Europe's member states have various levels of preparedness against cyber attacks, warns the director of the EU agency dealing with cooperation in defence issues.
Peter Round is Director of Capabilities at the European Defence Agency. He spoke to EurActiv’s Jeremy Fleming.
How do you assess the preparedness of the EU for cyber?
I think there will always be a prioritisation game going on. Every activity needs more resources. But looking across the whole spectrum of capability cyber is getting more resources, and it is well up the EU agenda. It is getting a great deal of attention. Work is being agreed and we are moving forward.
Some EU member states have been developing aggressive cyber security capabilities and may therefore be less keen to participate in EDA efforts to map out the readiness for cyber attacks in Europe, is that a problem?
Member states make their own decisions. There is variation across the member states: from those doing nothing, to those that see this as part of warfare and are accordingly developing their own capabilities. We are the catalyst or the glue that brings together the capabilities of the member states. Some have more capabilities than others and they share what they want to share. Member states are sovereign states and are free to pursue their own strategies. We can work with between two to an unlimited numbers of nations, including those outside the EU, so our role is to work with those who want to take part, not to break down the doors of those who take a different view.
Are there are any common areas of unpreparedness for cyber attacks?
Our member states are not at a common level, they are not using common methodologies to protect themselves and there are not set standards for sharing the information, though these are coming. But the nature of the attack in some ways is not changing. I think that we have to take the view that cyber is another military capability and another requirement to defend against.
It is new but it is not unusual to have to deal with new threats, and today it is cyber. So we deal with it much as we might have had to deal with improvised explosive devices or anything else. We are under permanent attack, which is why it the issue is being taken up by governments quite speedily.
Who would win a cyber war if one broke out?
Cyber is just the latest but no different from other dimensions of warfare, most of the others already existed, so in a sense it is good news everyone is working together from the beginning. Cyber is another element of warfare so if there was a war, it would not be limited to one strand such a cyber, but would involve other elements. I do not think Europe is lagging behind other countries. In political terms we are making very quick progress, I would suggest we are even ahead.
You recently completed a type of 'stress test' across 17 member states. What, if any, ‘wake-up call’ would you take from that?
It is further evidence that you need to keep reminding people of how important cyber security is. That piece of work supported our capability development plan. The end game with our plan is that we are looking at future work patterns and from that we derive a list of defence priorities upon which the EDA operates. That comes out later next year. I would be surprised if Cyber was not a priority if not at the top of the list.
Has the NSA/Prism scandal had any bearing on your priorities?
Intelligence gathering and cyber security may get mixed up but that is not something that we have any involvement with. The point is that any government or group of governments work under some form of rule of law, whether national or international. The enemy does not, and that is our difficulty. Scandals such as Prism concern sovereign states and it would be wrong for me to comment. But it is a problem with any form of warfare that an enemy might not act within a moral, legal or thinking framework.