“When, at the start of the 2010s, the bodies of the European Union (EU) suggested to the member states a draft European regulation for IT security, many were interested, yet also… cautious.Cautious because, at the time, cyber security and cyber defence were mainly perceived as sovereign affairs, the competence of the states. The idea that external bodies could have the right to be heard on these sovereign subjects therefore seemed counter-intuitive to those with an interest in the domain.
Although issues of national sovereignty remain relevant today, the way in which “cyber” subjects are handled at the EU level has changed considerably. In a decade, exchanges between states and bodies of the Union have been ramped up, resulting in regulations, cooperation groups, recommendations, benchmarks, common stances and large-scale projects. All blocks laid down in just a few years, and now testimony to the inestimable value of European cooperation. Because when it comes to cyber issues, things move at great speed.
To prevent the emergence of a two-speed Europe in terms of security, with varying levels of vulnerability among states, the implementation of protection mechanisms at the EU level was in fact inevitable. All the more so since in cyberspace, “borders” are porous: an attack affecting the information systems of an operator within one State can have a rebound effect and impact the services it provides in other countries. When we talk about IT protection, the interests of the various parties involved often overlap. [...]”
ANSSI’s Papiers numériques continue the story in nine points:
The publication also includes:
Discover the french version : Papiers numériques – Cybersécurité européenne : histoire d’une mue culturelle