The EU cybersecurity eco-system does not yet have a common space to work together across different communities and fields which allow the existing networks to tap their full potential.
The EU Cybersecurity Strategy outlined the need for a Joint Cyber Unit (JCU), identifying the main problems that it would contribute to solve, its objectives and the steps needed to achieve it.
It builds on the work started with the Recommendation on a coordinated response to incidents and crises - so called Blueprint in 2017. The JCU will be set close to the Brussels offices of ENISA, the EU Agency for Cybersecurity, and CERT-EU, the Computer Emergency Response Team for the EU Institutions, bodies and agencies.
The JCU will help civilian, law-enforcement, diplomatic and cyber defence communities cooperate to prevent, deter and respond to cyberattacks. In this way, it will benefit from the expertise of all relevant actors in the cybersecurity field. Those involved will be able to act swiftly against cyber threats and work to mobilise resources for mutual assistance.
The Commission has proposed to build the JCU through a gradual and transparent process in 4 steps:
- assess the organisational aspects and identify EU operational capabilities by 31 December 2021;
- prepare national incident and crisis response plans and roll out joint preparedness activities by 30 June 2022;
- operationalise the JCU by mobilising EU Rapid Reaction teams, following procedures defined in the EU incident and crisis response plan by 31 December 2022;
- involve private sector partners, users and providers of cybersecurity solutions and services, to increase information sharing and to be able to escalate EU coordinated response to cyber threats by June 2023.
Key actions of the JCU include:
- setting up a physical platform built around ENISA and CERT-EU adjacent offices in Brussels;
- establishing a virtual platform composed of tools for secure and rapid information-sharing;
- delivering the EU cybersecurity incident and crisis response plan (based on national plans proposed in NIS2);
- producing integrated EU cybersecurity situation reports, including information and intelligence about threats and incidents;
- establishing and mobilising EU Cybersecurity Rapid Reaction Teams;
- concluding memoranda of understanding for cooperation and mutual assistance;
- concluding information-sharing as well as operational cooperation agreements with private sector companies, both user and providers of cybersecurity solutions and services;
- putting together an inventory of operational and technical capabilities available in the EU;
- defining structured synergies with enhanced detection capabilities tools, notably SOCs;
- setting a multi-annual plan to coordinate exercises and organizing joint exercise and training;
- reporting: Interim report assessing roles and responsibilities of participants and final activity report.
These webpages will keep you updated on this gradual process.