Puhemies. – Esityslistalla on seuraavana keskustelu Urmas Paetin ulkoasiainvaliokunnan puolesta laatimasta mietinnöstä kyberpuolustuksesta 2018/2004(INI) (A8-0189/2018).
Urmas Paet, Rapporteur. – Madam President, dear colleagues, cybersecurity has fast become an indivisible part of global affairs. Cybersecurity threats are real, they can be very damaging and may bring about lethal consequences.
One can only imagine the effects of a successful cyber-attack on a nuclear plant, on an air traffic control facility or on a hospital. EU Member States are often subject to cyber—attacks by either state or non-state actors for political, economic or security purposes, including attacks on critical infrastructure, cyber—espionage and disinformation campaigns.
Therefore, urgent reinforcement and development of European offensive and defensive capabilities is needed. We need to build up and improve our cyber—deterrents and defence if we are to truly modernise European defence.
While cyber—defence remains the core competence of the Member States, nevertheless, due to the borderless nature of cyberspace, it is not possible for any one state alone to tackle the threats and challenges.
Member States must cooperate closely and this is where the EU can be of help. The EU can provide a platform for European cooperation and ensure that the new endeavours are closely coordinated at an international level and within the transatlantic security architecture.
As we have all seen, with the development of the European defence policy over the last few years, so too has the cyber—defence domain been developing. PESCO and the European Defence Fund are the latest initiatives with the necessary scope to facilitate co-operative projects in the cyber domain.
We have a huge deficit of cyber—defence specialists. While there are already some initiatives in this field that need continued support, like the Military Erasmus programme and some others, we see the need to do more.
It is important to increase the availability of virtual cyber—defence training. We need to create wide-ranging technical platforms and establish a community of EU experts to develop a platform to facilitate the pooling and sharing of training and exercises.
In 2016, at the NATO Summit cyberspace was recognised as an operational domain, together with land, air and sea. This was a big step at the time. We need to broaden cooperation with NATO in cyber—defence by increasing operational cooperation and coordination and expanding capacity-building efforts, intensifying joint training for staff, building trust and conducting joint exercises. Like-minded strategic partners should also be taken into account.
As regards international norms and rules, I am glad that the UN Group of Governmental Experts would agree on some of the concepts concerning cyberspace. It was agreed that international law applies and should be enforced in cyberspace. However, it is necessary for the EU to assume a leading role in the ongoing and future debates on international norms in cyberspace.
On civilian-military cooperation, again trust is a key issue. This needs to be developed further between companies and defence and civilian end-users. Also, private companies have a great role in preventing, detecting, containing and responding to cyber—security incidents, as well as in stimulating innovation. It is therefore also imperative that there is more cooperation with the private sector.
So in conclusion, we need to continuously update European cyber—defence capabilities. We need more cooperation at the level of Member States, the EU, NATO and other like-minded countries by building trust, training more experts, having more joint exercises and improving accountability. The next attack might create far more damage than we have seen so far.
Julian King,Member of the Commission,on behalf of the Vice-President of the Commission / High Representative of the Union for Foreign Affairs and Security Policy. – Madam President, honourable Members, thank you on behalf of the Commission and the High Representative. I would like to thank the rapporteur, Mr Paet, for today’s report and the light he is shining on this very important subject. In recent years, as he said, the cyber—threat landscape has changed dramatically, underlining the need for a strategic approach to cyber—threats and challenges. That includes the need to look at the defence dimension.
The best way we have to face such a rapidly evolving series of challenges is to join forces and to mobilise all the resources we have. To protect our cyberspace we need better capabilities, more research, more training and exercises on how to respond to eventual attacks, and in the last few months and years I’m glad to say we have joined forces across the institutions – the European Commission and Member States, the External Action Service and the European Defence Agency – all in close coordination with our partners at NATO.
The report we are discussing today provides an excellent strategic vision and puts forward a series of very realistic recommendations. The report will help further reinforce our ongoing efforts to support Member States’ capability development for cyber—defence and deterrence. Cyber—defence of CSDP missions and operations, cyber—defence education and training, international norms applicable to cyberspace, civil military cooperation, public—private partnerships and EU NATO cyber—cooperation.
We are working to build the EU’s resilience to cyber—attacks, provide for better defence capabilities and to build a credible cyber—deterrence. Indeed, these were the key elements of the Commission’s cyber package brought forward in September last year.
In taking this work forward, we need to remember that most cyber—infrastructure is in civilian hands, so an important part of strengthening our cyber—resilience – making ourselves harder to attack – involves strengthening civil cooperation, which is why we proposed transforming ENISA into an EU cybersecurity agency and developing an EU—wide certification framework for cybersecurity. We also need to send a clear message to those who wish to cause us harm, and in this regard we welcome the reference in the report to Europol’s role in coordinating the law enforcement response to cyber—threats. I’d also like to draw your attention to the recent Commission proposals for facilitating access to e—evidence.
But we also identified the need to further invest in the development of dual use cyber—technologies and cyber—skills. Earlier this year, the European Defence Agency, led by the High Representative, set up an EU cyber—defence, education and training exercise evaluation platform. It will help advance training and educational opportunities within the Member States to cover the full range of cyber—defence training. This initiative will also bring together civilian and military training needs. The EAS and the European Defence Agency have in fact been engaged with Member States for some years now to develop capabilities for cyber—defence. In March this year, they conducted a survey of the Member States on their cyber—defence requirements in order to update the EU cyber—defence policy framework. That survey showed that some Member States are already very advanced in terms of structures and doctrine and that all of our Member States have at least minimum cyber—protection capabilities in place and are building their national cyber—defence systems.
We’ve identified several areas where the EU could support these efforts further, such as investment in research and technology, providing training and education opportunities and facilitating civil—military cooperation. The funding through the European Defence Fund should be focused on delivering these capability priorities. Some Member States, as has been mentioned, have also agreed to invest together in cybersecurity through the new permanent structured cooperation on defence. Member States have set up to cyber—related PESCO projects. One of them focuses on the sharing of cyber—threat intelligence through a network platform with the objective to strengthen national cyber—defence capabilities, the second aims to set up cyber rapid response teams to respond together to cyber—attacks.
In order to strengthen cyber—deterrence, we continue to step up EU response to malicious cyber—activities and incursive cyber—operations in the framework for a joint EU diplomatic response to malicious cyber—activities. This sets out several EU measures to prevent and respond to cyber—attacks by state and non—state actors.
Mr Paet’s report also highlights the role of international law and cyber norms in cyberspace. In this respect, we work closely with Member States to develop a strategic framework for conflict prevention and cyber—stability, promoting adherence to existing international law and implementation of cyber—norms and confidence—building measures are, and will remain, a centrepiece of our efforts.
Finally, we are working to deepen EU—NATO cooperation on cyber—defence, including against hybrid threats. You were talking about EU—NATO cooperation earlier today. We will continue to foster interoperability through coherent cyber—defence requirements and standards, to strengthen cooperation on training exercises, to harmonise training requirements and to mainstream cyber aspects into crisis management.
The report also makes some recommendations on institutional reinforcement, such as developing cyber aspects further in a white book for security and defence, to invest more in cyber—defence in the next MFF, to strengthen the EU Intelligence and Situation Centre and set up a new cyber—defence council.
I want to assure the rapporteur that we will consider all of these ideas very closely. Further investment in cyber—defence has already been highlighted in the current discussions on the next MFF.
In conclusion, we’ve made considerable progress in the past few years on this range of issues connected to cyber—defence. We will continue to work to strengthen Member States’ capabilities and reinforce civ—mil synergies. We will continue to strengthen deterrence by bolstering our resilience and stepping up diplomatic responses to cyber—attacks.
Thank you again for focusing on this issue and I look forward to our discussion.
Antonio López-Istúriz White, on behalf of the PPE Group. – Madam President, I would like to thank the rapporteur, Urmas Paet, who has done some wonderful work.
Seamos claros, el mundo de hoy es muy diferente al de ayer, es más dinámico, tiene un ritmo acelerado. También lo son las amenazas, que son múltiples y están en constante cambio. No podemos ser ingenuos. Los ciudadanos de la Unión exigen que la Unión les proteja; una Unión que lucha por mantener un ciberespacio abierto, libre y seguro.
Resulta evidente que con la digitalización de nuestras economías y sociedades estamos expuestos a muchas más amenazas, y estos ataques tienen el potencial de alterar la vida cotidiana de los ciudadanos europeos, como hemos visto desgraciadamente ya en demasiadas ocasiones.
Fortalecer la cooperación y la coordinación en el ya denominado «quinto dominio de la guerra» —el ciberespacio— es de suma importancia. La defensa cibernética puede y debe tratarse de una forma cooperativa, puesto que su ámbito operativo no tiene fronteras, ni nacionales ni de organización, y el trabajo conjunto resuelve ineficiencias y confiere credibilidad.
Me enorgullece el hecho de que, durante los últimos veinticinco años, mi partido, el Partido Popular Europeo, haya sido un líder en políticas de seguridad y defensa. Me alegro de que ahora se sumen a nuestras preocupaciones las demás fuerzas políticas.
Agradezco el apoyo a este esfuerzo institucional viable y realista que he propuesto y que se refleja en la figura de una autoridad cibernética de la Unión Europea, autoridad que coordinará las operaciones, generando confianza entre los Estados, sirviendo como punto de enlace entre las autoridades cibernéticas de los Estados miembros y colaborando estrechamente con la OTAN.
Insisto, los ciudadanos europeos exigimos una Unión que nos proteja, y este informe, que aprobaremos mañana, es una respuesta a esta demanda con propuestas reales y tangibles que contribuirán a lograr una Europa más segura.
Clare Moody,on behalf of the S&D Group. – Madam President, I wish to thank the rapporteur for his excellent report. It has been a pleasure to work with him and the other shadows on this serious issue. The report recognises that cybersecurity and the defence of Europe’s cyberspace is one of the most important challenges that we face now. It also emphasises that there needs to be an integrated policy response with cooperation between civilian, security and military stakeholders.
The threats we face are multiple, coming from individuals, criminal gangs and states. In the UK last year our health service was severely affected by a cyber—attack launched by North Korea. That was not the only state—sponsored attack which the EU has suffered. It is essential that Europe stand united against attacks such as WannaCry and NotPetya.
Cyber—attacks, whatever their source, do not respect national boundaries, making it all the more important to work together at an EU level. In the same week that the new European Defence Fund is launched, we want to see more invested in Europe’s ability to defend itself. As the report makes clear, there needs to be more investment in cyber—expertise, emphasising the need for more experts in the cyber—defence domain and the facilitation of cooperation between existing experts. We also need to develop our capabilities to ensure better attribution of cyber—attacks, enabling a stronger coordinated response to those specific attacks that impact all of us across Europe. The EU should also fulfil the role it plays so well in other areas: namely, leading the development of international laws and standards in this field. Our job as parliamentarians is to build a safer, more secure, EU. I believe the recommendations in this report are fundamental to delivering that safety and security to our citizens.
Anna Elżbieta Fotyga, on behalf of the ECR Group. – Madam President, in the rapidly-growing digital world, Urmas Paet’s report helps us in understanding the complexity of cyber-threats in peace and war and the somewhat blurred border between both at a time of hybrid threats, because ‘cyber’ is part of this – also in the division between civilians and the military and between private and public. We have to understand that many times, the targets of cyber-attacks are civilian institutions and civilian infrastructure. Therefore we need an international legal system tackling ‘cyber’ and also an international humanitarian system referring to ‘cyber’ if we consider the cyber-domain as an operational domain, as defined by NATO.
I welcome this report, but I stress once more the necessity to cooperate between like—minded countries and societies, because the problem is so complex. I welcome cooperation between the EU and NATO. Quite rightly, cyber is the flagship of this cooperation, starting from the Declaration at the Warsaw NATO Summit.
Marietje Schaake, on behalf of the ALDE Group. – Madam President, the challenge to ensure safety and security involves more and more technological components. We see attacks on critical infrastructure, electoral systems, and really matters of democracy and peace at stake. With this global phenomenon, it only makes sense that we engage in the defence of the global open internet and all its users at EU level, as an integral part of our foreign and defence policies. We must certainly avoid fragmentation of steps taken between Member States. We need resilience of our networks, safety of devices, but also ways to attribute attacks when they do take place. This does not happen often enough, and if the rule of law should have meaning online there must be consequences to attacks.
Let’s also look at ourselves. The cybersecurity of the internet of things, the use of software vulnerabilities, and the Commissioner mentioned the development of dual use technologies, but we are still exporting harmful ones to dictatorships and that cannot help our cybersecurity. The EU should lead on the basis of values and aspire to achieve global norms here too.
Javier Couso Permuy, en nombre del Grupo GUE/NGL. – Señora presidenta, las nuevas tecnologías de la comunicación han mostrado su lado oscuro, al servirse de hackers que son capaces de introducirse en los sistemas de competidores, de empresas o instituciones para espiarlos o sabotearlos. Se ha puesto de manifiesto, igualmente, la vulnerabilidad de los usuarios de redes de comunicación y redes sociales por parte de poderosas empresas de inteligencia o que transforman nuestros datos en negocio.
Como ejemplos recientes, están los casos de Facebook o las agencias de inteligencia, como la NSA, que roban y acumulan vulnerabilidades de día cero, manteniéndolas en secreto. Este informe no protege a los ciudadanos vulnerables, a los usuarios de las redes, contra las poderosas empresas o las agencias de inteligencia que roban nuestros datos para su control o sus negocios.
El Grupo GUE/NGL votará en contra de este informe porque apoya un mercado único para la ciberseguridad, promoviendo sinergias entre mercados civiles y militares; porque insta a los Estados miembros a utilizar el marco previsto por la cooperación estructurada permanente o el Fondo Europeo de Defensa; porque apoya la cooperación de la Unión Europea y la OTAN para la defensa informática; porque apoya las políticas de seguridad y restricciones de los derechos y las libertades de los ciudadanos de los Estados miembros de la Unión Europea, o porque defiende, para la ciberdefensa, la utilización de algunos instrumentos del marco financiero plurianual.
Tunne Kelam (PPE). – Madam President, Commissioner King’s presence here is very much welcomed. Essentially, cyberspace comes down to trust and cooperation. Since the very beginning of debates on cyber issues we have been calling for deeper and wider cooperation among Member States and among the EU Institutions.
Furthermore, cybersecurity and cyber—defence have been mainstreamed into common foreign and security policy. We have been calling on this continuously and we call on it again. EU—NATO cyber—cooperation is crucial. A prime practical example of that cooperation was last year’s strategic high—level exercise in Estonia with the participation of the NATO Secretary—General.
Lastly, may I make a personal call on cyber—hygiene. Everything comes down to the individual user. Cyber—hygiene is essential in every domain by people who deal with critical infrastructure and information, yet we do not even have cybersecurity training for European Parliament staff, not to mention students in schools.
Let me congratulate colleague Paet for continuing this work and for proving himself a true liberal by accepting practically all the amendments to this report.
Janusz Zemke (S&D). – Pani Przewodnicząca! Obywatele Unii oczekują, że Unia weźmie znacznie większą odpowiedzialność za wspólne bezpieczeństwo. I to znajduje wyraz w całym szeregu działań, jakie są podejmowane w ostatnich czasach. Warto przypomnieć tutaj o powstaniu PESCO. Warto przypomnieć o powołaniu funduszu obronnego, ale także o tym, że w planach na lata 2021–2027 przewiduje się aż 32 mld euro na wspólne bezpieczeństwo. Jest to przyrost o 28%. Wydaje mi się, że właśnie w tych wyższych kwotach mamy także szansę na to, żeby znaleźć znacznie większe środki na cyberobronę, bowiem dzisiaj są to zagrożenia, z którymi spotykamy się, każdego dnia. Ale przecież można łatwo przewidzieć, że będzie tych zagrożeń coraz więcej. Trzeba zatem także wydawać więcej pieniędzy na cyberbezpieczeństwo.
Bogdan Andrzej Zdrojewski (PPE). – Pani Przewodnicząca! W jakimś sensie cyberwojna już trwa. Chcę zwrócić na to uwagę dlatego, że przyglądając się także tym zgłoszonym poprawkom – 338, o ile dobrze pamiętam – także w nich widać niezbyt korzystne dla walki z cyberatakami propozycje zapisów. Także w ramach dyskusji widać, jak bardzo mocno w tej przestrzeni informatycznej są wpisane rozmaite interesy, aby także w procesach legislacyjnych cyberbezpieczeństwo nie było do końca zapewnione. Martwi mnie to. Ale chcę podkreślić, że wszystkie elementy, które znalazły się w wypowiedzi Pana Komisarza, są tak dobrze zbudowane, że chętnie się pod nimi podpiszę. Ważne jest, aby nie tracić czasu. Ważne jest, aby nie tracić pieniędzy. Ważne jest także, aby nie lekceważyć sygnałów, które płyną w tej chwili przede wszystkim z prywatnego biznesu, dotyczącymi: inwigilacji, zagrożeń bezpieczeństwa danych, jak również bezpośredniego zagrożenia militarnego.
Arne Lietz (S&D). – Sehr geehrte Frau Präsidentin! Cybersicherheit kann nicht nationalstaatlich, sondern nur europäisch erfolgreich angegangen werden. Wenn wir den Cyberraum für unsere Bürgerinnen und Bürger sicher machen wollen, müssen die Mitgliedstaaten noch mehr Kooperationsbereitschaft zeigen. Ich begrüße deshalb das kürzlich erweiterte Mandat für die Europäische Agentur für Netz- und Informationssicherheit ENISA.
Gerade bei Cybersicherheit ist die Grenze zwischen militärisch und zivil oft fließend. Betroffen sind nicht nur öffentliche Institutionen wie Ministerien und Parlamente sowie das Militär, sondern auch zivile Einrichtungen wie beispielsweise die Stadtwerke und die Privatwirtschaft. Wir brauchen deshalb über diesen Bericht hinaus eine breitere, ressortübergreifende Diskussion zur Cybersicherheit. Dieses Thema kann nicht nur im verteidigungspolitischen Bereich abgedeckt werden, sondern gehört vor allem auch in die Innen-, Wirtschafts- und in die Justizpolitik. Auch der außenpolitische Diskurs und die Agenda der EU muss Cyberdiplomatie stärker verankern. Die EU sollte sich als treibende Kraft dafür einsetzen, dass internationale Normen für den Cyberraum entwickelt werden.
Jaromír Štětina (PPE). – Paní předsedající, Varšavská deklarace ze summitu NATO konaného v roce 2016 uznala kyberprostor jako operační okruh, ve kterém se musí NATO bránit tak účinně, jako se brání ve vzduchu, na zemi a na moři.
Kybernetický prostor nezná hranice, nepřátelské útoky mohou být politické, bezpečnostní nebo ekonomické. Jedná se o útoky na životně důležitou infrastrukturu, kybernetickou špionáž, hromadné sledování občanů EU, dezinformační kampaně, šíření škodlivého softwaru, omezování přístupu k internetu a fungování systému IT. Původci útoků jsou nejrůznější státy – Rusko, Čína a Severní Korea – a i nestátní aktéři.
Evropská agentura pro kybernetickou bezpečnost ve své zprávě z roku 2017 říká, že existují neochvějné důkazy o útocích na demokracii a o kybernetické válce. Tyto činnosti ohrožují naši bezpečnost, veřejný pořádek, demokracii a naši strategickou autonomii. Odpovědí na závažné incidenty by měla být vždy společná reakce EU, včetně restriktivních opatření.
Caterina Chinnici (S&D). – Signora Presidente, onorevoli colleghi, la rivoluzione digitale ha reso più facile la nostra vita ma ci ha esposto a nuove minacce, quali cibercriminalità, terrorismo informatico e ciberattacchi provenienti talvolta addirittura dagli Stati.
A fronte dei gravi rischi collegati ai potenziali attacchi provenienti dal ciberspazio, seppure gli Stati membri rimangano responsabili della sicurezza nazionale, l'Unione europea deve sviluppare una politica comune e globale di ciberdifesa.
In tale ottica, il Centro per la lotta alla criminalità informatica di Europol dovrà essere potenziato per divenire un punto focale per lo scambio di informazioni fra agenzie governative che si occupano di cibercriminalità, oltre che per fornire assistenza agli Stati membri.
La Commissione poi dovrà adoperarsi per rafforzare i partenariati pubblico-privato, per creare sinergie e soluzioni innovative fra i mercati civili e militari e per rafforzare la ciberdifesa attraverso la cooperazione internazionale e con la NATO per una più efficace difesa dai nostri paesi.
Agustín Díaz de Mera García Consuegra (PPE). – Señora presidenta, si bien las competencias en ciberdefensa recaen en los Estados miembros, es necesario que exista cooperación y coordinación entre todos ellos. Hay que reconocer los avances a través de la Agencia Europea de Defensa y de la nueva cooperación estructurada permanente (CEP). Sin embargo, la cooperación entre interlocutores dista aún de ser organizada.
Las estructuras europeas, desde el EC3 de Europol al Equipo de Respuesta de Emergencia Informática, pasando por ENISA, aún débil, carecen de un sistema de cooperación robusto y necesitan mejoras importantes.
La cooperación Unión Europea-OTAN es fundamental. Los esfuerzos y conocimientos compartidos son necesarios para poder neutralizar los ataques —4 000 diarios en 2016—. Una mejora sustancial en las capacidades de ciberdefensa repercutiría en la autonomía de la Unión, fundamental para la Estrategia Global de Seguridad 2016. Además, permitiría reducir la dependencia de nuestros socios internacionales, como es el caso de los Estados Unidos.
Pyynnöstä myönnettävät puheenvuorot
Sirpa Pietikäinen (PPE). – Arvoisa puhemies, sekä komissio että muut EU-elimet ja parlamentti ovat tehneet erittäin hyvää työtä ja suunnitelmia kyberturvallisuuden parantamiseksi mutta – pahoin pelkään – enemmän tämän päivän ja eilisen uhkiin mitoitettuna.
Kun otamme huomioon, että informaatioteknologia kehittyy eksponentiaalisesti eli noin viiden tai kymmenen kertoimella ja tulee tosiasiallisesti meidän elämämme kaikille osa-alueille, informaatioyhteiskunnan johtamisessa, big datassa, ihmisten henkilötiedoissa, terveystiedossa, itseohjautuvissa autoissa ja muussa liikenteessä jne. on kysymys siitä, miten voimme ennakoida mahdollisia tulevia uhkia torjumatta silti tätä teknologiaa ja miten voimme paremmin myös ennalta varautua sekä tuplajärjestelmillä – rinnakkaisjärjestelmillä – että myös turvallisuusohjelmilla. Sitä varten mielestäni Euroopan unioni tarvitsisikin hyvin laajan ja hyvän kyberturvallisuuskeskuksen, jossa on sekä tutkimusta että ennakointia.
Julie Ward (S&D). – Madam President, the internet should be a force for good: a common space that promotes quality education and inspired learning, better communication, creativity and intercultural dialogue. The internet should support fair and sustainable trade and uphold human rights, and it should most definitely not be prey to those wishing to hijack democracy, such as was evidenced by the Cambridge Analytica, AIG and Facebook scandals that were behind the Trump and Brexit campaigns and the Kenyan presidential election in August 2017, which was subsequently annulled by the Supreme Court.
One way to improve cyber—defence is to improve internet governance, and the annual Internet Governance Forum (IGF) is an excellent example of multi—stakeholder engagement in a pressing issue that concerns us all. I’d like to particularly commend the work of the Youth IGF, a network of young people in developed and less—developed countries who are active in their local communities and in the online space.
Νότης Μαριάς (ECR). – Κυρία Πρόεδρε, η άμυνα έναντι των κυβερνοεπιθέσεων αποτελεί πράγματι σημαντική πρόκληση στη σύγχρονη εποχή. Θα ήθελα να θέσω υπόψη της Επιτροπής και του κυρίου King τις κυβερνοεπιθέσεις που γίνονται αυτή τη στιγμή από Τούρκους χάκερς σε διάφορες ιστοσελίδες ελληνικών δημοσίων υπηρεσιών αλλά και εταιρειών.
Το διάστημα μεταξύ 30 Απριλίου και 2 Μαΐου έγιναν κυβερνοεπιθέσεις από Τούρκους χάκερς πρώτα από όλα στο Αθηναϊκό Πρακτορείο Ειδήσεων, επιπλέον σε μια εφημερίδα στην Κρήτη, επίσης στην Ομοσπονδία Χάντμπολ, επιθέσεις που συνοδεύονταν από απειλές, στις οποίες αναφέρουν, μεταξύ άλλων, οι Τούρκοι χάκερς: «Ελλάδα ξεχνάς γρήγορα. Ρίξαμε στη θάλασσα τους προγόνους σας. Θα το ξανακάνουμε!». Είναι μια απαράδεκτη κατάσταση και θα ήθελα να καταδικαστεί και από εσάς, κύριε King.
Nadja Hirsch (ALDE). – Frau Präsidentin, liebe Kolleginnen und Kollegen! Letzte Woche gab es am Hamburger Flughafen massive Störungen wegen eines Stromausfalls. Es war kein Cyber-Angriff, sondern nur ein ganz normaler Kurzschluss. Aber ich denke, so ein Vorfall zeigt sehr deutlich, wie verletzbar unsere kritische Infrastruktur ist. In den letzten Jahren beobachten wir immer häufiger Cyber-Angriffe aus Russland, China, Nordkorea oder auch von länderübergreifenden Akteuren.
Cyber-Spionage, Desinformationskampagnen oder auch Erpressungssoftware, Ransomware, sind inzwischen ein Teil unseres Alltages geworden. Durch die offenen Grenzen des Internets ist es unmöglich, dass sich die Staaten separieren. Deswegen ist es umso wichtiger, dass die Mitgliedstaaten der Europäischen Union zusammenarbeiten. Daher gilt es jetzt tatsächlich, einen EU-Cyber-Reaktionsdienst einzurichten und die Koordinierung viel stärker zusammenzubringen. Cyberdefence muss von vornherein beim Aufbau der Europäischen Verteidigungsunion eine ganz zentrale Rolle spielen. Das ist für uns extrem wichtig.
Kateřina Konečná (GUE/NGL). – Paní předsedající, jsem velmi ráda, že EU usiluje o posílení svých pravidel kybernetické bezpečnosti s cílem řešit narůstající hrozby. 86 % Evropanů se domnívá, že se riziko kybernetické trestné činnosti zvyšuje, a z toho důvodu je nutné se tomuto tématu věnovat a přinášet řešení.
Je třeba mít akceschopný plán reakce na kybernetické útoky velkého rozsahu, bránit evropské společnosti a hlavně naše občany. V této souvislosti nesmíme také zapomínat na vzdělávání obyvatel. Snížení rizika pomocí dostatečného uvědomění si hrozeb je metoda prevence, která se vyplatí všem členským státům. Pouze poučená populace také bude lépe rozumět výzvám, které s kybernetickou hrozbou souvisí.
I zde totiž platí, že pokud nebudeme problém řešit komplexně, může to mít negativní dopad na naši bezpečnost.
Γεώργιος Επιτήδειος (NI). – Κυρία Πρόεδρε, οι επιθέσεις στον κυβερνοχώρο αποτελούν μία από τις μεγαλύτερες σύγχρονες απειλές ακόμη και κατά της ίδιας της υποστάσεως ενός κράτους. Πρέπει λοιπόν το θέμα αυτό να αντιμετωπίζεται με ιδιαίτερη προσοχή. Κάθε κράτος οφείλει να έχει τη δυνατότητα να προστατεύσει τον κυβερνοχώρο του και, για να το επιτύχει αυτό, θα πρέπει να αποκτήσει τις απαιτούμενες δυνατότητες. Πρέπει κατ’ αρχάς να δημιουργήσει κατάλληλες υποδομές και να επενδύσει σε υψηλή και σύγχρονη τεχνολογία. Επιπλέον πρέπει να υπάρξει συνεργασία σε επίπεδο κράτους, Ευρωπαϊκής Ενώσεως αλλά και ΝΑΤΟ. Επίσης θα πρέπει να δημιουργηθούν εμπειρογνώμονες, να ανταλλάσσονται πληροφορίες, να γίνονται κοινές ασκήσεις και να διεξάγεται συνεχής έρευνα. Για την άμυνα στον κυβερνοχώρο, λόγω του στρατιωτικού αλλά και του μη στρατιωτικού χαρακτήρα της, επιβάλλεται να επιτευχθεί συνεργασία μεταξύ του στρατιωτικού αλλά και του ιδιωτικού φορέα. Τέλος η Ευρωπαϊκή Ένωση σε όλη αυτή την προσπάθεια πρέπει να διαδραματίσει συντονιστικό ρόλο.
(Pyynnöstä myönnettävät puheenvuorot päättyvät)
Julian King, Member of the Commission, on behalf of the Vice-President of the Commission / High Representative of the Union for Foreign Affairs and Security Policy. – Madam President, I would like to thank honourable Members for this report and this debate. I agree that this is a very important subject and it is timely that we review the steps that we have taken and the work that is still required.
We will continue our work to build our cyber—resilience and cyber—deterrence, as well as to reinforce international cooperation and defence cooperation. The EU institutions together will work with the Member States, with partners and with international organisations, notably NATO, as many of you have underlined. We will work to bring together the civilian and the military dimensions of this challenge and the public and the private dimensions of this challenge. We need to develop our capabilities, and we need to continue to drive and focus our research and development to reinforce our cyber—security.
A number of you mentioned other detailed points that we can look at. Overall, I want to say how much we share the thrust of this report. We need to be ready. We need to meet the cyber and cyber—enabled threats that we face because that is indeed what our citizens expect.
Urmas Paet, Rapporteur. – Madam President, I wish to thank everyone for all the comments and feedback we have heard and, of course, I especially thank all the shadow rapporteurs for the very efficient and effective cooperation we had preparing this report.
We have a responsibility at all levels to increase the security of our citizens, and this means also increasing cyber—defence at Member State level, as well as that of the EU, NATO and like—minded countries.
I want to stress that I believe it is imperative that top—level exercises are also held every now and then to bring the matter closer to the leaders of our countries to make them realise the problem is not going away. Each and every country must do their utmost, each on their own, but of course also together.
Thank you very much, and I really hope that tomorrow during the vote we can have the result which is long awaited by our citizens from our Member States.
Puhemies. – Keskustelu on päättynyt.
Äänestys toimitetaan keskiviikkona 13. kesäkuuta 2018.
Eugen Freund (S&D), schriftlich. – In unserer global vernetzten Welt genießen wir dank moderner technischer Möglichkeiten viele Vorteile, vieles wird uns leichter gemacht. Leider beinhaltet der Wandel hin zu einer digitalen Gesellschaft auch Gefahren und Bedrohungen. Auf diese entsprechende Antworten zu finden und passende Reaktionen zu entwickeln, ist Teil unserer politischen Verantwortung. Cyberbedrohungen sind eine Gefahr und werden immer gegenwärtiger.
Für mich besonders wichtig ist der Schutz von kritischer Energie-Infrastruktur vor Attacken aus dem Internet – ein Bereich, der erst in letzter Zeit höhere Aufmerksamkeit bekommt und in dessen Schutz man nicht genug investieren kann. Die Infrastruktur im Energiebereich bietet einen essenziellen Dienst, denn nur durch sie ist das Funktionieren einer einwandfreien modernen Gesellschaft und Wirtschaft gesichert. Gerade in diesem Bereich kann eine Cyberattacke besonders verheerende und beängstigende Auswirkungen haben. Käme es zu einem Cyberanschlag auf unsere Energieversorgung, wären wir nicht in diesem Raum, wir wären nicht in Straßburg, wir wären vermutlich eingesperrt in unseren Häusern. Lampen, Handys, Kühlschränke, unsere Wasserversorgung, Tankstellen und vieles weitere – nichts würde mehr funktionieren.
Deshalb ist auch die Debatte über eine EU-Reaktion auf sogenannte cyberthreats eine wichtige. Sie sollte in aller Ausführlichkeit, mit der angemessenen Ernsthaftigkeit und dem nötigen Pragmatismus geführt werden.
Antanas Guoga (PPE), in writing. – I want to congratulate Mr Paet on the report. This report clearly shows that cyber security has to be the top priority in the EU because it covers many areas like trade, services, and most importantly security and defence matters of the Member States. The report acknowledges the importance of coordination between Member States, which has been already emphasised in the NIS Directive. Cyber security is a cross—border matter and alone we cannot protect ourselves to the maximum level. That is also why the role of the European Defence Agency, European Union Agency for Network and Information Security (ENISA) is important. The EU agencies have to enhance Member States to help them not only to fight cyber-attacks, but most importantly to increase cyber resilience.
Dominique Martin (ENF), par écrit. – Le Parlement européen a voté le 12 juin 2018 une proposition de résolution sur la cyberdéfense: une bonne initiative (dans la théorie...) qui s’inscrit juridiquement dans la continuité du cadre stratégique de cyberdéfense de l’Union européenne du 18 novembre 2014 et de la résolution sur la lutte contre la cybercriminalité du 3 octobre 2017.
Nous nous félicitions que Bruxelles prenne au sérieux la menace des cyberattaques dont il n’est plus à démontrer le nombre d’incidents et les menaces tant économiques que terroristes. Malheureusement, la cyberdéfense est comme une serrure dont il ne faut pas distribuer les clefs. Si chaque État membre a son propre système, c’est d’autant plus compliqué à attaquer. À l’inverse, l’uniformisation ou la coordination des systèmes les rend vulnérables: il suffit de trouver une clef pour faire tomber l’ensemble du système.
Dans le même sens, l’évolution permanente de ces techniques oblige à une grande réactivité, impossible à mettre en œuvre à 27 États membres : nous en sommes témoins... Par ailleurs, cette cyberdéfense intégrant des dimensions militaires et le cyberespace étant de plus en plus considéré comme le «cinquième domaine de la guerre», la France doit conserver son indépendance dans ce secteur particulièrement sensible.
João Pimenta Lopes (GUE/NGL), por escrito. – Ciberdefesa. Um dos mais atuais temas da agenda política da segurança e defesa, colocado na ordem do dia pela União Europeia, conivente e subserviente à estratégia da NATO e à sua agenda bélica e de agressão. Agora, procuram legitimar e regulamentar mais uma frente de guerra que completa o Mercado Único Digital. Trata-se, em rigor, de aumentar e ampliar capacidades de escrutínio, controlo e criminalização no espaço cibernético, fora do escrutínio judicial, a pretexto de pretensas ameaças, mas criando capacidades para intervir também sobre países terceiros, complementando a estratégia de desestabilização interna que já protagonizam em vários países.
O relatório é mais um contributo para o reforço do pilar militarista da UE, com mais orçamento e capacidades para a guerra. A Europa que defendemos é, pelo contrário, uma Europa de paz e cooperação entre Estados soberanos iguais em direitos, assente no respeito e na firme defesa dos direitos, liberdades e garantias dos cidadãos.