Examining the EU's Military Capabilities for Cyber Defence

Soldier with laptop

Background

In addition to technical vulnerabilities in systems and software, the emergent and changing properties of cyberspace itself, as a socio-technical ‘network of networks’, present a challenge. Vulnerabilities also arise from risky behaviour by individuals and organisations. Threats may come from a multitude of directions, whether nation-states, criminal networks or non-state actors.

Goals

The European Defence Agency (EDA) asked RAND Europe and the Fondation pour la Recherche Stratégique to conduct a stock-taking exercise of capabilities including concepts in the area of Cyber Defence across the 20 participating Member States. The researchers spoke to a variety of experts, developed a weighted cyber defence ‘maturity model’ and ran a questionnaire across the participating Member States. A standardised military framework was used to define ‘capability’.

Key Findings

The study found a broad relationship between a Member State’s awareness of cyber defence and the number of indicators it possessed of capability.

Many countries have set up organisations specifically to deal with cyber defence: 19 out of 20 had some kind of unit dedicated to cyber defence missions in their ministries of defence, and this was linked to the national Computer Emergency Response Team (CERT); in 18 out of 20 countries this was linked to other incident response capability (other types of CERT).

But doctrine is lagging behind (only 6 out of 20 states had a specific cyber defence strategy and 5 out of 20 had a cyber defence doctrine).

Training and learning also needs to be strengthened (9 out of 20 states had cybersecurity as a specific technical career path), as does interoperability (only 5 out of 20 participated in EU-wide exercises).

RAND Europe and others are now engaged on a number of follow-up projects to advise the EDA how different states could increase their cyber defence capability status.

Project Summary

Research Team

Neil Robinson, Research Leader, RAND Europe
Agnieszka Walczak, Associate Analyst, RAND Europe
Sophie-Charlotte Brune, former Research Fellow, RAND Europe
Alain Esterle, Fondation pour la Recherche Stratégique
Pablo Rodriguez, Fondation pour la Recherche Stratégique