EU International Cyber Policy: promoting a free and secure global cybespace

Since the adoption of the EU Cybersecurity Strategy in 2013, EU has invested heavily in cyber stability and resilience internally and globally. Many new EU policy initiatives have advanced cyber security of companies and public organisations within the EU. The European Cybercrime Center was established to facilitate cooperation in fighting cybercrime, and new European legislation will take effect in 2016 to improve cyber security of critical infrastructures. Internationally, the EU is promoting a free and open cyberspace, where  norms and existing international law should apply. In recent years, the EU has launched many cyber capacity building programmes to address cybercrime and cyber threats globally.

Written by: Ms. Heli Tiirmaa-Klaar is Head of Cyber Policy Coordination at the European External Action Service (EEAS) of the European Union

EU commitment to cyber capacity building

Cyberspace is growing exponentially. Fast growth and technological development will shape this new global policy area for decades to come. The number of Netizens will double in next 5 years, reaching 5 billion soon. A vast majority of these new Internet users will come from Asia, Africa and Latin America as European countries, the US and Japan are nearing their maximum saturation point in Internet connectivity. In the background of these dynamics, there is a lack ca 1 million cyber security experts globally, claim industry reports. That is why in parallel to internal cyber resilience, the EU invests in international cyber cooperation and has included cyber policy issues into the European Common Foreign and Security Policy agenda. Part of this approach is the EU’s membership of the Global Forum of Cyber Expertise and our commitment to global cyber capacity building.

EU achievements in international cyber cooperation include the launch of cyber dialogues with many EU key strategic partners – the US, Japan, South Korea, India and China. A new dialogue will start soon with Brazil. In addition to dialogues with the strategic partners, EU is also holding regular cyber consultations with other international organisations.

Cyber capacity building in developing and transition countries is high on the EU agenda. An increasing share of the EU development assistance funds will address cybercrime and cyber threats globally. Since 2013, the EU has launched several global projects to advance cyber security and to fight cybercrime.

Launch of the EU Cybersecurity Strategy in 2013 by EU Commissioners Neelie Kroes (Digital Agenda), Catherine Ashton (Foreign Affairs and Security Policy) and Cecilia Malmstrom (Home Affairs)

Cyber diplomacy

In January 2015, the EU Member States adopted the Council Conclusions on Cyber Diplomacy. This document established major policy guidelines for developing EU international cyber efforts. As a cornerstone of cyber diplomacy, the EU will continue to promote the understanding that there is a need to apply laws and norms in cyberspace. EU has been supporting the international discussions on developing norms of responsible state behaviour. Agreed international rules will help to enhance transparency and predictability of state behaviour in cyberspace. Several reports of the UN Group of Governmental Experts in cyber security have agreed on norms such as refraining from attacks against critical civilian infrastructure, cooperating during cyber incidents and not engaging in malicious cyber activities against CERTs.

One of the major achievements in international cyber policy has been the development of cyber security confidence building measures, where the EU has played an important coordinating role in OSCE discussions.  Two sets of OSCE cyber confidence building measures will address how to increase transparency and cooperation between states. There is a key role for regional organisations in this field as they provide a forum for neighbours to talk, and, ideally, to resolve their grievances. Such mechanisms can help resolve any incipient disputes, reducing the danger of escalating tensions over hostile cyber action. EU also supports cyber confidence building process between the ASEAN Regional Forum members.

EU High Representative for Foreign Affairs and Security Policy, Frederica Mogherini and Dutch Foreign Minister, Bert Koenders, during the Global Conference on CyberSpace 2015 in The Hague

Internet should remain free, open and secure

As an important element for cyber diplomacy, the EU is of the opinion that the Internet should remain a free and open platform accessible to all. Internet is governed by the model where the private sector, civil society and the governments all are engaged and feed in with their expertise. EU High Representative for Foreign Affairs and Security Policy, Ms Frederica Mogherini emphasised this EU commitment to a free, open and secure internet during the Global Conference on CyberSpace in 2015: “We are working to provide a better life for future generations, where the safe and peaceful use of technology facilitates the free flow of information and ideas”.

States are also bound by international legal obligations related to Human Rights. State behaviour should follow the long established principles of existing international human rights law, such as the legal obligations enshrined in the International Covenant on Civil and Political Rights, and other human rights laws. To protect freedom of expression online, the EU Foreign Affairs Council adopted EU Human Rights Guidelines “on freedom of expression online and offline” in 2014.

EU will continue its efforts to improve security and freedom in cyberspace.