As momentum for action builds, EU’s role remains unclear
By Brian Beary in Washington | Thursday 03 May 2012
“The EU does not have any competence on national security - and it shouldn’t have,” Home Affairs Commissioner Cecilia Malmström told a conference on cyber security in Washington DC, on 2 May. But, underscoring how the division of labour in this field is still being carved out, Malmström added that “while NATO is doing a lot of work,” the EU could contribute to that by building up knowledge and networks. She announced that she, Digital Agenda Commissioner Neelie Kroes and High Representative Catherine Ashton were formulating an EU strategy that they would unveil by the end of 2012, which should address the key emerging questions, notably the role government should play in cyber security.
Two MEPs attending the Centre for Strategic and International Studies seminar told
Europolitics that they would like the EU to take on a broader role than that outlined by Commissioner Malmström in her presentation, which focused mostly on cyber crimes, such as misuse of domain names, child abuse networks and credit card fraud. Ivailo Kalfin (S&D, Bulgaria) said he had called for the EU to have its own cyber security coordinator but that the European Commission and many MEPs were opposing this. Monika Hohlmeier (EPP, Germany), Parliament’s rapporteur on cyber crime, said she supported Malmström’s proposal of 28 March 2012 to create a European cyber crime centre based at Europol’s headquarters in The Hague. Indeed, Hohlmeier said that Parliament was likely to push for the centre to be given greater resources than the annual budget of €3.6 million and staff of 50 experts that the Commission has proposed. The centre is scheduled to become operational in January 2013.
German Interior Minister Hans-Peter Friedrich said, in a keynote address, that the EU should “have a network of single points of contact in every member state” to enable daily communication on cyber threats. “Europol could be one contact point in this process” because “it is a very important player,” he said. The EU, in addition, “could prepare our discussions at the G8 or United Nations”. Several speakers noted that Russia and China were behind an initiative within the UN to regulate not merely cyber security but also content on the internet and they urged the EU and US to come together in opposing this. From the Estonian Defence Ministry, Undersecretary Jonatan Vseviov said that “NATO has done a lot” on cyber security, having already developed a cyber defence policy and established a cyber defence centre based in Estonia. Vseviov admitted that EU-NATO cooperation on cyber security would probably create difficulties in the future, as would divergent concepts about privacy.
DATA PRIVACY DIFFERENCES
The EU’s closest collaborator on cyber security, the US, still has not decided what the government’s role should be in this domain, Jane Holl Lute, deputy secretary at the Department of Homeland Security (DHS), told the conference. However, she said that “the status quo is not acceptable” and that the US government’s ultimate position would likely be “in the middle” of the two extreme positions, namely that government has no role at all, and that the cyber world is a warzone. Highlighting the growing transatlantic cooperation on cyber security, Holl Lute admitted “we have different views” on information-sharing and privacy and that this would likely be the subject of future debate. At the US State Department, Thomas Dukes, senior cyber policy advisor, noted that “apart from data privacy, we are almost in complete lockstep on cyber security” with the EU. Dukes said there had been an “exponential growth in interest in talking about cyber security” both in the EU, the US and at the OSCE, Council of Europe and Organisation of American States. Dukes welcomed the growing number of countries which have chosen to accede to the 2001 Council of Europe Convention on Cybercrime (the Budapest Convention). The US ratified the Budapest Convention in 2007, he noted. The EU and US “can raise the baseline” internationally so that “there are no safe havens” on the internet for “bad actors,” he said.