EU To Launch Rapid Response Cybersecurity Team

The European Commission is set to unveil its plan for a "Joint Cyber Unit" on Wednesday / Kenzo Tribouillard/AFP. The European Uni...

The European Commission is set to unveil its plan for a "Joint Cyber Unit" on Wednesday / Kenzo Tribouillard/AFP.

The European Union wants to launch a new cyber unit to respond to cyberattacks, according to a draft of the plan seen by Science Techniz. 

The European Commission will present its plan on Wednesday to set up what it calls the "Joint Cyber Unit," which would allow national capitals hit by cyberattacks to ask for help from other countries and the EU, including through rapid response teams that can swoop in and fight off hackers in real-time, according to the draft. 

A spate of cyberattacks have wreaked havoc on the Continent, leading to concerns that Europe cannot defend itself or its trade secrets against adversaries. The EU's plan aims to help countries fight back against increasingly sophisticated and brash attacks by pooling national governments' cybersecurity powers.

The plan would also set up a platform for cybercrime police, cyber agencies, diplomats, military services and cybersecurity firms to coordinate responses and share resources. And it would prepare 

regular threat reports, prepare and test crisis response plans and set up information-sharing agreements between authorities and private cybersecurity firms.

The Commission first promised to set up a Joint Cyber Unit in 2019 to stop the cyberattacks that have compromised EU institutions, agencies, national ministries and departments, and leading European companies and organizations. But the plan took many months to finalize because the EU doesn't have competence over national security, and EU countries have been hesitant to give away control over it.

A volley of cyberattacks since have hit national and EU institutions, and could force governments to band together. The European Medicines Agency was breached; cyber espionage campaigns targeted several government officials including Belgium's interior minister and dozens of Polish politicians; and hospitals in Ireland and France have sustained ransomware attacks. The Commission's plan — officially a "recommendation" to national governments — would put the European Union Agency for Cybersecurity (ENISA) in charge of running the unit, likely from new offices in Brussels.

The unit would also coordinate existing work between cyber agencies and authorities across the bloc. A group of EU countries have already created joint cyber response teams under the EU's defense cooperation scheme. Cybersecurity agencies have worked together on policies to protect elections and 5G infrastructure, and cybercrime police from across the Continent cooperate on investigations at the European Cybercrime Centre.

 Still, most EU countries face cyberattacks on their own, and their capabilities to handle such threats vary widely. The Commission hopes the unit is fully operational by the end of 2022, and that Europe's cybersecurity industry is involved in the operations by the first half of 2023, according to the plan. Along with the Joint Cyber Unit recommendation, the Commission will also publish a progress report on its cybersecurity strategy, which it published in December.

It will also announce its risk analysis of the security of "Open RAN" 5G networks — meant as an alternative to end-to-end 5G kit suppliers like Huawei and Ericsson — that include U.S., Japanese and other new telecoms suppliers.