Emerging Challenges and New Responses, Building Capabilities to Counter Threats in Cyberspace
Questions and Answers on How to Improve Cybersecurity
Copyright (c) 2024 Kassai Károly
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
Abstract
Cyberspace phenomena are changing rapidly at international and national levels. Growing threats, new vulnerabilities and protection against them require continuous action at the level of the EU, NATO and national competent authorities and organisations. Adequate protection of critical infrastructure and cyberspace is a vital strategic, operational and technical challenge for the EU, NATO and therefore nations. Cross-border impacts, threat actors and malicious actions require coordination of international and national procedures, mechanisms and cooperation. This article presents the most important phenomena and trends experienced today, as well as EU and NATO initiatives and requirements at the strategic level, illustrating what changes can be expected in cybersecurity.
Keywords:
How to Cite
References
BÁNYÁSZ, Péter – KRASZNAY, Csaba – TÓTH, András (2022): A kibervédelem szakpolitikai szintjének helyzete és kihívásai Magyarországon, az EU-ban és a NATO-ban [Situation and Challenges at the Policy Level of Cyber Defence in Hungary, the EU and NATO]. Military and Intelligence Cyber Security Research Paper 2022/8.
BIHALY, Barbara (2021): A kibervédelem szerepe az Európai Unió közös biztonsági és védelmi politikájában [The Role of Cyber Defence in the European Union’s Common Security and Defence Policy]. Hadtudományi Szemle, 14(3), 45–55. Online: https://doi.org/10.32563/hsz.2021.3.4
Centre for Cybersecurity Belgium (2023): Cybersecurity Priorities in the Upcoming Belgian Presidency Agenda. Online: https://ccb.belgium.be/en/news/cybersecurity-priorities-upcoming-belgian-eu-presidency-agenda
The Council of the European Union (2022): Council Recommendation of 8 December 2022 on a Union-wide coordinated approach to strengthen the resilience of critical infrastructure. 2023/C 20/01. Online: https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32023H0120(01)
The Council of the European Union (2023): Council Conclusions on the EU Space Strategy for Security and Defence. 14512/23. Online: https://data.consilium.europa.eu/doc/document/ST-14512-2023-INIT/en/pdf
ENISA (2020): National Cybersecurity Strategies. Retrieved 02 19, 2024, from https://www.enisa.europa.eu/topics/national-cyber-security-strategies/
ENISA (2023a): Cybersecurity Support Action. Online: https://www.enisa.europa.eu/publications/cybersecurity-support-action
ENISA (2023b): Foresight 2030 Threats. Online: https://www.enisa.europa.eu/publications/foresight-2030-threats
ENISA (2023c): ENISA Threat Landscape 2023 (July 2022 to June 2023). Online: https://www.enisa.europa.eu/publications/enisa-threat-landscape-2023
European Commission (2020): Joint Communication to the European Parliament and the Council. The EU's Cybersecurity Strategy for the Digital Decade. JOIN(2020) 18 final. Online: https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=CELEX%3A52020JC0018
European Commission (2021): Proposal for a Regulation of the European Parliament and of the Council Laying Down Harmonised Rules on Artificial Intelligence (Artificial Intelligence Act) and Amending Certain Union Legislative Acts. COM(2021) 206 final. Online: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A52021PC0206
European Commission (2022): Proposal for a Regulation of the European Parliament and of the Council on horizontal cybersecurity requirements for products with digital elements and amending Regulation (EU) 2019/1020. COM/2022/454 final. Online: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A52022PC0454
European Commission (2023a): Commission Recommendation of 03 October 2023 on critical technology areas for the EU's economic security for further risk assessment with Member States. C(2023) 6689 final. Online: https://defence-industry-space.ec.europa.eu/commission-recommendation-03-october-2023-critical-technology-areas-eus-economic-security-further_en
European Commission (2023b): Joint Communication to the European Parliament and the Council. European Union Space Strategy for Security and Defence. JOIN(2023) 9 final. Online: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A52023JC0009
European Commission (2023c): Joint Communication to the European Parliament, the European Council and the Council on “European Economic Security Strategy”. JOIN(2023) 20 final. Online: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A52023JC0020
European Commission (2023d): Proposal for a Council Recommendation on a Blueprint to coordinate a Union-level response to disruptions of critical infrastructure with significant cross-border relevance. Online: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A52023DC0526
European Commission (2023e): Proposal for a Regulation of the European Parliament and of the Council amending Regulation (EU) 2019/881 as regards managed security services. COM(2023) 208 final. Online: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=COM%3A2023%3A208%3AFIN
European Commission (2023f): Proposal for a Regulation of the European Parliament and of the Council Laying Down Measures to Strengthen Solidarity and Capacities in the Union to Detect, Prepare for and Respond to Cybersecurity Threats and Incidents. COM(2023) 209 final. Online: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A52023PC0209
European Cybersecurity Competence Centre and Network (2023): Strategic Agenda. Online: https://cybersecurity-centre.europa.eu/strategic-agenda_en
European Parliament (2023b): Artificial Intelligence Act: Deal on Comprehensive Rules for Trustworthy AI. Online: https://www.europarl.europa.eu/news/en/press-room/20231206IPR15699/artificial-intelligence-act-deal-on-comprehensive-rules-for-trustworthy-ai
European Union (2023c): European Declaration on Quantum Technologies. Online: https://ec.europa.eu/newsroom/dae/redirection/document/100585
European Union External Action (2022): A Strategic Compass for Security and Defence. For a European Union that protects its citizens, values and interests and contributes to international peace and security. Brussels, 21 March 2022. Online: https://www.eeas.europa.eu/sites/default/files/documents/strategic_compass_en3_web.pdf
European External Action Service (2023): EU Statement – UN Open-Ended Working Group on ICT: Existing and Potential Threats. Online: https://www.eeas.europa.eu/delegations/un-new-york/eu-statement-–-un-open-ended-working-group-ict-existing-and-potential-threats_en
ICRI (2023a): CRI Joint Statement on Ransomware Payments (2 November 2023). Online: https://www.gov.uk/government/publications/cri-joint-statement-on-ransomware-payments/cri-joint-statement-on-ransomware-payments
ICRI (2023b): International Counter Ransomware Initiative 2023 Joint Statement (1 November 2023). Online: https://www.whitehouse.gov/briefing-room/statements-releases/2023/11/01/international-counter-ransomware-initiative-2023-joint-statement/
JACUCH, Andrzej (2020): Countering Hybrid Threats: Resilience in the EU and NATO’s Strategies. The Copernicus Journal of Political Studies, (1), 5–26. Online: https://doi.org/10.12775/CJPS.2020.001
KÁDÁR, Pál (2022): A kibertér és a kibertér műveleti képességek jelentősége a védelmi és biztonsági tevékenységek összehangolásában [The Importance of Cyberspace and Cyberspace Operational Capabilities in Improving Coordination of Defence and Security Activities]. Military and Intelligence CyberSecurity Research Paper 2022/7.
KERSÁNSZKY, Tamás (2022): The Burden of Cyber Defense in the Common Security and Defence Policy of the EU. Safety and Security Sciences Review, 4(4), 69–79.
KOVÁCS, László (2018): Cyber Security Policy and Strategy in the European Union and NATO. Land Forces Academy Review, 23(1), 16–24. Online: https://doi.org/10.2478/raft-2018-0002
KOVÁCS, László (2020): A kiberbiztonság és a kiberműveletek megjelenése Magyarország új Nemzeti Biztonsági Stratégiájában [The Appearance of Cybersecurity and Cyber Operations in the New National Security Strategy of Hungary]. Honvédségi Szemle, 148(5), 3–18. Online: https://doi.org/10.35926/HSZ.2020.5.1
Magyarország Kormánya (2023): Biztonsági osztályba sorolás és alkalmazandó védelmi intézkedések min. rendelet. Online: https://kormany.hu/dokumentumtar/biztonsagi-osztalyba-sorolas-es-alkalmazando-vedelmi-intezkedesek-min-rendelet
MÓGOR, Judit – ANGYAL, István (2022): A létfontosságú rendszerek védelmére vonatkozó szabályozás fejlesztése [Development of the Regulations of the Critical Infrastructure Protection]. Scientia et Securitas, 3(2), 118–125. Online: https://doi.org/10.1556/112.2022.00102
NATO (2016a): Commitment to Enhance Resilience. Online: https://www.nato.int/cps/en/natohq/official_texts_133180.htm
NATO (2016b): Cyber Defence Pledge. Online: https://www.nato.int/cps/en/natohq/official_texts_133177.htm
NATO (2016c): Resilience, Civil Preparedness and Article 3. Online: https://www.nato.int/cps/en/natohq/topics_132722.htm
NATO (2021a): Cyber Defence. Retrieved 02 14, 2024, from https://www.nato.int/cps/en/natohq/topics_78170.htm
NATO (2021b): Strengthened Resilience Commitment. Online: https://www.nato.int/cps/en/natohq/official_texts_185340.htm
NATO (2022a): Madrid Summit Declaration. Online: https://www.nato.int/cps/en/natohq /official_texts_196951.htm
NATO (2022b): NATO 2022 Strategic Concept. Online: https://www.nato.int/nato_static_fl2014/assets/pdf/2022/6/pdf/290622-strategic-concept.pdf
NATO (2023): Vilnius Summit Communiqué. Online: https://www.nato.int/cps/en/natohq/official_texts_217320.htm
NOVÁK-VARRÓ, Virág (2021): Az „ellenálló képesség”, mint a békeépítés eszköze [Resilience as a Tool of Peacebuilding]. Hadtudomány, (3), 32–43. Online: https://doi.org/10.17047/HADTUD.2021.31.3.32
PEDERSEN, Torbjørn (2023): A Small State’s Cyber Posture: Deterrence by Punishment and Beyond Scandinavian Journal of Military Studies, 6(1), 58–68. Online: https://doi.org/10.31374/sjms.191
ROEPKE, Wolf-Diether – THANKEY, Hasit (2019): The First Line of Defence. The Three Swords Magazine, 34/2019. Online: https://www.jwc.nato.int/images/stories/_news_items_/2019/three-swords/ResilienceTotalDef.pdf
STOLTENBERG, Jens (2022): Keynote address by NATO Secretary General Jens Stoltenberg at the NATO Cyber Defence Pledge Conference in Italy. Online: https://www.nato.int/cps/en/natohq/opinions_208925.htm
STOLTENBERG, Jens (2023): Speech by NATO Secretary General Jens Stoltenberg at the first annual NATO Cyber Defence Conference. Online: https://www.nato.int/cps/en/natohq/opinions_219806.htm
SZENES, Zoltán (2021): A hibrid fenyegetések elleni szakpolitika Magyarországon [Governmental Policy against Hybrid Threats in Hungary]. Hadtudomány, 31(4), 39–56. Online: https://doi.org/10.17047/HADTUD.2021.31.4.39
SZENES, Zoltán (2022): Elrettentés és védelem: a NATO új haderőmodellje [Deterrence and Defence: The New NATO Force Model]. Hadtudomány, 32(2), 3–17. Online: https://doi.org/10.17047/HADTUD.2022.32.2.3
United Nations (2022): Report of the Open-Ended Working Group on Security of and in the Use of Information and Communications Technologies 2021–2025. A/77/275, 8 August 2022.
Legal sources
/2013 (III. 21.) Government Decision on the National Cyber Security Strategy of Hungary
/2018 (XII. 28.) Government Decision on the Strategy for the security of network and information systems in Hungary
Act L of 2013 on Electronic information security of state and municipal bodies
Act XCIII of 2021 on the coordination of security and defence activities
Act XXIII of 2023 on cyber certification and cybersecurity authority
Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 on measures for a high common level of cybersecurity across the Union, amending Regulation (EU) No 910/2014 and Directive (EU) 2018/1972, and repealing Directive (EU) 2016/1148 (NIS 2 Directive) (Text with EEA relevance). Online: https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32022L2555
Directive (EU) 2022/2557 of the European Parliament and of the Council of 14 December 2022 on the resilience of critical entities and repealing Council Directive 2008/114/EC. Online: https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32022L2557
Government Decree 214/2020 (V. 18.) on the Electronic Information Security Early Warning System
Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector and amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014, (EU) No 909/2014 and (EU) 2016/1011 (Text with EEA relevance) Online: https://eur-lex.europa.eu/eli/reg/2022/2554/oj