MAIN APPROACHES AND DIRECTIONS OF DEVELOPMENT OF EUROPEAN UNION CYBER SECURITY POLICY
DOI:
https://doi.org/10.28925/2663-4023.2024.24.133149Keywords:
cyber security, cyber security policy of the European Union, EU cyber security legislationAbstract
The implementation of digital technologies into all spheres of society's life, along with many advantages, has caused the emergence of new security challenges, the response to which requires flexible, innovative and complex approaches, a quick and coordinated reaction, and the consolidation of efforts of many stakeholders. In recent years, significant results in the development and realization of cybersecurity policy have been achieved by the European Union, which, thanks to the combination of institutional capabilities at the community level, efforts of member states, cooperation with business and international partners, is already implementing a number of coordinated initiatives in the field of cybersecurity. The experience of the EU in solving the problems of safe digital development can be a benchmark for other states, including Ukraine.
The article examines the development of the main approaches and directions of the EU cyber security policy from the end of the 90s of the 20th century to the present day. It has been established that since the beginning of the 2000s, the European Commission outlined a common approach to the EU cyber security policy, which provided for the further implementation of measures related to: justification of the policy and improvement of the legal framework; creation of a European warning and information system; supporting and investing in cyber security technological solutions; increasing digital awareness; introduction of market oriented standardization and certification; ensuring the security of EU institutions and member states; international cooperation in the field of cyber security. The listed directions generally remained relevant during the further development and improvement of EU policy of cyber security.
The study showed that the next stages of the evolution of the EU cyber security policy were related with the adoption of three cyber security strategies of 2013, 2017 and 2020, which reflected the development trends of the digital environment and the need to respond to new cyber security challenges. The analysis of these strategies indicated that the EU cyber security policy was and continues to be aimed at solving three key goals: achieving cyber resilience of the European Community, the state, and organizations in the face of constant cyber threats; ensuring effective cyber resilience; promoting a safe and open global cyberspace.
In order to fulfill the declared goals of the cyber security policy during 2022-2023, the European Commission proposed a number of important initiatives, in particular, to increase the level of cyber security in the EU states; establish common cyber security standards for EU institutions; implement cybersecurity requirements for products with digital elements; strengthen the EU's capabilities to identify, prepare for and respond to cyber security threats and incidents.
It was established that during the development and implementation of the cyber security policy, the EU faced a number of problems and challenges, including an insufficient level of coordination, support and resource provision; lagging behind the regulatory and legal framework of cyber security from the development of the field; difficulties of cross-border and international cooperation; the need for a proactive approach and policy adaptation to the dynamic cyber environment; necessity to maintain a balance between openness and security, etc.
It has been proven that the cyber security policy of the European Union, which is developing progressively and dynamically, involves the implementation of new approaches and solutions in response to the challenges of the digital environment, is a benchmark for other states, in particular Ukraine.
Downloads
References
Boiko, V., Vasylenko, М., & Kuharenko, S. (2019). Cyber security in the EU and its member states: genesis and problems of its improvement. Information security of a person, society, state, 3(27), 57–69.
Grubinko, A. (2021). Peculiarities of the formation of the cyber security policy of the European Union: legal aspects. Actual problems of jurisprudence, 1(25), 5–10.
Kuznetsov, O. (2021). European experience of strengthening capabilities in the field of ensuring cyber security in modern conditions. Information and law, 1(36), 106–113. https://doi.org/10.37750/2616-6798.2021.1(36).238189
Fedonyuk, S. (2021). EU policy in the aspect of the main global concepts of information (cyber) security Section II. Public communications and language universals, 3(11), 144–168. https://doi.org/10.29038/2524-2679-2021-03-144-168
Caspar, A., & Antonov, A. (2019). Towards Conceptualizing EU Cybersecurity Law. ZEI Discussion Paper.
Fuster, G. G., & Jasmontaite, L. (2020). Cybersecurity Regulation in the European Union: The Digital, the Critical and Fundamental Rights. The Ethics of Cybersecurity, 21, 97–115. https://doi.org/10.1007/978-3-030-29053-5_5
García Segura, L.A. (2020). European Cybersecurity: Future Challenges from a Human Rights Perspective. Security and Defence in Europe, 35–46. https://doi.org/10.1007/978-3-030-12293-5_3
Papakonstantinou, V. (2022). Cybersecurity as praxis and as a state: The EU law path towards acknowledgement of a new right to cybersecurity? Computer Law & Security Review, 44. https://doi.org/10.1016/j.clsr.2022.105653
EUR-Lex - 52001DC0298 - EN - EUR-Lex. (n.d.). EUR-Lex — Access to European Union law — choose your language. https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex:52001DC0298
EUR-Lex - 32002G0216(02) - EN - EUR-Lex. (n.d.). EUR-Lex — Access to European Union law — choose your language. https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32002G0216(02)
EUR-Lex - 32004R0460 - EN. (n.d.). EUR-Lex — Access to European Union law — choose your language. https://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32004R0460:EN:HTML
EUR-Lex - 52006DC0251 - EN - EUR-Lex. (n.d.). EUR-Lex — Access to European Union law — choose your language. https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=CELEX:52006DC0251
EUR-Lex - 52009DC0149 - EN - EUR-Lex. (n.d.). EUR-Lex — Access to European Union law — choose your language. https://eur-lex.europa.eu/legal-content/GA/TXT/?uri=CELEX:52009DC0149
EUR-Lex - 52013JC0001 - EN - EUR-Lex. (n.d.). EUR-Lex — Access to European Union law — choose your language. https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex:52013JC0001
European Cybercrime Centre - EC3 | Europol. (n.d.). Europol. https://www.europol.europa.eu/about-europol/european-cybercrime-centre-ec3
Directive - 2013/40 - EN - EUR-Lex. (n.d.). EUR-Lex — Access to European Union law — choose your language. https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32013L0040&qid=1709725 652664
Directive - 2016/1148 - EN - EUR-Lex. (n.d.). EUR-Lex — Access to European Union law — choose your language. https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32016L1148&qid=1709740 990646
EUR-Lex - 52017JC0450 - EN - EUR-Lex. (n.d.). EUR-Lex — Access to European Union law — choose your language. https://eur-lex.europa.eu/legal-content/en/ALL/?uri=CELEX:52017JC0450
The EU Cyber Diplomacy Toolbox. (n.d.). The EU Cyber Diplomacy Toolbox. https://www.cyber-diplomacy-toolbox.com/
Regulation - 2019/881 - EN - EUR-Lex. (n.d.). EUR-Lex — Access to European Union law — choose your language. https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32019R0881&qid=1701413 940571
EUR-Lex - 52020JC0018 - EN - EUR-Lex. (n.d.). EUR-Lex — Access to European Union law — choose your language. https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=CELEX:52020JC0018
Directive - 2022/2555 - EN - EUR-Lex. (n.d.). EUR-Lex — Access to European Union law — choose your language. https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32022L2555&qid=1708526 033822
Regulation - EU - 2023/2841 - EN - EUR-Lex. (n.d.). EUR-Lex — Access to European Union law — choose your language. https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32023R2841&qid=17 08541342208
EUR-Lex - 52022PC0454 - EN - EUR-Lex. (n.d.). EUR-Lex — Access to European Union law — choose your language. https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex:52022PC0454
Allan, K. (2023). A mixed response on EU’s new vulnerability disclosure rules. Home of Cybersecurity News | Cyber Magazine. https://cybermagazine.com/articles/a-mixed-response-on-eus-new-vulnerability-disclosure-rules
Fox, B. (2023). The Cyber Resilience Act Threatens the Future of Open Source. Devops. https://devops.com/the-cyber-resilience-act-threatens-the-future-of-open-source/
The European Cyber Resilience Act (CRA). (2022). https://www.european-cyber-resilience-act.com/
EUR-Lex - 52023PC0209 - EN - EUR-Lex. (n.d.). EUR-Lex — Access to European Union law — choose your language. https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:52023PC0209
European Commission. (2022). Cybersecurity: EU launches first phase of deployment of the European infrastructure of cross-border security operations centres [Press release]. https://digital-strategy.ec.europa.eu/en/news/cybersecurity-eu-launches-first-phase-deployment-european-infrastructure-cross-border-security
European Commission. (2024). Commission welcomes political agreement on Cyber Solidarity Act [Press release]. https://ec.europa.eu/commission/presscorner/detail/en/ip_24_1332
Chiara, P. G. (2023). Towards a right to cybersecurity in EU law? The challenges ahead. Computer Law & Security Review, 53. https://doi.org/10.1016/j.clsr.2024.105961
Published
How to Cite
Issue
Section
License
Copyright (c) 2024 Тетяна Мужанова, Світлана Легомінова, Юрій Щавінський, Юрій Якименко, Галина Нестеренко
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
