[To Eurosmart members only]

Joint Cyber Unit: EU Member States adopt a cautious approach

Today [19 October], the Council adopted conclusions on the “potential Joint Cyber Unit”. Overall, Member States support the idea of further developing the EU cybersecurity crisis management framework. However, they do not want to prejudge the outcome of the gap analysis.

Please find below the link to the conclusions and a summary of the text.  

Background

In June 2021, the European Commission presented recommendations to build a Joint Cyber Unit to tackle the rising number of serious cyber incidents. The Joint Cyber Unit would coordinate existing operational participants (ENISA, Europol, CERT-EU, the Commission, the CSIRTs Network, EU CyCLONe etc.). The Joint Cyber Unit would be able to swiftly mobilise operational resources for mutual assistance among Member States – subject to the request from one or more Member States.

Conclusions

Member States underline that it is necessary to consolidate existing networks and map possible information sharing gaps. Subsequently, this could lead to the set up of priorities for a potential Joint Cyber Unit.

Member States underline the progress achieved in recent years, including the setting up of the NIS Cooperation Group and the CSIRTs Network, and the Cyber Crises Liaison Organisation Network (CyCLONe). There is also EU-INTCEN, which a central hub for Member States to provide information on a voluntary basis.

Member States also recall the existing framework for cooperation among EU institutions: the structured cooperation between ENISA and CERT-EU, the Memorandum of Understanding between ENISA, the European Defence Agency, Europol and CERT-EU.

The Council fully supports enhancing cooperation and information-sharing among the various cyber-communities at all necessary levels (technical, operational, and strategic/political). It is necessary to link existing crisis management mechanisms, where this can support and improve the handling cyber crises. The private sector should also be involved, where appropriate, for the provision of relevant expertise and trusted solutions/services.

Member States further stress the importance of secure communication channels for the exchange of classified and sensitive information.

Member States describe the Joint Cyber Unit as “an initiative to be considered in further developing the EU cybersecurity crisis management framework”. If this potential Joint Cyber Unit is set up, Member States do not want a mandatory participation or mandatory contribution, it should be voluntary.

If you have any questions, please do not hesitate to contact Camille Dornier - Policy Manager: camille.dornier@eurosmart.com