What Is the Future of European Cyber Security? Three Principles of European Cooperation and the Hybrid Joint Strategy of Cyber Defence

Abstract

The author argues that EU member states should pursue a joint strategy of cyber security and cyber defence. This claim does not immediately imply support for current EU legislation, in particular for enforcing the NIS Directive or the operation of ENISA in its currently planned capacity. Instead, three principles of European cooperation are discussed and followed by a proposal to centre the joint strategic effort around promoting and explicating the practical and procedural consequences of these principles. A bottom-up approach to joining and uniformization of European cyber defence is presented, aligned with the notion of Europeanization in security policy in the sense of E. Gross and R. Ladrech. This approach requires that European cyber security agencies, including ENISA, focus their efforts on addressing the trust defi cit among the member states through facilitating the environment for safe information exchange, instead of communicating with the member states through the medium of regulations and prescribing security standards. More generally, the author postulates that the European authorities embrace the inherent political character of international trust-building and aspire to the role of mediator, as opposed to presenting themselves as apolitical agents focused on the purely technical aspects of European cyber security.