22 Amendments of Jozo RADOŠ related to 2018/2004(INI)

Citation 13 a (new)
- having regard to Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union,
Citation 13 b (new)
- having regard to the work of the Global Commission on the Stability of Cyberspace,
Citation 17 a (new)
- having regard to the Commission's Proposal for a Regulation of the European Parliament and of the Council on ENISA, the "EU Cybersecurity Agency", and repealing Regulation (EU) 526/2013, and on Information and Communication Technology cybersecurity certification (''Cybersecurity Act'') of 13 September 2017,
Recital A a (new)
Aa. whereas cyber defence is of importance for the military, but more generally it is important for governments, industries, consumers and citizens as cyber incidents have a strong economic and societal impact;
Recital B
B. whereas several Member States have invested substantially in setting up well-staffed cyber commands to meet these new challenges and improve cyber resilience; whereas cyber defence is an activity that can best be tackled cooperatively as its operational domain recognises neither national nor organisational boundaries;
Recital B
B. whereas several Member States have invested substantially in setting up well-staffed cyber commands to meet these new challenges; whereas cyber defence is an activity that can best be tackled cooperatively as its operational domain recognises neither national nor organisational boundaries; whereas the majority of knowledge about operating and securing data systems, software and networks is overwhelmingly in the hands of private companies, which creates fundamental governance and security questions about the ability of states to defend their citizens;
Recital C
C. whereas while cyber defence remains a core competence of the Member States, the EU has a vital role to play in ensuring that these new endeavours are closely coordinated from the start to avoid the inefficiencies that mark many traditional defence efforts; whereas a substantial cyber defence capability is a necessary part of the development of the European Defence Union; whereas the protection of our network and information security is a core competence of the European Union and should be an essential part of the European Digital Single Market;
Recital D
D. whereas the EU has contributed in improving Member States cyber defence capabilities, both through dual-use research and, projects coordinated by the European Defence Agency (EDA) and in improving Member States cyber resilience, through support provided by the EU Cyber Security Agency (ENISA);
Recital M
M. whereas the UN Group of Governmental Experts on Information Security (UNGGE) has concluded its last round of deliberation; whereas even though it failed to arrive at a consensus report this timein 2017, the 2015 and 2013 agreements still apply, in that international law, in particular the Charter of the United Nations, is applicable and essential to maintaining peace and stability, and to promoting an open, secure, peaceful and accessible cyberspace; whereas the European Union should actively engage in norm-setting initiatives that promote responsible state behaviour in cyberspace outside the UN when the UN GGE process is dormant;
Recital O
O. whereas different state actors – Russia, China, Iran and North Korea, among others – have been involved in malicious cyber activities in pursuit of political, economic or security objectives that include attacks on critical infrastructure (such as Wannacry, NonPetya), cyber-espionage, disinformation campaigns and limiting access to the internet (such as Wannacry, NonPetya); whereas such activities could constitute wrongful acts under international law and cshould lead to a joint EU response, such as usingincluding the use of restrictive measures as envisaged by the EU cyber diplomacy toolbox;
Paragraph 3
3. Recognises that many Member States consider possession of their own cyber defence capabilities to be at the core of their national security strategy and to constitute an essential part of their national sovereignty; stresses, however, that – as with other military branches, and also owing to the borderless nature of cyberspace – the scale required for truly comprehensive and effective forces is beyond the reach of any single Member State; welcomes in this regard the proposed permanent mandate and strengthened role for ENISA;
Paragraph 3
3. Recognises that many Member States consider possession of their own cyber defence capabilities to be at the core of their national security strategy and to constitute an essential part of their national sovereignty; stresses, however, that – as with other military branches, and also owing to the borderless nature of cyberspace – the scale and knowledge required for truly comprehensive and effective forces is beyond the reach of any single Member State;
Paragraph 5 a (new)
5a. Urges the Members States to increase financial and personal resources, in particular forensic experts, in order to improve the attribution of cyber attacks;
Paragraph 10
10. Strongly supports the Military Erasmus initiative aimed at enhancing the interoperability of the armed forces of the Member States through an increased exchange of young officers; believes however that exchanges for training and education in the field of cyber defence should go beyond this initiative and include military personnel from all ranks and students from all academic institutions with educational programs in cyber security; stresses that there is a need for more experts in the cyber defence domain; calls on theacademic institutions and military academies to pay more attention to, and create more possibilities in, the field of cyber defence education and training;
Paragraph 10 a (new)
10a. Calls on all Member States to sufficiently and proactively inform, raise awareness and advise companies, schools and citizens about cyber security and the main actual digital threats; welcomes in this regard cyber guides as a tool to guide citizens and organizations towards a better cyber security strategy, to boost cyber security knowledge and improve cyber resilience across the board;
Paragraph 10 b (new)
10b. Notes that, given the need for more specialised personnel, the focus of the Member States should not only be on recruitment of competent armed forces personnel, but also on the retention of needed specialists;
Paragraph 15
15. Calls for identifying new initiatives to further cooperation between EU and NATO, taking into account as well the possibilities of cooperating within the NATO Cooperative Cyber Defence Centre of Excellence and the NATO Communications and Information (NCI) Academy; welcomes the recent creation of the European Centre of Excellence for Countering Hybrid Threats; urges all relevant institutions to regularly meet to discuss their activities in order to avoid overlaps and encourage a coordinated approach towards cyber defence;
Paragraph 16
16. Is convinced that increased cooperation between EU and NATO is vital in the area of cyber defence; calls, therefore, on both organisations to increase their operational cooperation and coordination, and to expand their joint capacity-building efforts, in particular joint training for cyber defence staff; considers it vital that the EU and NATO step up the sharing of intelligence in order to enable the formal attribution of cyberattacks and consequently enable the imposition of restrictive sanctions to those responsible for cyberattacks;
Paragraph 20 a (new)
20a. Notes the ongoing work on the Proposal for a Regulation revising ENISA Regulation (No 526/2013) and laying down a European ICT security certification and labelling framework; calls on ENISA to sign an agreement with NATO to increase their practical cooperation, including the sharing of information and participation in cyber defence exercises;
Paragraph 21 a (new)
21a. Notes in this regard the importance of article 2(4) of the UN Charter States, which calls on states to refrain from the threat or use of force against the political independence of any state; believes that this includes a prohibition to pursue or knowingly support coercive cyber operations intended to disrupt the technical infrastructure essential to the conduct of official participative procedures in another state, including elections and referenda;
Paragraph 22
22. Notes the relevance of the Tallinn Manual 2.0 in this context as an excellent basis for a debate on how international law applies to cyberspace; notes that it is now time for the Member States to start analysing and applying what the experts have stated in the Tallinn Manual; notes in particular that any offensive use of cyber capabilities should be based on international law;
Paragraph 23
23. Confirms its full commitment to an open, free, stable and secure cyberspace, which respects the core values of democracy, human rights and the rule of law, and where international disputes are settled by peaceful means; calls on the Member States to promote further implementation of the common and comprehensive EU approach to cyber diplomacy; strongly supports the development of voluntary, non-binding norms of responsible state behaviour in cyberspace; Supports in this context the work of the Global Commission on the Stability of Cyberspace to develop proposals for norms and policies to enhance international security and stability and guide responsible state and non-state behaviour in cyberspace; endorses the proposal that state and non- state actors should not conduct or knowingly allow activity that intentionally and substantially damages the general availability or integrity of the public core of the Internet, and therefore the stability of cyberspace;
