FREE ELECTRONIC LIBRARY - Dissertations, online materials

Pages:   || 2 |

«Cybersecurity and cyberdefence EU Solidarity and Mutual Defence Clauses SUMMARY Faced with an increasing number of complex crises with a trans-border ...»

-- [ Page 1 ] --


June 2015

Cybersecurity and cyberdefence

EU Solidarity and Mutual Defence Clauses


Faced with an increasing number of complex crises with a trans-border dimension, the

European Union has invested significant energy and resources in strengthening its

crisis- and disaster-management capabilities. To that effect, the Treaty of Lisbon

equipped the Union with two provisions aimed at improving the EU’s response to

natural or man-made disasters (the Solidarity Clause) and military aggression against an EU Member State (the Mutual Defence Clause).

For some time, both clauses remained purely theoretical concepts, without clear rules regarding their activation or procedures once either of the two is invoked by a Member State. In 2014, after many months of discussion, the Member States agreed on arrangements for the implementation of the 'Solidarity Clause'. The 'Mutual Defence Clause' has yet to see similar progress. Whether backed by procedures or not, so far the Member States have been reluctant to make use of either of the two provisions.

Many areas of human activity are increasingly dependent on information technology.

At the same time, over the past year some major media outlets and companies – including Sony and TV5 Monde – have become victims of cyber-attacks. Consequently, policy-makers are increasingly preoccupied about the risk of cyber-attacks with disastrous consequences for critical national infrastructure. Given the interconnectedness between the Member States and their inherent limitations to tackle a complex disaster provoked by a cyber-attack alone, there is some debate about the likelihood of the Solidarity and Mutual Defence Clauses eventually being invoked. The European Parliament has addressed these issues on three different occasions but its role once any of the clauses is activated remains to be defined.

In this briefing:

 Background  Understanding the nature of a (cyber)crisis  Solidarity Clause  Mutual Defence Clause  Complementary approaches  The European Parliament  Main references  Annex EPRS | European Parliamentary Research Service Author: Patryk Pawlak Members' Research Service EN PE 559.488 Cybersecurity and cyberdefence EPRS Background Faced with complex crises, the European Union (EU) has made significant efforts to improve its response capacities, including the adoption of the EU Integrated Political Crisis Response (IPCR) arrangements and the transformation of the Monitoring and Information Centre (MIC) into the Emergency Response Coordination Centre (ERCC) in

2013.1 Solidarity and Mutual Defence Clauses were introduced in the Treaty of Lisbon – Articles 222 TFEU and 42(7) TEU respectively – to strengthen cooperation between Member States and the EU institutions in case of a crisis or armed aggression respectively.2 The Solidarity Clause goes further by creating an obligation on all Member States to act jointly and to assist one another in the event of disasters and crises which exceed their individual response capacities.3 While the Treaty provision concerning the Solidarity Clause has been supplemented with more detailed implementation guidelines – thus providing a more operational meaning to the concept – the Mutual Defence Clause remains a rhetorical concept and its implementation still needs to be defined.4 With many areas of human activity being heavily dependent on information technology on the one hand, and a growing number of security breaches on the other, there is a tangible risk of a cyber-attack resulting in a large-scale disaster. The possibility of employing the Solidarity Clause to mitigate the damage of such an attack has been mentioned in a number of cyber-related documents, even though neither the Treaty articles nor the decision on the arrangements for the implementation by the Union of the Solidarity Clause make explicit reference to cyber-attacks, but only to the more broad concept of man-made disasters. The EU Cyber Security Strategy proposed jointly by the European Commission and the High Representative in February 2013, tackles the question of EU support in case of a major cyber incident or attack. According to the Strategy, ‘a particularly serious cyber incident or attack could constitute sufficient ground for a Member State to invoke the EU Solidarity Clause’. In addition, the June 2013 Council Conclusions on the Cybersecurity Strategy of the EU, welcoming the proposed Strategy, invite Member States ‘to take into account cybersecurity issues in light of ongoing work on the solidarity clause’. Furthermore, the EU Cyber Defence Policy Framework adopted by the Council in November 2014 states clearly that ‘the objectives of cyber defence should be better integrated within the Union's crisis management mechanisms. In order to deal with the effects of a cyber-crisis, relevant provisions of the Treaty on the EU and the Treaty on the Functioning of the EU may be applicable, as appropriate’. Both the Solidarity Clause and the Mutual Defence Clause are mentioned explicitly in the footnote and could potentially be activated. It is important to note, however, that activation of the Solidarity Clause would occur to deal with the consequences of a cyber-attack and not the cyber-attack itself.

Understanding the nature of a (cyber) crisis As digital networks now constitute the backbone of our societies' functions (i.e. financial systems, energy infrastructure and communication tools), there is a risk that organised criminal groups or foreign governments will exploit their vulnerabilities. Many countries have included the protection of critical information infrastructure in their national security strategies. Therefore, strengthening the security and resilience of critical infrastructure against cyber-threat is a priority on policy agendas, including with regard to crisis management.

According to United States intelligence, only a limited number of countries have the capacity to invade and possibly disable the computer systems of power utilities,

–  –  –

cyber-crisis. In the case of a Source: Symantec.

multinational cyber-crisis, the causes or impact need to concern at least two countries. Through a combination of contact points, guidelines, workflows, templates, tools, and good practices, the EU-SOPs generate shared technical and non-technical knowledge, which then allows for a better understanding of the context and identification of effective action plans. In addition, the EU's response capacity – including at a technical, political and operational level – is regularly tested through cybersecurity exercises like 'Cyber Europe 2014', completed in early 2015.

Nevertheless, the risk of computer-based attacks on critical infrastructure – defined as 'those physical and information technology facilities, networks, services and assets which, if disrupted or destroyed, would have a serious impact on the health, safety, security or economic well-being of citizens or the effective functioning of governments in the Member States' – exists and cannot be ignored due to their potentially high impact. These could include attacks on energy infrastructure, healthcare institutions, water and food supplies, or other industries which rely on internet networks. Most of these facilities and services rely on Industrial Control Systems (ICS) which are Members' Research Service Page 3 of 10 Cybersecurity and cyberdefence EPRS responsible for monitoring and controlling industrial processes such as electricity distribution, water treatment or management of transport networks. 6 Following a decade-long transformation process, ICS systems have evolved from isolated systems to open architecture and standard technologies, which expose them to cyber-attacks like any other computer connected to the internet (see Figure 1).7 For instance, upgraded electricity networks facilitating two-way digital communication between supplier and consumer, allowing for more efficient transmission and distribution of electricity – also known as smart grids – are vulnerable to rogue codes in the software or remotely operated 'kill switches' and hidden 'backdoors' on hardware.8 Cyber-attacks such as Stuxnet in 2010, cyber-espionage campaigns like Dragonfly, and the targeted malware campaign, Sandworm, in 2014, demonstrate that attacks against ICS have matured and are becoming more frequent.9 The EU has taken a number of steps to reduce the vulnerabilities of critical infrastructure due to their networked nature. In 2009, the European Commission adopted a Communication on Critical Information Infrastructure Protection (CIIP) entitled ‘Protecting Europe from large-scale cyber-attacks and disruptions: enhancing preparedness, security and resilience’. Recognising that many critical infrastructure platforms rely on information and communication technologies, the Communication aimed at ensuring a high level of preparedness, security and resilience capability, both at national and EU level. Two years later, the Commission took stock of the implementation and concluded that purely national approaches to tackling security and resilience challenges are insufficient, and announced follow-up actions in the Communication on CIIP on 'Achievements and next steps: towards global cybersecurity'. The proposed Network and Information Security (NIS) directive, put forward by the Commission on the same day in 2013 as the EU Cybersecurity Strategy aims to further strengthen a number of elements in the EU's preparedness and response capacity, including improving cooperation between various stakeholders (public and private sector, Member States), while at the same time obliging critical sectors to adopt risk management practices and report major incidents. The proposal received its first reading in April 2014, in the outgoing Parliament. Negotiations between the EP (rapporteur Andreas Schwab, EPP; Germany) and the Council are continuing with a view to concluding an early second reading agreement.

Solidarity Clause Legal framework The EU Solidarity Clause was introduced with Article 222 of the Treaty on the

Functioning of the European Union (TFEU), which states that:

The Union and its Member States shall act jointly in a spirit of solidarity if a Member State is the object of a terrorist attack or the victim of a natural or man-made disaster. The Union shall mobilise all the instruments at its disposal, including the military resources made available by the Member States, to … assist a Member State in its territory, at the request of its political authorities, in the event of a natural or man-made disaster.

For a long time, there was no clarity on how the invocation of the Solidarity Clause would work in practice and what would be its implications. After many months of discussion in a 'Friends of the Presidency' Group, the Council adopted rules and procedures for the implementation of the Solidarity Clause in June 2014. The Council Decision (2014/415/EU) clarifies the definition of the concept of a ‘disaster’ in the Members' Research Service Page 4 of 10 Cybersecurity and cyberdefence EPRS context of Article 222. It is defined as ‘... any situation which has or may have a severe impact on people, the environment or property, including cultural heritage’. The same document defines 'crisis' as 'a disaster or terrorist attack of such a wide-ranging impact or political significance that it requires timely policy coordination and response at Union political level'. Such a broad definition implies that it would be possible to activate the Solidarity Clause in order to address the consequences of a severe cyber-attack, dealing with the consequences of which would be beyond the capacities of a Member State.

Invocation of the Solidarity Clause Based on Decision 2014/415/EU on implementation of the Solidarity Clause, the political authorities of the affected Member State may invoke the Clause if they conclude that the crisis overwhelms their response capabilities. The implied condition, however, is that the possibilities offered by existing means and tools at national and Union level have already been exploited. The invocation should be addressed to the Presidency of the Council, and to the President of the European Commission through the Emergency Response Coordination Centre (ERCC), which acts as the central roundthe-clock contact point at Union level with Member States' competent authorities and other stakeholders, 'without prejudice to existing responsibilities within the Commission and the HR and to existing information networks'.10 The Presidency informs the President of the European Council and the President of the European Parliament of the Solidarity Clause's invocation (see the annex). Subsequently, the political and strategic direction of the Union response is ensured by the Council whereby the Council Presidency activates Integrated Political Crisis Response arrangements (IPCR) and provides information to Member States.

The ERCC facilitates the production of Integrated Situational Awareness and Analysis (ISAA) reports – in collaboration with the EU Situation Room and other Union crisis centres – that should allow for a strategic overview of the situation within the Council.

The European Commission and the High Representative of the Union for Foreign Affairs

and Security Policy are tasked to:

 Identify all relevant Union instruments – including military capabilities – that can best contribute to the response to the crisis, and propose the use of resources within the remit of Union agencies;

 Advise the Council on whether existing instruments are sufficient;

 Produce regular integrated situational awareness and analysis (ISAA) reports to inform and support coordination and decision-making at political level in the Council.

Implementation of the Solidarity Clause by the EU should rely on existing instruments to the extent possible, and should increase effectiveness by enhancing coordination and avoiding duplication. The EEAS contributes to raising situational awareness by providing intelligence and military expertise, as well as through the network of EU Delegations that may also contribute in the response to threats or disasters on Member States' territory, or to crises with an external dimension. Depending on the crisis, relevant contributions may also be required from the EU agencies under the Common Foreign and Security Policy (CFSP) and Common Security and Defence Policy (CSDP) structures.

Pages:   || 2 |

Similar works:

«Great Los Angeles River CleanUp: La Gran Limpieza Participant Release Of Liability, Indemnification, & Image Release Form As a Participant I freely choose to participate in the Friends of the Los Angeles River’s (“FOLAR”) Great Los Angeles River CleanUp: La Gran Limpieza (“CleanUp”), and I understand and agree to the following: 1. That my participation in the Cleanup is strictly as a volunteer, and I am not entitled to any compensation or benefit from FOLAR and/or any of the Cleanup...»


«Picture Books Can Speak A Thousand Words for Peace Katrina A. Korb University of Jos Korb, K. A. (2011). Picture books can speak a thousand words for peace. Literacy and Reading in Nigeria, 13, 52-59. Abstract The purpose of this paper is to outline how oral stories as picture books can foster both early literacy skills and peaceful coexistence. Nigeria has a rich tradition of oral storytelling. Traditionally, the lessons conveyed by these stories were the main instructional method for the...»

«1 International Journal of Asian Language Processing 22 (1): 1-14 The expression of stance in Mandarin Chinese: A corpus-based study of stance adverbs Haiyang Ai 304 Sparks Building, University Park, PA 16802, United States Department of Applied Linguistics, The Pennsylvania State University hua126@psu.edu _ Abstract Stance-taking is considered as one of the fundamental properties of human communication (Jaffe, 2009). It is pervasive, intersubjective, and collaborative. While a good deal of...»

«RMM Vol. 4, 2013, 205–220 http://www.rmm-journal.de/ Joachim Wündisch Nozick’s Proviso: Misunderstood and Misappropriated* Abstract: After almost forty years, Robert Nozick’s seminal right-libertarian classic Anarchy, State, and Utopia continues to stand at the center of much of the discussion regarding property and its initial acquisition. Nozick’s most important contribution to that discussion is the formulation of his entitlement theory. Although the theory has received nearly...»

«YOGA AND DIGESTION/ELIMINATION by Stacy Renz The causes of digestion and elimination conditions vary according to the underlying imbalances behind them. The easiest way to categorize these conditions is in terms of Vata imbalance (treatment = reducing Vata), Pitta imbalance (treatment = reducing Pitta), Kapha imbalance (treatment = reducing Kapha) and Agni weakness (treatment = strengthening Agni). Conditions Associated with Vata Imbalance Contraindications Avoid practicing too vigorously...»

«Professionals for Visually Impaired Persons Training XL and Knowledge Sharing KnowProViP HANDBOOK Subject: Visual impairment and specificities at older age Official handbook for the KnowProViP course This project was co-financed by the “LEONARDO DA VINCI” action programme of the European Commission 2007 2009 -2– KnowProViP Handbook * Visual impairment at older age This handbook is published by the KnowProViP project consortium and is the official course-handbook Authors: CHENTOUF, R.,...»

«Queen of the Night By Adrian Tchaikovsky First off, I need to explain to you just what the Peachpit Street Merchant Company was all about. This was before the war, before the words ‘merchant company’ conjured up nothing but a pack of artisans crammed into ill-fitting armour and pretending to be soldiers. We were singers, actors and musicians. We were, for the most part, also tradesmen, shopkeepers and the like, but we were performers as well. We weren’t exactly the Grand Siennis Ballet,...»

«x Annual Report 2013 The Ubiquitous Swarm Lab at UC Berkeley i Table of Contents Introduction Overture Swarm Lab Directors and Associated Faculty Swarm Lab Students Swarm Lab Seminars Acknowledgements Recent Publications ii INTRODUCTION Ken Lutz, Executive Director The Ubiquitous Swarm Lab at UC Berkeley The Ubiquitous Swarm Lab at UC Berkeley (Swarm Lab), now in its second year of operation, is a partnership of UCB researchers, leading electronics companies, and government research agencies....»

«Teachers may use a variety of strategies for understanding and dealing with difficult behavior. Strategies for Dealing with Difficult Behavior Sally L. Kuhlenschmidt, Lois E. Layne We may imagine ourselves to be sage professors with rapt students hanging on our every word; however, the reality of classroom life may be very different. All faculty are confronted with students who engage in behaviors that are disruptive to the educational process. Students may be late for class, leave early, talk...»

«1 Grandmother Cells and Distributed Representations Simon J. Thorpe Summary It is generally accepted that a typical visual stimulus will be represented by the activity of many millions of neurons distributed across many regions of the visual cortex. However, there is still a long-running debate about the extent to which information about individual objects and events can be read out from the responses of individual neurons. Is it conceivable that neurons could respond selectively and in an...»

«Submit Form Important Notice Changes 12/2015 Please read below Please do not use the “Submit Form” button at the top of the application. If you submit the application using this button, your application will not be received. The application should be filled out and saved in a location that is easy to locate. Once a Quick Quote has been filled out and you are ready to submit for processing, you can attach the application and (2) photos to the quote. A payment can be made once the Quick Quote...»

<<  HOME   |    CONTACTS
2016 www.dissertation.xlibx.info - Dissertations, online materials

Materials of this site are available for review, all rights belong to their respective owners.
If you do not agree with the fact that your material is placed on this site, please, email us, we will within 1-2 business days delete him.