The obvious importance of cyber defence – often the poor cousin of all things cyber – is becoming clearer and more entrenched, with growing high-level EU ambitions. The recent release of the EU cyber defence policy in late 2022 marks a milestone for the EU’s cyber defence policy framework insofar as its ambitions indicate the aspirational direction of travel for …
Europe’s Risky Plan for the Internet
Over the past few months, the European Commission, along with European telecommunication providers, have reignited an old debate about the way traffic is meant to flow through the internet. Premised under the decade-old idea of the ‘Sending Party Network Pays’ (SPNP) model, the intention is to require content providers to pay telecom operators for the traffic they carry on their …
Towards a data-driven EU Cyber Diplomacy
The EU and its member-states lack quantifiable data on cyber conflict that can guide EU Cyber diplomacy. But data is necessary to answer even basic questions like, whether cyber conflict is getting better or worse and does the EU cyber posture have the desired effect in reducing cyber operations or their damaging effects. A new European research project, the European …
Microtargeted Propaganda by Foreign Actors
Microtargeting involves collecting information about people and using that information to show them targeted political advertisements. Such microtargeting enables advertisers to tailor ads to specific groups of people, for instance people who visit certain websites or share specific characteristics. Microtargeted propaganda can be more effective, more efficient and more hidden than traditional propaganda. Consequently, its use, especially by foreign actors, …
Incorporating Cybersecurity into EU Policy Formation
As the EU strives to strengthen its cyber resilience, it becomes ever more important for its institutions to have coherent advice on the cybersecurity implications of legislative and regulatory decisions. Current practice, including in the context of the Digital Market Act (DMA), suggests action is needed to establish a policy-agnostic technical mechanism to generate such advice, develop important partnerships and …
Revamping the EU’s Technology Partnerships
The EU is expanding its global partnerships in the technological and digital realm. However, its approach to the Global South countries has differed markedly from its approach to developing partnerships with the US and Asian countries. Discussion of the best ways to partner with Global South countries has been limited and many areas remain unexplored. Current mechanisms risk being not …
The EU and Responsible Active Cyber Defence
A growing number of states are looking into active cyber defence operations to diversify their available responses to cyber incidents. In order to not only create guidelines for its member states but also to serve as a norm setter for this controversial policy issue, the EU must act now. Starting by defining active cyber defence for itself, the EU should …
The Political Economy of European Cybersecurity
Public-private cooperation is often suggested as one response to an increasingly volatile digital security environment. But there has been little attention paid to how outcomes at the EU level are influenced by how such cooperation is organised in practice, what its drivers are and specific models of organising relations between the public and private sector. By making a distinction between …
The EU’s Fragmented Cybersecurity Market
While the EU recognises the importance of cybersecurity policies, it continues to lag behind certain international counterparts in terms of creating a unified ecosystem and providing investment opportunities. One of the central problems hindering the EU is the fragmentation of its cybersecurity market, which impedes European cybersecurity companies from scaling up and forces them to look for alternative markets to …
EU Cyber Sanctions and Cyber Norms
In the absence of clear international law on state-led or sponsored cyber activity, cyber norms are surrounded by ambiguity and different interpretations. Cyber sanctions are a relatively new tool the EU has to promote norms on appropriate state behaviour in cyberspace and clarify such ambiguity. However, the EU has to be careful in its application of cyber sanctions to avoid …