In her keynote speech delivered at the EDA's Annual Conference 2017, Kersti Kaljulaid, the President of Estonia, urged EU Member States to step up cybersecurity awareness building, including in the military domain, “by learning from each other and sharing best practices”.
The Estonian EU Presidency led by example last September when, in cooperation with the European Defence Agency, it organised ‘EU CYBRID 2017’, a strategic table-top cyber defence exercise which for the first time ever involved EU defence ministers, the European External Action Service (EEAS), the European Commission, cyber-related EU agencies as well as NATO’s Secretary General.
“Among many other valuable lessons, EU CYBRID 2017 showed that although political decision makers would in case of a cyberattack be the first to react and make decisions, their understanding, knowledge and awareness of the nature of cyber incidents still leaves much to be desired”, the President said. “This shows that exercises like EU CYBRID 2017 have to be conducted regularly both on the Member State and EU level”, Mrs Kaljulaid added.
Since the cyber domain evolves constantly, joint cyber exercises need to involve the higher political (ministerial) level because some aspects of cyber defence are “politically sensitive”, such as the attribution of attacks. “A technical point at first glance, but a political decision at the end of the day” which also impacts the choice between offensive and defensive responses. While there is no doubt that these questions are for Member States to decide, “they need not only to be discussed but also exercised at strategic level”, she said.
“EDA has to continue with its successful projects”
The Estonian President welcomed last Monday’s EU Council conclusions on cyber which, along with the European Commission’s cyber package, should give “new impetus to cyber security issues for the years to come”.
In this context the EDA, too, has an important role to play: “I do believe strongly that in this situation the European Defence Agency should continue with the successful projects it has conducted so far and which complement the projects of the Commission without unnecessary duplication. For example, I believe that EDA should concentrate its efforts on education, training and strategic level exercises, because those are the fields – whether we like it or not – where the Member States have probably the biggest shortfalls and at the same time willingness to do more cooperation at the European level”.
"We must also think about how the EDA’s cyber activities would contribute to the European Defence Industrial Development Programme and the Permanent Structured Cooperation, and vice versa”, Mrs Kaljulaid added.