Activities of Indrek TARAND related to 2018/2004(INI)
Shadow reports (1)
REPORT on cyber defence PDF (408 KB) DOC (77 KB)
Amendments (27)
Amendment 14 #
Motion for a resolution
Recital A
Recital A
A. whereas the term cyber defence has not yet been defined at EU level and its implications in terms of policies, its offensive, or defensive nature, its budgets, institutions and personnel remain unclear; whereas resilience against cyber attacks of Europe’s armed forces has become one of the critical issues in debates about defence modernisation and Europe’s common defence efforts;
Amendment 20 #
Motion for a resolution
Recital A a (new)
Recital A a (new)
Aa. whereas intelligence agencies have repeatedly exploited security vulnerabilities of IT systems in order to gather intelligence; whereas governments and their agencies have failed to inform citizens, manufacturers and other stakeholders in due time in order to allow them to address the vulnerabilities in their corresponding products and services; whereas this modus operandi relies on the risky assumption that no hostile actor discovers these vulnerabilities in parallel;
Amendment 24 #
Motion for a resolution
Recital A b (new)
Recital A b (new)
Ab. whereas there is neither a fully- fledged defensive nor an offensive cyber defence policy which is currently operational at the EU level; whereas an offensive cyber defence policy can include elements, approaches and instruments whose use can amount to being considered a breach of international law; whereas the EU is best placed to develop a defensive cyber defence which primarily relies on highly resilient systems and strong restrictive economic counter measures such as sanctions against persons or states;
Amendment 25 #
Motion for a resolution
Recital A c (new)
Recital A c (new)
Ac. whereas a large number of cyber incidents occur due to lack of resilience and robustness of private and public network infrastructure, poorly protected or secured databases and other flaws in the critical information infrastructure; whereas only few Member States consider the protection of their network and information systems and associated data as part of their respective duty of care which explains the lack of investment in state-of-the art security technology, training and the development of appropriate guidelines;
Amendment 26 #
Motion for a resolution
Recital A d (new)
Recital A d (new)
Ad. whereas the rights to privacy and data protection are laid down in the EU Charter and Article 16 TFEU and are regulated by the EU's General Data Protection Regulation whose entry into application will be May 2018;
Amendment 29 #
Motion for a resolution
Recital B
Recital B
B. whereas several Member States have invested substantially in setting up well-staffed cyber commands to meet these new challenges; whereas cyber defencecommands of Member States vary as regards their offensive or defensive mandate; whereas in particular strengthening resilience against cyber attacks is an activity that can best be tackled cooperatively as its operational domain recognises neither national nor organisational boundaries;
Amendment 42 #
Motion for a resolution
Recital C
Recital C
C. whereas while cyber defence remains a core competence of the Member States, the EU has a vital role to play in ensuring that these new endeavour as all military activities according to the Treaty, the EU has a vital role to play in ensuring that in particular defence against cyber attacks on armed forces are closely coordinated from the start to avoid the inefficiencies that mark many traditional defence efforts; whereas a substantial cyber defence capabilityclose coordination on protecting armed forces against cyber attacks is a necessary part of the development of the European Defence Union; an effective CSDP;
Amendment 57 #
Motion for a resolution
Recital F
Recital F
F. whereas Member States participating in PESCO have committed themselves to ensuring that cooperation efforts on cyber defence – such as iwill continue to grow; whereas 2 of the 17 PESCO projects are on cyber defence with a Cyber Threats and Incident Response Information sSharing, training and operational support – will continue to grow Platform and a Cyber Rapid Response Teams and Mutual Assistance in Cyber Security project, which both focus on information sharing, risk mitigation, higher levels of cyber resilience and collective response to incidents;
Amendment 64 #
Motion for a resolution
Recital G
Recital G
G. whereas training needs in the area of cyber defence are substantial and increasing, and are most efficiently met cooperatively at the European or Transatlantic level;
Amendment 82 #
Motion for a resolution
Recital L
Recital L
L. whereas cyber defence is an important consideration at all stages of the planning process, and whereas an adequate capabilitieslevel of resilience needs to be available to mainstream it fully into CSDP mission and operations planning and provide critical support;
Amendment 88 #
Motion for a resolution
Recital O
Recital O
O. whereas different state actors – Russia, China and North Korea, among otherbut also security agencies, and private companies some of which are based on the territory of allies – have been involved in malicious cyber activities in pursuit of political, mass surveillance of EU citizens, economic or security objectives that include attacks on critical infrastructure, cyber-espionage, disinformation campaigns and limiting access to the internet (such as Wannacry, NonPetya)and the functioning of IT systems; whereas such activities could constitute wrongful acts under international law, violations of international human rights law, EU fundamental rights and could lead to a joint EU response, such as using the EU cyber diplomacy toolbox or in case of private companies restricted access to the internal market including fines;
Amendment 115 #
Motion for a resolution
Paragraph 1
Paragraph 1
1. CommendNotes the work done by the EDA and the Commission in the field of cyber defence; notes in particular the EDA projects on cyber ranges, the Cyber Defence Strategic Research Agenda and the development of deployable cyber situation awareness packages for headquarters;
Amendment 118 #
Motion for a resolution
Paragraph 1 a (new)
Paragraph 1 a (new)
1a. Believes that there is an urgent need to clarify terminology with regards to cyber defence and cyber security and in particular at the EU level; underlines the need for a common terminology standard also on what a cyber attacks should legitimately be considered to be, before developing further cyber security and cyber defence policies at EU level;
Amendment 119 #
Motion for a resolution
Paragraph 1 b (new)
Paragraph 1 b (new)
1b. Calls on the Member States and the Commission to address the issue of intentionally delayed disclosures of security vulnerabilities in a systematic and stricter manner; recalls that the nature of digital technology leaves little room for compromises and that that either all users are well-protected or they are all vulnerable; believes that the highest priority for Member States should be the duty to care about the best possible protection of their citizens, infrastructure and economic operators also in the digital age and that they are obliged to invest in highly resilient digital infrastructure and related systems;
Amendment 120 #
Motion for a resolution
Paragraph 1 c (new)
Paragraph 1 c (new)
1c. Calls on the Member States and the Commission to focus on a defensive aspect of cyber defence at EU level also in order to strengthen the international rule of law and the protection of data of citizens, infrastructure and economic operators alike; underlines that the EU's cyber defence policy must rely on the one hand on preventive elements such as investments in resilience; believes on the other hand that citizens, governments, infrastructure, and economic operators are best protected in the EU in case a comprehensive toolbox is available for responding to cyber-attacks by hostile states and criminals; stresses that it is of crucial importance to communicate clearly and publicly about all the instruments in the EU's toolbox ranging from far reaching economic sanctions to law enforcement measures;
Amendment 122 #
Motion for a resolution
Paragraph 2
Paragraph 2
2. Welcomes the two cyber projects to be launched in the framework of PESCO, namely an information-sharing platform for cyber incidents and a rapid response team for cyber incidents; underlines that these two projects focus on a defensive cyber policy which aims at sharing of cyber threat intelligence through a networked Member State platform and Cyber Rapid Response Teams (CRRTs) which will allow Member States to help each other to ensure higher level of cyber resilience and to collectively detect, recognise and mitigate cyber threats;
Amendment 130 #
Motion for a resolution
Paragraph 3
Paragraph 3
3. Recognises that many Member States consider possession of their own cyber defence capabilities to be at the core of their national security strategy and to constitute an essential part of their national sovereignty; stresses, however, that – as with other military branches, and also owing to the borderless nature of cyberspace – the scale required for truly comprehensive and effective forces is beyre is the need to cooperate also ond the reach of any single Member StateEuropean level;
Amendment 143 #
Motion for a resolution
Paragraph 4
Paragraph 4
4. Strongly emphasises, therefore, that, in the framework of the emerging European Defence Union, cyber defence capabilitiesNotes initiatives such as the emerging European Defence Union and emphases that more concrete work still needs to be done in order to adequately strengthen cyber defence of Member States which should be closely integrcoordinated from the start to ensure maximum efficiency; urges, therefore, the Member States to cooperate closely in the development of their respective cyber commandscyber defence;
Amendment 156 #
Motion for a resolution
Paragraph 5
Paragraph 5
5. Urges the Member States, in this context, to make the best possible use of the framework provided by PESCO and othe EDFr common initiatives to propose cooperation projects;
Amendment 183 #
Motion for a resolution
Paragraph 10
Paragraph 10
10. Strongly supports the Military Erasmus initiativecommon training and exchange initiatives between Member States aimed at enhancing the interoperability of the armed forces of the Member States through an increased exchange of young officers; stresses that there is a need for more experts in the cyber defence domain; calls on the military academies to pay more attention to, and create more possibilities in, the field of cyber defence education;
Amendment 225 #
Motion for a resolution
Paragraph 16
Paragraph 16
16. Is convinced that increased cooperation between EU and NATO is vital in the area of cyber defence; calls, therefore, on both organisations to increase their operational cooperation and coordination, and to expand their joint capacity-building efforts, in particular joint training for civilian and military cyber defence staff;
Amendment 275 #
Motion for a resolution
Paragraph 25
Paragraph 25
25. Calls on the strengthening of the EU’s cyber diplomacy capacity and instruments across the board, so that they can effectively reinforce the EU’s norms and values, as well as help the parties concerned to reach consensus on rules, norms and enforcement measures in cyberspace globally; reminds that it is of utmost importance to establish and enforce international norms and values such as the UN Charter also in cyberspace;
Amendment 282 #
Motion for a resolution
Paragraph 26
Paragraph 26
26. Calls on all stakeholders to reinforcethe Member States and the Commission to ensure a clear framework for cooperation of all relevant stakeholders; believes that also knowledge transfer partnerships, implement appropriate business models and develop trust between companies and defence and civilian end-usersthe further development of trust between different stakeholders need to be considered, as well as tohe improvement of the transfer of academic knowledge into practical solutions, in order to create synergies an; believes that there is no need pfort solutions between the civilian and military markets – in essence a single market for direct subsidies at EU level to companies in the cybersecurity market;
Amendment 288 #
Motion for a resolution
Paragraph 27
Paragraph 27
27. Recalls the importance of R&D, in particular in the light of the high-level security requirements in the defence market; urges the EU and the Member States to give more practical support to the EU cyber-security industryrelevant economic actors, in particular SMEs and start-ups (key sources of innovative solutions in the area of cyber defence), and to promote closer cooperation with university research organisations and large players with a view, to reducinge dependencies on cyber security products form external sources and to creating a strategic supply chain inside the EU; notes, in this context, the valuable contribution that can be made by the future EDF and other instruments undurges the Council to adopt a general approach on the Recast of the Dual-Use Regulation without further delay in order to allow an already much delayed start of inter- institutional negotiations on stricter rules for the export of cyber surveillance and security technology to third countries; underlines that unregulated exports from EU Member States of such cyber technology to third countries potentially endangers the MFFUnion's security;
Amendment 297 #
Motion for a resolution
Paragraph 28
Paragraph 28
28. Notes that the protection of civilian critical infrastructure assets, in particular information systems and associated data, is becoming a vital defence task thatwhich should formbe part of the remit of national cyber commandsgovernment's respective duty of care; stresses that this will require a level of trust, and the closest possible cooperation, between military actors and the affected industries, and urges all stakeholders to take this into account in their planning processeall stakeholders;
Amendment 305 #
Motion for a resolution
Paragraph 28 a (new)
Paragraph 28 a (new)
28a. Calls on all Member States to focus national cyber security strategies on the protection of information systems and associated data and to consider the protection of this critical infrastructure as part of their respective duty of care; urges the Member States to adopt and implement strategies, guidelines and instruments that provide reasonable levels of protection against reasonably identifiable levels of threats, with costs and burdens of the protection proportionate to the probable damage to the parties concerned; calls on Member States to take appropriate steps to oblige legal persons under their jurisdictions to protect personal data under their care;
Amendment 311 #
Motion for a resolution
Paragraph 30
Paragraph 30
30. Calls for cyber security capacity building through development cooperation, taking into account that in the coming years millions of new internet users will go online, most of them in developing countries; calls on Member States and the Commission to focus in particular on relevant European companies and their obligations to protect data of third country citizens well and including the provision of resilient information and data infrastructure especially since the primary consideration for hardware purchases in developing countries is often the affordability of the hardware, not its security profile;