EU announces joint cyber-unit to respond to large-scale security incidents

The European Union has announced today the creation of a Joint Cyber Unit that will be tasked with coordinating a joint response to large-scale cyberattacks hitting EU member states.

The new unit will operate separately from current EU agencies. It will only intervene in the case of a widespread security incident to coordinate resources, communications, and joint response plans between existing EU bodies and state governments if the incident impacts more than one state -- and its services are called upon.

According to an infographic released by the UE today, the Joint Cyber Unit will act as a central coordination point between:

• European Union Agency for Cybersecurity (ENISA)
• Computer Emergency Response Team for the EU institutions, bodies and agencies (CERT-EU)
• Europol's European Cybercrime Centre (EC3)
• National Computer Security IncidentResponse Teams (CSIRTs)
• EU Cyber Crisis Liaison Organisation Network (CyCLONe)
• European External Action Service (EEAS)
• European Defence Agency (EDA), and others.

To get the new Joint Cyber Unit off the ground, ENISA, which is typically headquartered in Athens, Greece, will open a new office in Brussels.

Together with the local CERT-EU team, ENISA's Brussels team will work to get the new unit into an operational phase by June 30, 2022, and have it running on its own by the next year, on June 30, 2023.

The EU said the new agency's creation would be funded through the Digital Europe Programme.

"Funds will serve to build the physical and virtual platform, establish and maintain secure communication channels, as well as improve detection capabilities," the EU said.

"Additional contributions, especially to develop Member States' cyber-defence capabilities, may come from the European Defence Fund," it added.

"The Joint Cyber Unit is a very important step for Europe to protect its governments, citizens and businesses from global cyber threats," said Josep Borrell, High Representative of the Union for Foreign Affairs and Security Policy.

"When it comes to cyberattacks, we are all vulnerable and that is why cooperation at all levels is crucial. There is no big or small. We need to defend ourselves but we also need to serve as a beacon for others in promoting a global, open, stable and secure cyberspace," he added.

In a report published last week, CERT-EU said EU agencies reported 1,432 security incidents in 2020, a number that grew ten times compared to 2018 figures.