Nicole van der Meulen, Eun Jo & Stefan Soesanto, Cybersecurity in the European Union and Beyond: Exploring the Threats and Policy Responses (2015) (full-text).
The European Commission published the European Union Cyber Security Strategy along with the accompanying proposal for a Network and Information Security Directive (NIS) in 2013. Since the proposal was published, the cybersecurity landscape has continued to evolve, leading to questions regarding the nature and seriousness of the cyberthreats faced by the European Union (EU), the capabilities of Member States to manage these threats and respond to incidents, and the effectiveness of these capabilities. At the time of writing, discussions about the content and scope of the proposed NIS Directive are continuing.
- To identify key cyberthreats facing the EU and the challenges associated with their identification.
- To identify the main cybersecurity capabilities in the EU.
- To identify the main cybersecurity capabilities in the United States (US).
- To assess the current state of transnational cooperation.
- To explore perceptions of the effectiveness of the current EU response.
The main theme in the authors' findings is that the existing cybersecurity measures in the EU are fragmented, largely due to gaps in operational capabilities as well as strategic priorities of Member States regarding cybersecurity. Whether the EU response to cybersecurity should adopt a formal and mandatory character is also debated. The authors suggest five policy options that the EP should consider in order to improve the EU's overall approach to cybersecurity.