Emerging Challenges and New Responses, Building Capabilities to Counter Threats in Cyberspace

Questions and Answers on How to Improve Cybersecurity

doi: 10.32567/hm.2024.1.7

Abstract

Cyberspace phenomena are changing rapidly at international and national levels. Growing threats, new vulnerabilities and protection against them require continuous action at the level of the EU, NATO and national competent authorities and organisations. Adequate protection of critical infrastructure and cyberspace is a vital strategic, operational and technical challenge for the EU, NATO and therefore nations. Cross-border impacts, threat actors and malicious actions require coordination of international and national procedures, mechanisms and cooperation. This article presents the most important phenomena and trends experienced today, as well as EU and NATO initiatives and requirements at the strategic level, illustrating what changes can be expected in cybersecurity.

Keywords:

cyber security critical infrastructure protection cyber threat vulnerability security requirement

How to Cite

Kassai, K. (2024). Emerging Challenges and New Responses, Building Capabilities to Counter Threats in Cyberspace: Questions and Answers on How to Improve Cybersecurity. Military Engineer, 19(1), 121–141. https://doi.org/10.32567/hm.2024.1.7

References

BÁNYÁSZ, Péter – KRASZNAY, Csaba – TÓTH, András (2022): A kibervédelem szakpolitikai szintjének helyzete és kihívásai Magyarországon, az EU-ban és a NATO-ban [Situation and Challenges at the Policy Level of Cyber Defence in Hungary, the EU and NATO]. Military and Intelligence Cyber Security Research Paper 2022/8.

BIHALY, Barbara (2021): A kibervédelem szerepe az Európai Unió közös biztonsági és védelmi politikájában [The Role of Cyber Defence in the European Union’s Common Security and Defence Policy]. Hadtudományi Szemle, 14(3), 45–55. Online: https://doi.org/10.32563/hsz.2021.3.4

Centre for Cybersecurity Belgium (2023): Cybersecurity Priorities in the Upcoming Belgian Presidency Agenda. Online: https://ccb.belgium.be/en/news/cybersecurity-priorities-upcoming-belgian-eu-presidency-agenda

The Council of the European Union (2022): Council Recommendation of 8 December 2022 on a Union-wide coordinated approach to strengthen the resilience of critical infrastructure. 2023/C 20/01. Online: https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32023H0120(01)

The Council of the European Union (2023): Council Conclusions on the EU Space Strategy for Security and Defence. 14512/23. Online: https://data.consilium.europa.eu/doc/document/ST-14512-2023-INIT/en/pdf

ENISA (2020): National Cybersecurity Strategies. Retrieved 02 19, 2024, from https://www.enisa.europa.eu/topics/national-cyber-security-strategies/

ENISA (2023a): Cybersecurity Support Action. Online: https://www.enisa.europa.eu/publications/cybersecurity-support-action

ENISA (2023b): Foresight 2030 Threats. Online: https://www.enisa.europa.eu/publications/foresight-2030-threats

ENISA (2023c): ENISA Threat Landscape 2023 (July 2022 to June 2023). Online: https://www.enisa.europa.eu/publications/enisa-threat-landscape-2023

European Commission (2020): Joint Communication to the European Parliament and the Council. The EU's Cybersecurity Strategy for the Digital Decade. JOIN(2020) 18 final. Online: https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=CELEX%3A52020JC0018

European Commission (2021): Proposal for a Regulation of the European Parliament and of the Council Laying Down Harmonised Rules on Artificial Intelligence (Artificial Intelligence Act) and Amending Certain Union Legislative Acts. COM(2021) 206 final. Online: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A52021PC0206

European Commission (2022): Proposal for a Regulation of the European Parliament and of the Council on horizontal cybersecurity requirements for products with digital elements and amending Regulation (EU) 2019/1020. COM/2022/454 final. Online: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A52022PC0454

European Commission (2023a): Commission Recommendation of 03 October 2023 on critical technology areas for the EU's economic security for further risk assessment with Member States. C(2023) 6689 final. Online: https://defence-industry-space.ec.europa.eu/commission-recommendation-03-october-2023-critical-technology-areas-eus-economic-security-further_en

European Commission (2023b): Joint Communication to the European Parliament and the Council. European Union Space Strategy for Security and Defence. JOIN(2023) 9 final. Online: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A52023JC0009

European Commission (2023c): Joint Communication to the European Parliament, the European Council and the Council on “European Economic Security Strategy”. JOIN(2023) 20 final. Online: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A52023JC0020

European Commission (2023d): Proposal for a Council Recommendation on a Blueprint to coordinate a Union-level response to disruptions of critical infrastructure with significant cross-border relevance. Online: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A52023DC0526

European Commission (2023e): Proposal for a Regulation of the European Parliament and of the Council amending Regulation (EU) 2019/881 as regards managed security services. COM(2023) 208 final. Online: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=COM%3A2023%3A208%3AFIN

European Commission (2023f): Proposal for a Regulation of the European Parliament and of the Council Laying Down Measures to Strengthen Solidarity and Capacities in the Union to Detect, Prepare for and Respond to Cybersecurity Threats and Incidents. COM(2023) 209 final. Online: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A52023PC0209

European Cybersecurity Competence Centre and Network (2023): Strategic Agenda. Online: https://cybersecurity-centre.europa.eu/strategic-agenda_en

European Parliament (2023b): Artificial Intelligence Act: Deal on Comprehensive Rules for Trustworthy AI. Online: https://www.europarl.europa.eu/news/en/press-room/20231206IPR15699/artificial-intelligence-act-deal-on-comprehensive-rules-for-trustworthy-ai

European Union (2023c): European Declaration on Quantum Technologies. Online: https://ec.europa.eu/newsroom/dae/redirection/document/100585

European Union External Action (2022): A Strategic Compass for Security and Defence. For a European Union that protects its citizens, values and interests and contributes to international peace and security. Brussels, 21 March 2022. Online: https://www.eeas.europa.eu/sites/default/files/documents/strategic_compass_en3_web.pdf

European External Action Service (2023): EU Statement – UN Open-Ended Working Group on ICT: Existing and Potential Threats. Online: https://www.eeas.europa.eu/delegations/un-new-york/eu-statement-–-un-open-ended-working-group-ict-existing-and-potential-threats_en

ICRI (2023a): CRI Joint Statement on Ransomware Payments (2 November 2023). Online: https://www.gov.uk/government/publications/cri-joint-statement-on-ransomware-payments/cri-joint-statement-on-ransomware-payments

ICRI (2023b): International Counter Ransomware Initiative 2023 Joint Statement (1 November 2023). Online: https://www.whitehouse.gov/briefing-room/statements-releases/2023/11/01/international-counter-ransomware-initiative-2023-joint-statement/

JACUCH, Andrzej (2020): Countering Hybrid Threats: Resilience in the EU and NATO’s Strategies. The Copernicus Journal of Political Studies, (1), 5–26. Online: https://doi.org/10.12775/CJPS.2020.001

KÁDÁR, Pál (2022): A kibertér és a kibertér műveleti képességek jelentősége a védelmi és biztonsági tevékenységek összehangolásában [The Importance of Cyberspace and Cyberspace Operational Capabilities in Improving Coordination of Defence and Security Activities]. Military and Intelligence CyberSecurity Research Paper 2022/7.

KERSÁNSZKY, Tamás (2022): The Burden of Cyber Defense in the Common Security and Defence Policy of the EU. Safety and Security Sciences Review, 4(4), 69–79.

KOVÁCS, László (2018): Cyber Security Policy and Strategy in the European Union and NATO. Land Forces Academy Review, 23(1), 16–24. Online: https://doi.org/10.2478/raft-2018-0002

KOVÁCS, László (2020): A kiberbiztonság és a kiberműveletek megjelenése Magyarország új Nemzeti Biztonsági Stratégiájában [The Appearance of Cybersecurity and Cyber Operations in the New National Security Strategy of Hungary]. Honvédségi Szemle, 148(5), 3–18. Online: https://doi.org/10.35926/HSZ.2020.5.1

Magyarország Kormánya (2023): Biztonsági osztályba sorolás és alkalmazandó védelmi intézkedések min. rendelet. Online: https://kormany.hu/dokumentumtar/biztonsagi-osztalyba-sorolas-es-alkalmazando-vedelmi-intezkedesek-min-rendelet

MÓGOR, Judit – ANGYAL, István (2022): A létfontosságú rendszerek védelmére vonatkozó szabályozás fejlesztése [Development of the Regulations of the Critical Infrastructure Protection]. Scientia et Securitas, 3(2), 118–125. Online: https://doi.org/10.1556/112.2022.00102

NATO (2016a): Commitment to Enhance Resilience. Online: https://www.nato.int/cps/en/natohq/official_texts_133180.htm

NATO (2016b): Cyber Defence Pledge. Online: https://www.nato.int/cps/en/natohq/official_texts_133177.htm

NATO (2016c): Resilience, Civil Preparedness and Article 3. Online: https://www.nato.int/cps/en/natohq/topics_132722.htm

NATO (2021a): Cyber Defence. Retrieved 02 14, 2024, from https://www.nato.int/cps/en/natohq/topics_78170.htm

NATO (2021b): Strengthened Resilience Commitment. Online: https://www.nato.int/cps/en/natohq/official_texts_185340.htm

NATO (2022a): Madrid Summit Declaration. Online: https://www.nato.int/cps/en/natohq /official_texts_196951.htm

NATO (2022b): NATO 2022 Strategic Concept. Online: https://www.nato.int/nato_static_fl2014/assets/pdf/2022/6/pdf/290622-strategic-concept.pdf

NATO (2023): Vilnius Summit Communiqué. Online: https://www.nato.int/cps/en/natohq/official_texts_217320.htm

NOVÁK-VARRÓ, Virág (2021): Az „ellenálló képesség”, mint a békeépítés eszköze [Resilience as a Tool of Peacebuilding]. Hadtudomány, (3), 32–43. Online: https://doi.org/10.17047/HADTUD.2021.31.3.32

PEDERSEN, Torbjørn (2023): A Small State’s Cyber Posture: Deterrence by Punishment and Beyond Scandinavian Journal of Military Studies, 6(1), 58–68. Online: https://doi.org/10.31374/sjms.191

ROEPKE, Wolf-Diether – THANKEY, Hasit (2019): The First Line of Defence. The Three Swords Magazine, 34/2019. Online: https://www.jwc.nato.int/images/stories/_news_items_/2019/three-swords/ResilienceTotalDef.pdf

STOLTENBERG, Jens (2022): Keynote address by NATO Secretary General Jens Stoltenberg at the NATO Cyber Defence Pledge Conference in Italy. Online: https://www.nato.int/cps/en/natohq/opinions_208925.htm

STOLTENBERG, Jens (2023): Speech by NATO Secretary General Jens Stoltenberg at the first annual NATO Cyber Defence Conference. Online: https://www.nato.int/cps/en/natohq/opinions_219806.htm

SZENES, Zoltán (2021): A hibrid fenyegetések elleni szakpolitika Magyarországon [Governmental Policy against Hybrid Threats in Hungary]. Hadtudomány, 31(4), 39–56. Online: https://doi.org/10.17047/HADTUD.2021.31.4.39

SZENES, Zoltán (2022): Elrettentés és védelem: a NATO új haderőmodellje [Deterrence and Defence: The New NATO Force Model]. Hadtudomány, 32(2), 3–17. Online: https://doi.org/10.17047/HADTUD.2022.32.2.3

United Nations (2022): Report of the Open-Ended Working Group on Security of and in the Use of Information and Communications Technologies 2021–2025. A/77/275, 8 August 2022.

Legal sources

/2013 (III. 21.) Government Decision on the National Cyber Security Strategy of Hungary

/2018 (XII. 28.) Government Decision on the Strategy for the security of network and information systems in Hungary

Act L of 2013 on Electronic information security of state and municipal bodies

Act XCIII of 2021 on the coordination of security and defence activities

Act XXIII of 2023 on cyber certification and cybersecurity authority

Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 on measures for a high common level of cybersecurity across the Union, amending Regulation (EU) No 910/2014 and Directive (EU) 2018/1972, and repealing Directive (EU) 2016/1148 (NIS 2 Directive) (Text with EEA relevance). Online: https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32022L2555

Directive (EU) 2022/2557 of the European Parliament and of the Council of 14 December 2022 on the resilience of critical entities and repealing Council Directive 2008/114/EC. Online: https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32022L2557

Government Decree 214/2020 (V. 18.) on the Electronic Information Security Early Warning System

Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector and amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014, (EU) No 909/2014 and (EU) 2016/1011 (Text with EEA relevance) Online: https://eur-lex.europa.eu/eli/reg/2022/2554/oj