the creation of mutual cyber defence tools.
The EU cyber defence cooperation project is led by Lithuania. Seven EU countries – Croatia, Estonia, France, Finland, the Netherlands, Romania, and Spain, are participants of the project, and four more countries – Belgium, Germany, Greece, and Slovenia, are observers. The number of EU members willing to join has been increasing rapidly since the launch – the most recent country to join was Estonia, and Poland plans to do so in the nearest while.
The initiative on cyber rrapid esponse force and mutual assistance in cyber security launched by Lithuania is one of the 17 project approved by EU member states in late 2017 under the Permanent Structured Cooperation (PESCO). “This is the most advanced PESCO project since its launching point and its participants are showing the real solidarity in collective defence,” Deputy Secretary General of the EU External Action Service Pedro Serrano said welcoming the signature.
The Permanent Structured Cooperation (PESCO) is an instrument laid out in the Treaty of Lisbon in the Treaty of Lisbon, for deepening the cooperation in security and defence area for those EU member states that have military capabilities meeting higher criteria and are bound by greater commitments.