Doslovný zápis z rozpráv

Utorok, 5. októbra 2021 - Štrasburg

12. Stav spôsobilostí EÚ v oblasti kybernetickej obrany (rozprava)

  Puhemies. – Esityslistalla on seuraavana Urmas Paetin ulkoasiainvaliokunnan puolesta laatima mietintö EU:n kyberpuolustuskyvyn tilasta (2020/2256(INI)) (A9-0234/2021).

  Urmas Paet, rapporteur. – Madam President, yesterday Facebook and its products like WhatsApp and Instagram went down. This was supposedly just a technical problem and not a cyberattack. But all over the world, communications were hampered. The usual information flow stopped.

But we might have bigger scares, see bigger damage and even human losses if a state or non-state actor decides to attack our critical infrastructure, like hospitals, energy or transport, or to meddle in elections. The recent Pegasus spyware scandal has shown the vulnerability of journalists, human rights activists, elected representatives and other citizens that were massively spied on.

More connectivity means more vulnerabilities. In recent years, the EU has seen a continuous growth in cyber operations conducted by state and non-state actors against the EU and its Member States, revealing vulnerabilities in networks essential to European security.

These days, every conflict has a cyber-element to it. It is important for the EU and its Member States to strengthen cyber-resilience and develop common cybersecurity and defence capabilities, in order to respond to such security challenges.

President von der Leyen said in her State of the Union address that, given that resources were scarce, we had to bundle our forces. We should not just settle for addressing the cyberthreat, but should also strive to become a leader in cybersecurity. If the EU wants to be seen at the forefront of digital ambitions, it must increase its technological sovereignty and innovation, and be ready to raise the level of its cybersecurity.

A common cyber-defence policy and increased cooperation at EU level to develop common and improved cyber-defence capabilities are essential elements in building a stronger European Defence Union. The borderless nature of cyberspace – as well as the substantial number and increasing complexity of cyberattacks – requires a coordinated Union-level response, including common Member State support capabilities and Member State support for measures in the EU cyber-diplomacy toolbox, as well as intensified EU—NATO cooperation, based on information-sharing between cyber-crisis response teams, the exchange of best practices, enhanced training, research and exercises.

The European External Action Service and the Commission, in cooperation with the Member States, need to develop a comprehensive set of measures and a coherent policy on cybersecurity, in order to enhance resilience and coordination on cyber-defence. It is essential for the Member States to significantly increase classified information-sharing capacities in order to facilitate information-sharing where needed and useful, and to develop a rapid and secure European network to detect, assess and counter cyberattacks.

The EU has taken many measures to raise the level of its cybersecurity and cyber-defence capabilities. It has adopted and applied a legal framework for targeted restrictive measures against cyberattacks, and EU-NATO cooperation has increased in the cyber-defence field too. But even more coordinated Union level action is needed.

The review of the Cyber Defence Policy Framework should strive to enhance coordination between EU actors and also between and with Member States. PESCO offers excellent ways to speed up cybersecurity initiatives and should be used to that end. The strategic compass should be used to deepen the strategic culture in the cyber domain and help to overcome the current fragmentation and complexity of the overall cyber architecture within the EU and remove any duplication of capabilities and mandates.

Fragmentation carries serious issues with resources that need to be addressed. The establishment of a joint cyber unit is needed to increase cooperation and information—sharing between EU institutions and enable the full use of existing structures, resources and capabilities.

Increased funding is needed for the CERT-EU and the EU Intelligence and Situation Centre, and to support Member States in establishing and strengthening security operation centres in order to build a network of these centres across the EU. It is also important to improve citizens’ skills and raise public awareness on cyberattacks and how individuals can defend themselves against these attacks.

More operational assistance is needed between Member States. Trust also needs to be built, as this is still one of the big obstacles. Common exercises and scenario-based policy discussions on crisis management are important in this regard. We are witnessing increasingly aggressive behaviour from Russia, China and North Korea in cyberspace, and it is clear that in order to be successful in overcoming threats to Euro-Atlantic security interests, increased coordination with NATO is needed.

For this, coordinated exercises and joint training are indispensable. We need to look for possible complementarities with NATO to avoid duplication and acknowledge that respective responsibilities and coordinated exercises and joint trainings are indispensable.

Functioning deterrence can be achieved when the adversaries have a better awareness of the possible countermeasures. Increased cooperation with NATO allies, like-minded countries, United Nations and the OSCE is also needed. Member States and the EU should also be at the forefront of discussions under the United Nations to help promote responsible state behaviour in cyberspace.

Finally, I would like to thank all my colleagues and staff that have helped to draft this report. I wish you all a good debate and hope that you can support this report.

  Jutta Urpilainen, Member of the Commission. – Madam President, honourable Members, let me thank rapporteur Paet for bringing cyber defence issues to our attention.

As highlighted in the report, in recent years we have seen continuous growth in cyberattacks against the EU and its Member States, which is affecting European security. The best way to face these threats is to join forces and mobilise resources, as rightly indicated in the report. To protect cyberspace we need to modernise our capabilities, advance research, training and exercises and increase efforts to prevent, deter and respond to cyberattacks.

The EU cyber diplomacy toolbox has already proved its value in allowing Member States to take measures, including sanctions, to address cyber activities affecting them and threatening their security. Our 2020 Joint EU Cybersecurity Strategy for the Digital Decade allows us to increase our resilience, reinforce our capacities to prevent, deter and respond to cyberattacks and advance a global, open and secure cyberspace.

Building on this strategy, we are reviewing the 2018 EU Cyber Defence Policy Framework, setting the political ambition for the EU’s Cyber Defence Policy, making full use of available instruments, such as the Permanent Structures Cooperation and the European Defence Fund. Cyber defence will also be a key aspect of the strategy compass currently under development.

As is stressed in the report, our key challenge is to develop and use capabilities in a collaborative approach. Today, within the European Defence Agency we have a structured framework to support Member States in collaborative capability development and research activities. This allows for enhanced interoperability and pooling of scarce national resources.

The European Security and Defence College organises cyber training courses for military and civilian personnel from the EU institutions, the common security and defence policy (CSDP) missions and operations and Member States to strengthen their coordination. We also conduct exercises with ‘cyber’ included, notably the EU Integrated Resolve or the annual cyber diplomacy toolbox exercise. These exercises will help us to strengthen our common understanding of the procedures for mutual assistance and solidarity, as pointed out in the report.

Last month, the European Union Military Committee approved the European Union Military Vision and Strategy on Cyberspace as a domain of operations, which sets the framework to use cyberspace as a domain of operations in support of EU CSDP military operations and missions. Further responding to the need for more cooperation among national entities in charge of cyber defence, we have taken our first steps towards the establishment of a military computer emergency response teams network.

As recommended in your report, the External Action Service also works together with the Commission on the establishment of the joint cyber unit, bringing together all cyber communities, including cyber defence and diplomacy, to better coordinate EU action to prevent, deter and respond to cyberattacks.

Finally, the report also calls to strengthen our coordination and cooperation with NATO in the framework of the joint declarations, which we do through our staff—level dialogues and by conducting cyber scenario—based discussions and exercises.

In conclusion, we have made considerable progress in the past few years on cyber defence. At the same time, the ongoing work on the strategic compass and the review of our framework for cyber defence policy will allow us to further strengthen Member States’ capabilities and cooperation in this domain in view of a true EU cyber defence policy. I thank you very much for the report and I look forward to this discussion.

  Rasa Juknevičienė, on behalf of the PPE Group. – Madam President, despite the fact that cyberspace is one of the greatest inventions of humanity, it can become the most dangerous weapon in the hands of evil in the 21st century.

Russia and China, the main countries from where the cyber-threats derive, already have well-prepared special cyber-units within their armed forces. Also, they use private structures and are able to act very aggressively. The lack of boundaries in the cybernetic domain and the high-level cyber-attacks are a massive threat, and so they demand a coordinated response on the EU’s part. So it is crucial to reinforce the EU’s defence in this domain, as well as intensive cooperation between the EU and NATO.

I am happy that this important security issue has received a large cross-partisan support and agreement. The draft report reflects well the most important aspects of cyber-defence, such as prevention, as well as better crisis management or ability to respond to large-scale cyber-attacks.

Dear colleagues, I invite you to support this report.

  Juozas Olekas, on behalf of the S&D Group. – Madam President, in the ever—more digital world, cyberspace is a new frontier that has to be regulated, secured and protected.  A robust cyber defence is paramount for the security of the EU and its Member States. This was rightly addressed by President von der Leyen in her State of the Union speech, where she acknowledged the need for the European cyber defence policy.

The interconnected world provides new opportunities for us, but also gives new challenges. It is very important to establish better information-sharing among the EU Member States and better cooperation with like—minded international partners in order to reduce fragmentation and duplication. The ongoing permanent structured cooperation project (PESCO) is a good example of how the EU Member States can operate in the cyber defence field. Cyber defence shall be one of the main priorities in the European defence industrial development programme and for the European Defence Fund. 

In the cyber defence field, know-how is the most important tool. Therefore we should invest more in cyber defence training for EU military and civilian personnel. We should also extend such training programmes to our partners in the Western Balkans and the Eastern Neighbourhood countries.

I would also like to welcome the setting-up of the EU Cyber Diplomacy Toolbox that will provide the EU with the tools to address the new cybersecurity challenges. It is crucial to step up our ability of attribution; only with the speedy detection, identification and attribution of all cyber threats can we make sure that all originators of cyberattacks will be prosecuted in a timely manner.

  Morten Løkkegaard, for Renew-Gruppen. – Fru formand! Jeg er lige kommet hjem fra Athen fra et besøg i det Europæiske Agentur for Cybersikkerhed. Og hvis ikke jeg vidste det før, så ved jeg det i hvert fald nu: Vi er midt i en cyberkrig, og derfor skal cybersikkerhed selvfølgelig også øverst på dagsordenen, og derfor er det velkomment, at vi diskuterer det i dag. Ursula von der Leyen sagde det selv i sin tale om Unionens tilstand. Det er et vigtigt skridt, som skal styrke det europæiske samarbejde om cybersikkerhed, men det er nødvendigt at gøre mere. Videndeling og tættere samarbejde kan ikke gøre det alene. Der er brug for nye værktøjer til at tackle cybertrusler.

EU har brug for at kunne vedtage fælles sanktioner. En af kollegerne var inde på det før: Vi har brug for sanktioner, de enkelte medlemslande, men der er brug for fælles aktioner, fælles sanktioner. Når medlemslande gentagne gange udsættes for cyberangreb fra bestemte hackergrupper, ja, sågar fra fjendtlige stater, så er vi nødt til at kunne reagere samlet. Jeg håber virkelig, at denne debat vil kunne føre til en ny erkendelse af dette faktum: Også i cyberspace er der brug for en fælles indsats.

  Markéta Gregorová, on behalf of the Verts/ALE Group. – Madam President, information warfare intensity seems to be growing as fast as global computing capacity. Zero-click-spyware and ransomware attacks are exposing how vulnerable our infrastructure, our businesses and our private lives are in the digital realm.

In our report we define European rules of engagement in the digital domain that are anchored in international law and we name state actors that show systemic aggressive behaviour, namely China, Russia and North Korea. We also recognise the advent of emerging technologies that actively change the global balance of power and call on the European Member States to lead on these technological developments and to adopt a common position on autonomous weapons systems that ensures meaningful human control.

Equally, the European Parliament calls on the Member States to create a human-centric approach to AI regulation, based on democratic values.

Finally, the protection of our military secrets and our individual privacy can only happen with strong encryption, and it is very important for my Group that we do not see any legal grey areas there.

I would like to thank the rapporteur and the other colleagues for including many of our proposals and for fruitful cooperation on this report, and I support the final text.

  Jérôme Rivière, au nom du groupe ID. – Madame la Présidente, Madame la Commissaire, chers collègues, en matière de cybersécurité, les règles politiques et les convictions qui nous animent ne sont pas ébranlées par ce nouveau champ de possibilités. Contrairement à ce qu’affirme le rapporteur, la nature transfrontalière des nouvelles technologies n’est pas un argument pour justifier ni une fuite en avant communautaire effaçant les nations, ni un nouveau transfert de compétences à l’échelle européenne.

Qu’ils soient civils ou militaires, les développeurs des technologies informatiques à succès, américains ou chinois, puisqu’il s’agit là des puissances les plus avancées en la matière, se sont appuyés sur des structures étatiques pour devenir les mastodontes que l’on connaît aujourd’hui.

L’Union européenne n’est pas un État, mais une pluralité de nations, et les Européens ne sont pas un peuple mais des peuples. Le domaine de la cybersécurité n’échappe pas à cette réalité. En limitant les structures étatiques nationales partout en Europe, l’Union européenne paralyse les développements possibles en matière de coopération. Comme pour bien des sujets, l’état des capacités de cyberdéfense de l’Union européenne est considéré par la Commission comme une occasion d’avancer vers plus de soumission des nations à une politique européenne, toujours placée en matière de défense sous la tutelle de l’OTAN.

Non, nous ne voulons pas, comme le souhaite le rapport, bâtir une Union européenne de la défense dans le domaine informatique. Nous ne voulons pas une mainmise toujours plus importante de la Commission européenne sur ces sujets stratégiques. La défense, qu’elle soit physique ou numérique, est une souveraineté nationale, prérogative inviolable des États membres. À eux de développer leurs outils, de choisir leurs alliances et de définir leurs priorités. Le choix des coopérations leur appartient: elles ne doivent ni ne peuvent être imposées par des technocrates détachés de toute réalité.

VORSITZ: KATARINA BARLEY
Vizepräsidentin

  Assita Kanko, on behalf of the ECR Group. – Madam President, ‘now that everything is connected, everything can be hacked’, said President von der Leyen in this Hemicycle just three weeks ago. We all know she’s right. We all know how vulnerable we are today and have been recently. Smart, active, fast, creative: sadly, this is not how we can define our way of fighting cyber-criminality. Those words are describing the entities behind the cyber-attacks. They are smart. They have the knowledge and know-how to transform strategies into actions in that domain. They are fast, running on a cyber-highway, and know how to adapt faster than we can for the moment.

This report is a strong wake-up call, and I would like to thank the rapporteur Mr Paet and fellow shadow rapporteurs for this important work. Actually, I am also sad that we needed a report to show what everyone can see. Today, developing a European cyber-defence policy should provide us with better protection against the newest method of warfare. We have very high expectations from the French Presidency so that we can protect European citizens against these new threats.

  Manu Pineda, en nombre del Grupo The Left. – Señora presidenta, algún día tendremos que ver que nuestros principales enemigos están dentro de la OTAN y no fuera. Se lo digo porque si alguien ha puesto en jaque nuestras democracias con sus prácticas en estos últimos años, esos han sido los Estados Unidos. La última vez, el pasado junio: la NSA, gracias a Dinamarca, expió al Gobierno alemán. No era la primera vez, pero aquí no pasa nada.

Ni siquiera hace falta mirar a la OTAN. Las amenazas las tenemos en casa: la extrema derecha y sus empresas satélites se sirven a diario de las redes sociales para manipular elecciones, influir en consultas como el Brexit o extender bulos. Lo hacen a diario, pero no pasa nada.

Mientras, ustedes se empeñan en reforzar la OTAN y en servir a los Estados Unidos en su choque contra China y Rusia. Están siguiendo una carrera militarista muy peligrosa.

Claro que necesitamos una estrategia europea de ciberseguridad, pero para defender los intereses de nuestra gente, no para alimentar estructuras militares obsoletas o conflictos que solo interesan a los Estados Unidos.

  Mislav Kolakušić (NI). – Poštovana predsjedavajuća, poštovani kolege, poštovani građani, kada govorimo o kiber ili internet sigurnosti morali bismo imati nešto što imamo zabraniti. Danas su sve društvene mreže, svi e-mail servisi, sva internet prodaja, sve aplikacije za komunikaciju građana na kojoj se nalaze podaci gotovo svih građana Europske unije, na kojoj se nalaze njihovi bankovni računi, bankovne kartice, nalaze u vlasništvu tvrtki iz Sjedinjenih Američkih Država.

Što mi možemo braniti kada mi uopće ne raspolažemo tim podacima? Da li Kina, Rusija, Indija koriste te servise? Naravno da ne. Oni imaju vlastite e-mail servise, vlastite internet trgovine, vlastite aplikacije. Mi ne možemo ozbiljno razgovarati o internet sigurnosti i kibersigurnosti bez da imamo sve te mreže i aplikacije razvijene u Europskoj uniji.

  Eugen Tomac (PPE). – Doamnă președintă, doamnă comisar, felicit raportorul pentru că prezintă o situație exactă cu privire la situația legată de securitatea cibernetică.

Este însă suficient să ne uităm la ziua de ieri, când practic cu toții am constatat ce înseamnă să existe o criză cibernetică, când marii jucători de pe piață se confruntă cu probleme de securitate sau de management. Întregul glob a fost afectat.

Tocmai de aceea cred că este esențial ca Comisia să întreprindă toți pașii pentru a face funcțional Centrul de competențe în materie de securitate cibernetică, creat chiar la București, în țara mea, pentru că avem nevoie de anticorpii necesari pentru a face față acestor provocări care există.

Nu există doar grupuri de interese care urmăresc obiective politice, economice sau sociale prin care atacă cibernetic statele noastre. Mai grav este că există state care utilizează tehnologia pentru a ataca alte state și aici suntem cei mai expuși și trebuie să acționăm cu mai multă fermitate pentru a ne apăra cetățenii, pentru a ne apăra instituțiile, pentru a ne apăra democrația.

  Javi López (S&D). – Señora presidenta, señora comisaria, el mundo se adentra en la era de la unpeace, de la no paz. Competencia entre grandes poderes con cuasi conflictos soterrados y permanentes, ataques, ciberataques y ataques híbridos, que intentan influir en nuestros procesos de toma de decisión y hacer que la democracia, nuestro sistema de decisión, se convierta en una vulnerabilidad estratégica a ojos del mundo.

Por todo ello, la ciberdefensa es hoy ya un elemento central para nuestra seguridad y para la protección de nuestra democracia. Capacidades cibernéticas, de telecomunicaciones y de inteligencia artificial que deberían, también, ser parte de la construcción de una autonomía estratégica.

Por todo ello, es necesario disponer de una caja de herramientas diplomática que clarifique la respuesta que ha de darse frente a estos ciberataques, así como incluir la ciberseguridad en el Fondo Europeo de Defensa o la PESCO, y que sea también una herramienta a tratar en la OTAN y con nuestros socios. Por nuestra seguridad y por nuestra democracia.

  Bart Groothuis (Renew). – Madam President, some seven years ago all NATO members convened in Wales, and they agreed to spend 2% of their budgets, of GDP, on defence – and rightly so because we did not address the threats at that time, and we still do not. But now, seven years later, new threats have been added to the game: cyber—sabotage, intellectual property theft, disinformation, election interference, economic coercion and so forth.

My question seven years later is, therefore, are we spending enough to counter these new threats that we face today? Does the West need to convene again, just like we did seven years ago in Wales, to counter the threats of our time?

I believe we need to do so, and because the EU is often better positioned than NATO to counter such new threats, it is the EU which should diplomatically step up and take the lead to formulate a new spending norm to complement NATO and address the threats of our time and beyond.

  Anna Bonfrisco (ID). – Signora Presidente, onorevoli colleghi, signora Commissaria, proteggere le reti digitali militari e le reti delle nostre comunità di intelligence garantisce la piena sovranità degli Stati membri, la non interferenza nelle nostre politiche, nelle libertà dei cittadini europei e anche nei nostri interessi nel mondo.

I nostri avversari vogliono corrompere, degradare, sostituire il nostro modello di democrazie liberali occidentali con il loro modello autoritario. Chi vincerà quindi questa guerra cyber nei prossimi anni? Senza dubbio, se divisi perderemo e verremo spogliati dei nostri vantaggi competitivi e delle nostre certezze. Pertanto è necessaria la creazione di un gruppo di lavoro per la cyber intelligence, condiviso tra l'Unione e gli Stati membri, che consenta una risposta diplomatica comune. L'Europa sarà all'altezza della sfida cyber sino-russa? Non certo attraverso un semplice documento. L'Europa ha bisogno di leadership, di visione e di azione nel contesto del cyber.

  Patryk Jaki (ECR). – Pani Przewodnicząca! Szanowni Państwo! Zgadzam się ze wspólną wizją strategiczną, osiągnięcie w Unii odporności w zakresie cyberobrony. Dzisiaj zdolności te mają charakter rozproszony, a ich konsolidacja i koordynacja jest zadaniem na najbliższą przyszłość. Eksperci potwierdzają, Unia Europejska dysponuje ważnym, w pełni operacyjnym zasobem mogącym zapewnić cyberodporność i zbiorowe szybkie reagowanie na cyberincydenty.

Dlatego jest konieczna wymiana informacji między zespołami reagowania kryzysowego w dziedzinie cyberbezpieczeństwa, wymiana najlepszych praktyk, zintensyfikowanie szkoleń, badań i ćwiczeń. Potrzebne jest opracowanie europejskiej szybkiej i bezpiecznej sieci służącej wykrywaniu, ocenie i przeciwdziałaniu cyberatakom. I dlatego zgadzam się z wypracowanymi zaleceniami, które są bardzo ważne i trzeba je podkreślić, w tym między innymi podnoszenie świadomości społecznej i doskonalenie umiejętności obywateli w zakresie obrony przed cyberatakami oraz ściślejsza współpraca pomiędzy Unią Europejską a NATO, zwłaszcza w zakresie interoperacyjności cyberobrony.

  Tomislav Sokol (PPE). – Poštovana predsjedavajuća, povjerenice, kolegice i kolege, posljednjih godina svjedočimo neprestanom porastu broja zlonamjernih kiberoperacija protiv Europske unije i njezinih država članica od strane raznih državnih i nedržavnih aktera koji su razotkrili nedovoljnu zaštitu i ranjivost Unije na ovom području. Radi ostvarivanja stranih političkih, gospodarskih i sigurnosnih ciljeva malicioznim kiberaktivnostima podupire se razvoj dezinformacijskih kampanja, ograničava pristup internetu i ometa rad IT sustava.

Također, kiberprijetnje su sve češće usmjerene na objekte kritične infrastrukture kao što je energetska, zdravstvena i prometna. Potreban je koordinirani odgovor na razini Unije, uključujući zajedničke kapacitete država članica za potporu, te pojačana suradnja koja se temelji na razmjeni informacija najboljih praksi i vježbama.

Od strateškog je značaja povećati ulaganja u kapacitete kiberobrane radi poboljšanja otpornosti strateških kapaciteta EU-a i država članica, naročito kroz programe Digitalna Europa i Obzor Europa. Posebno je važno naglasiti da kiberobrana ima i vojnu i civilnu dimenziju te zahtijeva čvršću suradnju na europskoj razini u obadva aspekta.

Radi se o problemu koji države članice, pa čak i one najveće, ne mogu same riješiti te je potrebno zajedničko europsko djelovanje. Ovo je samo jedna tema koja pokazuje da se Europska unija naprosto mora profilirati kao relevantni geopolitički igrač, što nažalost, a svi smo mislim svjesni toga, trenutno nije slučaj.

Nema drugog načina da se zaštiti europski način života kakvog danas poznajemo.

  Raphaël Glucksmann (S&D). – Madame la Présidente, Madame la Commissaire, chers collègues, en 2020, plus de 700 cyberattaques ont visé des secteurs stratégiques en Europe, 75 % de plus qu’en 2019, et ce n’est qu’un début.

Nous devons apprendre à nous défendre collectivement et à imposer un coût à ceux qui nous attaquent. Il y a moins de deux semaines, je visitais à Athènes l’Agence européenne de cybersécurité avec une délégation de la commission spéciale sur l’ingérence étrangère dans l’ensemble des processus démocratiques de l’Union européenne, y compris la désinformation. L’Agence fait un travail remarquable, mais elle manque de ressources face à l’immensité de la tâche.

Plus de moyens, plus de formations d’experts, plus de coordination entre les États membres, plus de sensibilisation des acteurs privés et publics en Europe: nous savons ce qu’il faut faire pour qu’émerge une véritable cybersécurité européenne. Mais les protections ne suffiront pas; il nous faut une dissuasion. Il nous faut identifier, puis nommer publiquement les assaillants, et d’abord les régimes russe et chinois, et leur montrer qu’on ne nous attaque pas impunément: il est temps de dissuader ceux qui veulent nous ébranler.

  Maite Pagazaurtundúa (Renew). – Señora presidenta, las ciberoperaciones maliciosas contra la Unión Europea y sus Estados miembros son el resultado de las oportunidades que ofrece la transformación digital. Los ataques contra nuestras sociedades se transforman, aumentan, y es el momento de atajar nuestras vulnerabilidades tecnológicas y legales, también en las estructuras internacionales de las que formamos parte con nuestros aliados, pero no solo con ellos.

Estos ataques recaen con dificultad en el ámbito de aplicación del artículo 5 del Tratado de la OTAN o del artículo 42, apartado 7, del TUE, aunque tienen un efecto estratégico acumulativo muy peligroso, por lo que la UE debe suplir el vacío legal reinterpretando este último artículo y el artículo 222 del TFUE para mejorar nuestra defensa colectiva.

Ayer mismo —lo ha dicho el señor Paet— pudimos observar cómo podía ser un ataque malicioso contra infraestructuras críticas en nuestra vida real. Por eso necesitamos aumentar la autonomía y la capacidad tecnológica. Sin capacidades propias no tenemos las mejores oportunidades para defender nuestros derechos, nuestros valores, nuestras vidas, nuestra seguridad.

Así pues, la seguridad y la defensa requieren impulsar la innovación europea, de sello europeo, por economía de escala, con las garantías de nuestro acervo histórico y político.

  Maximilian Krah (ID). – Frau Präsidentin, liebe Kolleginnen und Kollegen! In einer digitalen Welt sind wir angreifbar, wenn unsere Netzwerke nicht sicher sind. Und das ist die richtige Stoßrichtung dieses Berichts. Natürlich hat er die für dieses Haus mittlerweile leider übliche Schlagseite, wenn er zwar Russland, China, selbst Nordkorea als große Bedrohung unserer Cybersicherheit aufzählt, aber unterschlägt, dass alle großen Ausspähskandale der letzten Jahre mit der NSA zu tun hatten, wenn er auch unterschlägt, dass das größte Budget aller Länder weltweit für die Ausspionierung des Internets nicht in Russland, sondern in den USA vorhanden ist. Über diese „Kalter-Krieg-Rhetorik“ sollte man hinwegschauen, wenn es um die Sicherheit unserer Computersysteme geht.

Und hier ist in der Tat zutreffend, dass wir nachlegen müssen. Es ist auch zutreffend, dass wir unsere europäische Souveränität im Digitalbereich schützen müssen. Insofern können wir mit Bedenken zustimmen – mit zwei kleinen kritischen Ergänzungen. Das eine ist: So sehr wir es schätzen, dass auf die Bedeutung der Privatwirtschaft verwiesen wird, so sehr hätten wir uns gewünscht, dass man die großen Technikkonzerne besonders würdigt. Auch sie bedrohen – da sie nicht demokratisch kontrolliert sind und aus dem Ausland agieren – unsere Cybersicherheit.

Und das Zweite ist, dass wir aufpassen müssen, nicht unter dem Deckmantel des Kampfs gegen Cyberkriminalität neue Behörden auf europäischer Ebene zu schaffen, die letztlich nur Stellen kosten, aber Aufgaben erfüllen, die man auf nationaler Ebene umso besser erfüllen könnte. Insofern ein Ja mit Bedenken, auch ein Zeichen, dass man in diesem wichtigen Punkt an einem Strang ziehen muss. Für die Zukunft wünschen wir uns: weniger Kalten Krieg und mehr echte Cybersicherheit.

  Riho Terras (PPE). – Lugupeetav istungi juhataja!

Ma tänan head kolleegi Urmast Paeta küberkaitset käsitleva raporti vedamise eest. See on teema, mis puudutab väga lähedaselt praktiliselt kõiki eluvaldkondi, sest infotehnoloogia arenguga kaasnevad ohud ja haavatavused on meie jaoks universaalsed.

Olen veendunud, et me ei panusta täna piisavalt küberohtude teadvustamisse ja nende tõrjumisse. Seetõttu on väga tähtis, et me parlamendis hoiaksime pidevalt silma peal tegevustel, mis aitaksid nii meie kodanikke, liikmesriike kui ka Euroopa Liitu laiemalt küberkaitse valdkonda paremini tõhustada.

Suurem osa küberturvalisusest on seotud küberkuritegevuse ennetamisega ning tagajärgede likvideerimisega. See on üha laienev kuritegevuse liik, see mõjutab kõige otsesemalt meid kõiki. Elutähtsate teenuste kättesaadavus, aga ka ettevõtlus ja igapäevaelu, on üha enam küberkuritegevuse märklauaks.

Lisaks peame tihemini rinda pistma julgeoleku- ja kaitsespetsiifiliste küberohtudega, mis lähtuvad autoritaarsete režiimide ründearsenalist. Siin tuleb teha eesmärgipärast koostööd Euroopa Liidu ja NATO vahel. Peame hästi ära kasutama nii Euroopa Liidu kui ka NATO võimeid selleks, et kaitstud oleksid nii meie kodanikud kui ka liikmesriigid. Soovitan kindlasti hääletada raporti poolt.

  Marina Kaljurand (S&D). – Austatud istungi juhataja! Kõigepealt tahaksin ma tänada oma head kolleegi Urmas Paeti väga asja- ja ajakohase raporti eest. Uus reaalsus on see, et küberrünnakute arv kasvab pidevalt, kusjuures ründed muutuvad järjest keerulisemaks ja ründajad targemaks. Selles kontekstis tahaksin rõhutada kolme aspekti. Esiteks: liikmesriigid peavad tegema ära oma kodutöö, sest Euroopa Liidu küberjulgeoleku tugevuse määrab selle kõige nõrgem lüli. Teiseks: Euroopa Liidu ja NATO koostöö peab lõppude lõpuks hakkama tööle, alustades infovahetusega ja lõpetades ühisõppustega. Kolmandaks: Euroopa Liit koos teiste samameelsete riikidega peab jätkuvalt olema häälekas suunanäitaja rahvusvahelise õiguse tõlgendamisel ja kohandamisel. See ei ole lihtne, sest rahvusvaheliselt valitseb ideoloogiline lõhe, mis kandub üle ka rahvusvahelisele õigusele, aga õigusselgus on küberjulgeoleku lahutamatu osa, nagu ka süüdlaste tuvastamine ning vastutusele võtmine. Lõpetuseks: me saame ja peame tegema kõik, et olla pahatahtlikest ründajatest paar sammu ees. Ma tänan.

  Barry Andrews (Renew). – Madam President, the picture could not be any clearer. For state actors hostile to the EU, like Russia, the cost of attack is infinitesimally smaller than the rewards, and that has to change. For critical entities across the EU, including the Irish Health Service, the cost of doing nothing except repair and remediation was much less than the cost of adequate protection, and that has to change too.

While we have to be conscious of the difference between cybersecurity and cyber defence, particularly as regards governance and oversight, I believe that non-aligned Member States like Ireland have nothing to fear and everything to gain from an adequately resourced European cyber defence policy, particularly as a domain of operations of the EU’s common security and defence policy (CSDP) to which we have contributed significantly over the years. EU democracy is not something that can be complacently handed down from one generation to the next. Each succeeding generation must earn it afresh.

  Deirdre Clune (PPE). – Madam President, I thank the rapporteur for their report. We are all well aware of the prevalence of cyberattacks now and their potential implications, and the digitalisation of our economy and cybersecurity, they need to be developed in tandem.

The data economy can only flourish when we have full trust and confidence in our products, our applications and our infrastructure and we need to do what we can to guarantee that. Cyberattacks may also include disinformation and attempts to interfere with our electoral processes, and those who attack our critical infrastructure of our society also attack our society and our way of life. So EU values of freedom, democracy and the rule of law are now under threat.

So we need to look forward and to develop a strong cybersecurity roadmap in the interests of consumer well—being, protecting our critical services and safeguarding our businesses and our economies. It’s important that all interconnected infrastructure and products in the EU are secure by design, that they’re resilient to cyber incidents and they can be quickly fixed when vulnerabilities are discovered. They’re the practical implications, and we need to have a better coordination between our governments, since cybersecurity to a large extent can be a national competence, but there is a cross—border element there. So to help achieve this, we should strengthen the role of the European Network and Information Security Agency. And we need to end fragmented approach in our national laws on cybersecurity, for infrastructure and for connected products and services.

  Ivars Ijabs (Renew). – Godātā prezidentes kundze, godātā komisāres kundze! Pirmkārt, paldies ziņotājam par izcilu darbu pie šī dokumenta, jo nu kiberaizsardzība ir arī iespēja mazām dalībvalstīm sniegt savu solidāro ieguldījumu Eiropas kopējā aizsardzībā. Atšķirībā no klasiskās aizsardzības šeit salīdzinoši mazāki ieguldījumi kiberaizsardzībā dod iespēju panākt vērā ņemamus rezultātus, un to lieliski apliecina Baltijas valstis. Viena no lietām, kuru es vēlētos uzsvērt papildus tām visām, kas ir minētas šajā ziņojumā, tā ir sabiedrības kiberdrošības pratība, jo tieši individuāla lietotāja rīcība bieži iespaido kiberuzbrukumus un hibrīda operācijas. Eiropas Savienības noturība sākas un sakņojas ikviena no mums datorā un mobilajā ierīcē, un tāpēc pamata zināšanas par pikšķerēšanu, par daudzfaktoru autentifikāciju un citām kiberhigiēnas lietām ir tikpat svarīgas kā zināšanas, ka nu ielu nedrīkst šķērsot pie sarkanās gaismas, un te ir investējami Eiropas Savienības līdzekļi. Līdzās kiberpratības trūkumam šodien problēma ir, protams, tās daudzu miljardu kompānijas, kuras savām tehnoloģijām piesaista miljardiem cilvēku, un tās bieži arī darbojas kā monopoli. Taču visus riskus, kas ir saistīti ar to izmantošanu, šīs kompānijas bieži nodod visai sabiedrībai, kurā daudziem nekad nebūs kiberpratības vai resursu, lai sevi aizsargātu. Šeit ir nepieciešama regulācija un skaidri noteikumi. Paldies par šo ziņojumu!

  Salvatore De Meo (PPE). – Signora Presidente, onorevoli colleghi, il dibattito di oggi ci vede tutti concordi sul fatto che l'Unione europea in materia di cibersicurezza abbia bisogno di una strategia unica, coordinata, più ambiziosa e forte, e che veda un impegno serio da parte di tutti gli Stati membri e un rafforzamento della diplomazia informatica.

Gli attacchi informatici stanno aumentando, sia per quantità che per sofisticazione, e sono destinati a crescere in futuro. Questo rappresenta un serio rischio per l'Europa che sicuramente si presenta fragile e in ritardo.

La relazione dell'onorevole Paet, che ringrazio per l'importante lavoro, è un passo in avanti per condividere una strategia difensiva capace di proteggere cittadini e imprese e rendere le nostre infrastrutture critiche più resilienti.

Gli scenari internazionali, anche alla luce di quanto accaduto in Afghanistan, ci devono rendere ancora più consapevoli che abbiamo bisogno di un sistema europeo di difesa comune per reagire e resistere agli attacchi presenti e futuri, portati avanti soprattutto da chi vede nella democrazia europea il più grosso nemico.

Così come abbiamo reagito alla pandemia, è necessario mostrare la stessa forza per contenere il rischio degli attacchi informatici che possono diventare più pericolosi della stessa pandemia.

  Jutta Urpilainen, Member of the Commission. – Madam President, honourable Members, I have to say that this was an interesting exchange of views on cyber defence – a subject that will be ever more present on our political agenda.

So let me thank once more the rapporteur for his solid and timely report. We will keep working together on cyber defence in order to build EU resilience to cyberattacks, provide for better defence capabilities and work to enhance the EU’s ability to prevent, deter and respond to cyberattacks through our cyber security tool box, including sanctions. So thank you very much for the discussion.

  Die Präsidentin. – Die Aussprache ist geschlossen.

Die Abstimmung findet morgen, Mittwoch, 6. Oktober 2021, statt.

Schriftliche Erklärungen (Artikel 171)

  Adam Bielan (ECR), in writing. – Over the past years, cyber risks and vulnerabilities have increased. Cyberspace has become the fifth domain of warfare alongside the traditional military spaces. In this area, the EU is still subject to many cyberattacks, deeply harming its citizens. The World Economic Forum stresses that the number of countries experiencing cyberattacks has increased by 150% between 2017 and 2019. I support the Commission President proposal in her latest State of the Union address, to develop a European cyber-defence policy and a cyber-resilience act. These capacities are now fragmented and their consolidation and coordination must be a strategic objective of our mandate.

I call for the Members States to strengthen their responses against cyber threats through an efficient, collective and rapid response mechanism, within the EU framework but also through NATO, thus gathering all necessary actors to efficiently fight against cyber vulnerabilities.