Digital transformation and cybersecurity: what is on the 2021 agenda in the EU and EaP?

On 9 February, the world celebrates Safer Internet Day. We live in an interconnected world in which the line between digital and real worlds is increasingly blurred. Can you imagine your life without the Internet? I can’t. In 2020, many aspects of our life went online. But the Internet presents opportunities and threats at the same time. And the issue of digital security is the point of concern for every person living in a digital environment. At the same time, cybersecurity is the building block that safeguards the resilience of states and the EU in general.

The EU’s approach to digital security

The EU sets digitalisation and the digital future among its key priorities. In the new Multiannual financial framework for 2021-2027, digital is defined as a priority across programmes. A minimum of 20% of the EU Recovery Package will be dedicated to digital.

In 2015, after the modernisation of the “Digital Agenda of Europe,” the new strategy “A Digital Single Market for Europe” was released. This underlies the creation of the Digital Single Market, full establishment of which will make the EU the world leader in the area of the digital economy. Many initiatives are to be approved or presented in 2021, like the Digital Service Act, Digital Markets Act, the legal framework for Artificial Intelligence, etc. But even now the EU may be considered a leader in implementing strategies for the protection of personal data due, to the already well-known General Data Protection Regulation (GDPR) – the strictest privacy and security law in the world.

According to the Cybersecurity strategy for the Digital Decade that aims to safeguard a global and open Internet and protect European values and everyone’s fundamental rights, two-fifths of EU users have experienced security-related problems, and one in eight businesses have been affected by cyberattacks. In this context, European Commissioner Margrethe Vestager, Executive Vice-President for a Europe Fit for the Digital Age,  claimed that “The digital transformation is accelerating, but can only succeed if people and businesses can trust that the connected products and services – on which they rely – are secure.”

The strategy provides for the EU to establish Security Operations Centres that use AI to detect signs of cyberattacks early. At the same time, a Joint Cyber Security Centre will be established, which will serve as a real cybersecurity shield for the EU. The strategy also pays attention to the cybersecurity of sensitive infrastructure of 5G networks.

As the EU stands for its technological sovereignty and digital leadership, it promotes cyberspace’s values and vision by expanding EU cyber dialogue with regional and international organisations and third countries through an informal EU Cyber Diplomacy Network to be created.

Digital opportunity for the Eastern Partnership

The EU puts significant emphasis on the digital transformation in EaP states and supports the integration of EaP states into the Digital Single Market. In the Joint Communication “The Eastern Partnership beyond 2020”, one of 4 main pillars was dedicated to digital transformations and deals with establishing “the Partnership that connects.” Thus, the EU is going to invest further in the partner countries’ digital transformations and aims to extend the benefits of the DSM. Special attention is paid to the development of infrastructure (broadband), cybersecurity, and e-governance.

Let’s look closer at the aspect of cybersecurity. The EU4Digital initiative plays an essential role in supporting the development of national roadmaps and implementing national cyber-security strategies in partner countries, and setting-up national Computer Emergency Response Teams (CERTs) in each country. The initiative is also promoting the approximation of legislation in EaP states on electronic identification and trust services for electronic transactions to EU standards (eIDAS Regulation) – one of the principal EU regulations in the digital area.

But as I have already written in the blog on the future of the Estern Partnership, the partnership has developed according to the interests, ambitions, and progress of each partner. And the same situation takes place when discussing cybersecurity.

Georgia, Moldova, and Ukraine have adopted national cybersecurity strategies; however, only Georgia and Ukraine have set up policy department units. Azerbaijan, Belarus, and Georgia have threat assessment units. In Azerbaijan, Belarus, Georgia, and Ukraine, a point of contact has been identified for international cooperation purposes. CERTs or similar structures are set up in Azerbaijan, Belarus, Georgia, Moldova, and Ukraine.

However, if the EU wants to build resilience in the region, it has to increase its attention to the digital resilience of the EaP state with a respectively differentiated approach towards states. This may take the form of engagement of the countries in PESCO cybersecurity projects, more active coordination of CERT teams, and continuation of support in their creations, consultation, and monitoring of approximation of legislation and roll-out of national cybersecurity programmes, including, for example, help in the development of 5G. In turn, the EaP countries may share with the EU the experience of countering active Russian cybersecurity attacks and disinfo campaigns. Respectively, security dimensions should be enhanced in the coming decade in the EU’s approach to the EaP, and cybersecurity will be among the priorities in this dimension.

Internet safety as the responsibility of everyone

The EU, the EU member states or EaP countries may keep introducing new regulations and laws on cybersecurity. But what is crucial in the digital transformations of every state is the level of digital skills of its citizens. Everyone is responsible for one’s digital security in everyday life. Below I provide three simple but essential pieces of advice on how to make our life safer.

• Take care of your privacy. We leave our digital footprint while using social media, buying something online, etc. Sometimes, our data may be illegally collected and used. That is why it is always necessary to read the confidentiality policies of social media and websites where we leave our personal data as in such policies it is clearly stated which data is collected or for what purposes. We should not publish private information (such as geolocation, personal data) in social networks. It may pose a threat not only online but offline. It is advised to make our accounts in social networks as confidential as possible.
• Use a complex password for social network accounts and establish two-factor authentication (2FA). 2FA is an extra layer of security that demands the confirmation that you want to log in to your account. This confirmation may be in the form of the code sent after entering the password. 2FA may be easily installed in the setting of most of the networks of messages.
• Be attentive and aware of risks. Do not open any email from an unknown or suspicious email address, check the platforms where you make online purchases, use antivirus programs, and do not forget to keep your software updated.

We live in the digital world, and online will be incorporated even more in our offline lives with every day that passes. Information and data are strategic resources and keeping them safe is the thing that matters for every person, state, and international or regional entity.