ISSN 2192-6921
Independent Review on European Security and Defence − A product of ProPress Publishing Group
Volume N° 33
Cybersecurity
Is cyberwarfare still
science fiction?
How MEPs work to
boost Europe’s
cybersecurity
The EU’s security
and prosperity in the
digital age
Angelika Niebler MEP,
European Parliament,
Brussels/Strasbourg
Pekka Haavisto,
Foreign Affairs Minister of Finland,
Helsinki
www.magazine-the-european.com
A magazine of the Behörden Spiegel Group
Edition 2/2019
Editorial
E
urope has voted. The new leaders in the European
Union’s top-job positions are a reasonable and a
promising choice. A new Commission is going to be established. At the same time, the continent is shocked of
the unexpected behaviour of British politicians around
Brexit.
Europe must now take its fate into its own hands and
defend its interests, without losing sight of its relationship with America and Russia in the context of its global
ambitions and without neglecting its Member States’
existing alliances. The European Union must become a
global player in its own right and with its own priorities.
But as France and Germany are no longer “the engine”
setting the political agenda within the EU, who can?
The British have ruled themselves out. Germany’s
European enthusiasm has clearly been muted. That
leaves France, with a President who, on taking power
two years ago and more clearly than any other European leader, announced a number of ideas and concrete
plans for a new and strong Europe. Today, Emmanuel
Macron appears to be the only “voice of Europe” on the
international stage, speaking out on crucial matters of
economy, security and peace and doing his best to bring
world leaders together. Hopefully, Macron will succeed
in maintaining stability in his own country.
Looking back, one could be forgiven for thinking that
the multiple problems facing the EU are wearing it
down: the broken relationship with the United States,
whose President considers the EU as an opponent,
climate change, which is only now gaining an overdue
status as a live political issue, the problems of migration, which could lead to a split within the Union,
and last but not least, the ever stronger populist and
Eurosceptic parties within each nation. Not forgetting
the excruciating negotiations over Brexit that have
Impressum
The European − Security and Defence Union
ProPress Publishing Group Bonn/Berlin
Headquarters Berlin:
Kaskelstr. 41, D-10317 Berlin
Phone: +49/30/557 412-0, Fax: +49/30/557 412-33
Brussels Office:
Hartmut Bühl
Phone: +49/172 3282 319, Fax: +33/684806655
E-Mail: hartmut.buehl@orange.fr
Bonn Office:
Friedrich-Ebert-Allee 57, D-53113 Bonn
Phone: +49/228/970 97-0, Fax: +49/228/970 97-75
Executive Media & Content:
Andy Francis Stirnal
Phone: +49/176 6686 1543
E-Mail: andy.stirnal@magazine-the-european.com
been draining resources for too long and
restricting Europe’s freedom of movement.
However, looking forward, new and positive
signs are emerging: European citizens have
accepted the EU as part of their lives. With a
turnout of almost 51% at the last European
elections – 8% more than the previous ones Hartmut Bühl
– the European Parliament has clearly been
strengthened.
The incoming President of the Commission, the German
Ursula von der Leyen is a staunch European and has
laid down important internal and geopolitical markers
in appointing her Commission. Internally, there is now a
clear consensus that the United Kingdom cannot impose
its Brexit conditions and that the EU will not stand idly
by while London continues to linger within the Union. In
addition, Von der Leyen’s bold attempt to forge regional
strength, as an antidote to the tendency on the part of
some Member States to drift away from the Union, is a
clear indication of her determination to boost the EU’s
internal unity.
To the outside world, the new President has signalled
her desire to see Europe play a leading role and made it
clear that the transatlantic relationship requires a reset
to assume joint responsibilities. The strategic implication is that the EU will no longer take a back seat in geopolitical conflicts. Ursula von der Leyen intends to break
new ground. The appointment of a French Commissioner
responsible for the internal market, but also for security
and defence, demonstrates how the President wishes to
draw inspiration from the French ideas on security and
defence and the proactive European stance of President
Macron.
Photo: private, LISphoto.com
Sovereignty for Europe
Publisher and Editor-in-Chief: Hartmut Bühl, Brussels
Deputy Editor-in-Chief: Nannette Cazaubon, Paris; E-Mail: nannette.cazaubon@magazine-the-european.com
Editor: Alexa Keinert, Berlin; E-mail: editor.esdu@gmail.com
Translator: Miriam Newman-Tancredi
Publishing House: ProPress Verlagsgesellschaft mbH
President ProPress Publishing Group: R. Uwe Proll
Layout: Beate Dach, SpreeService- und Beratungsgesellschaft mbH, Berlin
Print: WIRmachenDRUCK GmbH, Backnang
The European − Security and Defence Union Magazine is published by the ProPress Publishing Group. The ProPress
Publishing Group is the organiser of the congress on European Security and Defence (Berlin Security Conference), the
European Police Congress and the European Congress on Disaster Management.
For further information about the magazine and the congresses please visit www.magazine-the-european.com
Subscription: This magazine is published in Brussels and Berlin.
The copy price is 16 Euro:
3 copies for one year: 42 Euro (EU subscription)
3 copies for one year: 66 Euro (International subscription) including postage and dispatch (3 issues)
© 2019 by ProPress Publishing Group Bonn/Berlin
A magazine of the Behörden Spiegel Group
3
THE EUROPEAN – SECURITY AND DEFENCE UNION
THE EUROPEAN –
SECURITY AND DEFENCE UNION
Vol. No. 33
Content
3
6
15–40
MAIN TOPIC
Editorial, Hartmut Bühl
News, Nannette Cazaubon
Cybersecurity
The challenge is governance
16
8–14
In the Spotlight
A new and decisive phase
for European policy
8
Pekka Haavisto, Helsinki
The EU’s security and prosperity in the digital age
Reaping the full benefits of the digital age
10
18
21
22
EU Top Jobs – the new EU leaders
Documentation
11
24
12
13
14
Brexit Thriller
To be continued…
Guest commentary by Jean-Dominique Giuliani, Paris
Our freedom starts with Hong kong
Commentary by Hartmut Bühl, Paris
Security must be palpable
28
Angelika Niebler MEP, Brussels/Strasbourg
How MEPs work to boost Europe’s cybersecurity
Cyber resilience is a top issue in the EU
Jean-Louis Gergorin /Léo Isaac Dognin, Paris
Democracies must learn to withstand, in peacetime,
a permanent war in cyberspace
Governance remains the number one challenge
Peter Martini, Bonn
The crucial role of cybersecurity for a resilient
energy supply
Vulnerability will increase with digitalisation
Roberto Viola, Brussels
Taking a cyber leap forward
A European response to cyber threats
Interview with Arne Schönbohm, Bonn
Europe needs coherent national strategies and
EU operational concepts
Make cybersecurity a top priority
Carlos Bandin Bujan, Brussels
We need more efficient cybersecurity building worldwide
A transversal issue in development and cooperation
Michael Singh, Washington, DC
The world needs the EU as a global player
Europe strategic dependence
Photos (cover): © metamorworks, stock.adobe.com; European Parliament (left); Jamo Kuusinen / Prime Minister’s Office, Finland (right);
4
Content
41–56
Security and Defence
Our security starts beyond our borders
42
30
Secunet, Essen
NAPMA further expands its SINA Secure Remote
Access capability
Advertorial
32 Documentation
44
5G networks, “fake news” and disinformation
34
Wolfgang Röhrig, Brussels
Cyber defence in the European Union is part of its
defence capabilities
Cyber strongly influences capability development
50
Rob Wainwright, Amsterdam, and
Beth McGrath, Washington
The new role of the Defence Chief Information Security
Officer (CISO)
CISOs are more than technology officers
52
36
38
Dirk Zickora, Munich
The importance of a European Air Power solution
The role of space and cyberspace
Timo Kivinen, Helsinki
Finland promotes an EU defence cooperation
Make European forces more operational
Round table interview with Patrick Bellouard, Paris,
Hans-Christoph Atzpodien, Berlin, and
Trevor Taylor, London
Germany – a touchstone for the arms export policy of
the European Union
Interview with Bruce R. Eggers, Andover, MA
The Future of European Integrated Air and
Missile Defence
The Patriot partnership community
Conference report by Nannette Cazaubon, Paris
The EU CBRN Centres of Excellence Initiative
7th meeting of National Focal Points
54 Raymond Hernandez, Erkrath
No more dead through contaminated water!
Potable water – easily produced everywhere
56
Conference report by Hartmut Bühl, Brussels
Life Support Solutions – Field Camp Services
International workshop at Kärcher Futuretech
57
Last but not least…
“The European − Security and Defence Union”
is the winner of the 2011 European Award
for Citizenship, Security and Defence
page 4-5: Etienne Ansotte © EU (left); © elenab, stock.adobe.com (middle); Devco (right)
5
THE EUROPEAN – SECURITY AND DEFENCE UNION
EUROCORPS
NOBEL PEACE PRIZE
Changing of the guard in Strasbourg
Prime Minister of Ethiopia
awarded
On 5 th September 2019, the
French Lieutenant General Laurent
Kolodziej took over the command
of Eurocorps from German Lieutenant General Jürgen Weigt, who
has been commanding the International Army Corps for the last two
years. The outgoing commander
took this opportunity to emphasise
German Chief of Defence chairing the ceremony with
the essential military achievements
Lt Gen Kolodziej (left) and Lt Gen Weigt (right)
before adding: “However, Eurocorps
�
photo: @ Lionel THENADEY/Eurocorps
is more than just a military unit.
Since its inception in 1992, it has been regarded as a lasting symbol of peace and reconciliation in Europe (…). At the moment when Europe is in need of visible symbols of unity,
I hope that Eurocorps can in the near future become one of the continent’s flagship bodies
and play an important role in the construction of a more tangible European Defence”
Eurocorp’s new commander, Lieutenant General Kolodziej, former commander of the
On 11th October, the Nobel Peace Prize was
awarded to the Ethiopian Prime Minister
Abiy Ahmed Ali for his efforts to achieve
peace and international cooperation, and in
particular for his decisive initiative to resolve
the border conflict with neighbouring Eritrea,
in which 80,000 people from both sides
lost their lives. In close cooperation with
Isaias Afwerki, the President of Eritrea, Abiy
Ahmed, quickly worked out the principles of
a peace agreement.
The Norwegian Nobel Committee hopes that
the prize will strengthen Prime Minister Abiy
in his important work for peace and reconciliation.
French Rapid Reaction Corps in Lille, underlined the “privilege to command Eurocorps, a
Headquarters unique in its kind from 10 different nations* and to prepare it for its next
missions”.
During the ceremony, Lieutenant General Weigt was decorated by the Polish Chief of
Defence with one of the highest national Polish distinctions. Everybody present felt that
this was not only a well-deserved decoration for the general, but also a very political act
and a clear sign towards Europe from the Polish side.
*Currently, the following Member States of Eurocorps having earmarked national units to be under its command in case
of call: Belgium, Germany, France, Luxemburg and Spain. Associated Member States with a contribution of personnel to
Eurocorps are Greece, Italy, Poland, Romania and Turkey.
INTERNATIONAL COOPERATION
A European continues to head the IMF
Kristalina Georgieva from Bulgaria, former Commissioner and Vice-President of the European Commission (2009-2017), took over from Christine Lagarde
�
photo: Office of the Prime Minister-Ethiopia, open domain, Flickr.com
as Managing Director of the International Monetary
Fund (IMF) on 1st October 2019. Before joining the
Fund, she was the Chief Executive of the World Bank
(2017-2019).
With Kristalina Georgieva, a European has once again
Kristalina Georgieva in her Brussels
been appointed Managing Director of the 189 nation
office at the European Commission
IMF (excluding Cuba and North Korea) in accordance
during an interview for this maga-
with the tradition since its foundation 75 years ago.
zine in 2011. �
The Fund, a symbol of globalisation, remains the key
Photo: European Commission
driver of economic cooperation between nations and
is today facing at least four existential threats: the unilateralism of US President Trump,
the domination of the US Dollar in world trade, the rising power of China and, last not but
least, the emergence of digital money.
Abiy Ahmed Ali was born in 1976 in the
region of Oromo, Ethiopia. In 1990 he joined
the revolutionary movement against the dictator Mengistu Haile Mariam, the “Red Negus”. To general surprise, Abiy Ahmed Ali became Prime Minister in April 2018, launching
at once deep economic and social reforms
in his country and starting, three months
later, successful negotiations for peace with
Eritrea. The Nobel Prize might help him bring
together the 100 million Ethiopians living in
poverty and split by ethnic conflicts.
The main problems for the new Managing Director of the IMF will be to help save the
multilateral rules-based system as a tool for bringing nations together and to try and calm
the trade war initiated by the US. Or, in a more extreme scenario, to reshape the Bretton
Woods system in the hope of solving these problems or at least avoiding a currency war.
6
> web https://bit.ly/35nfBk4
News
EUROPEAN ELECTIONS
The new European Parliament
Over 400 million citizens were eligible to vote in the European
Elections at the end of May 2019. The participation of
50,62% was 8% higher than in 2014 and confirmed that
the Union is an achievement of the Member States’
societies.
Pro-European Union powers managed to keep
control of the European Parliament following a
surge in support for liberal and green parties
in France, Germany and the United Kingdom.
Populists won a majority of the national vote
in France, Italy and in the UK but failed to
make the broader gains that many polls had
�
projected.
The new EU Parliament held its first plenary session from 2nd to 5th July 2019 in
Strasbourg, electing on 3rd July the new President of the EU Parliament, David Sassoli,
Member of the Democratic Party (Italy).
EUROPEAN COMMISSION
How the President is elected
Ursula von der Leyen (Germany) will start her work as new
President of the European
Commission on 1st November.
The procedure for nominating
the President of the Commission for five years, is laid
down in the Treaty on European Union (article 17(7)).
“Taking into account the
elections to the European
Parliament and after having
held the appropriate consultations, the European
Council, acting by a qualified
majority, shall propose to
the European Parliament a
candidate for President of the �
Photo: © European Union, 2018
Commission. This candidate
shall be elected by the European Parliament by a majority of its component members.
If he does not obtain the required majority, the European Council, acting by a qualified
majority, shall within one month propose a new candidate who shall be elected by the
European Parliament following the same procedure.”
Declaration 11 to the Treaty notes that “the European Parliament and the European
Council are jointly responsible for the smooth running of the process leading to the
election of the President of the European Commission. Prior to the decision of the
European Council, representatives of the European Parliament and of the European
Council will thus conduct the necessary consultations in the framework deemed the
most appropriate.”
> For more information on the new leaders in EU Top Jobs, see page 10
photo: European Parliament
CLIMATE CHANGE
UN Climate Action
Summit
On 23th September the
United Nations (UN) Climate Action Summit
took place in New York.
Major announcements
by government and
private sector leaders
demonstrated growing
recognition that the pace of climate action
must be rapidly accelerated. 65 countries
committed to cut greenhouse gas emissions
to net zero by 2050. Furthermore, 70 countries announced they will boost their national
action plans by 2020 or have started the
process of doing so. Many countries and
over 100 cities announced significant and
concrete new steps to combat the climate
crisis. UN Secretary-General António Guterres,
said at the closing of the summit: “You have
delivered a boost in momentum, cooperation
and ambition. But we have a long way to go”,
and he added: “We need more concrete plans,
more ambition from more countries and more
businesses. We need all financial institutions,
public and private, to choose, once and for
all, the green economy.”
> Web A full list of the announcements and
commitments made at the Climate Summit
can be found at www.un.org/climatechange
7
THE EUROPEAN – SECURITY AND DEFENCE UNION
In the Spotlight
+++ EU Presidency +++
Effective deterrence against cyber-attacks through greater international coordination
The EU’s security and prosperity
in the digital age
by Pekka Haavisto, Minister of Foreign Affairs, Finland, Helsinki
F
requent coverage of large-scale cyber-attacks in the news
headlines are salient reminders of the formidable challenges in securing the wellbeing of citizens and the core functions
of states against the inherent vulnerabilities of the digitalised
society. As the critical societal functions and the daily lives of
our citizens become increasingly dependent on the use of Information and Communication Technology (ICT), cybersecurity has
a profound impact on advancing our prosperity and security.
Unless we strengthen our capabilities to prevent, deter and
respond to these threats, it is highly probable that the existing
vulnerabilities will be exacerbated in line with the fast-growing
digitalisation of our society.
Pekka Haavisto
has been the Foreign Minister of
Finland since June 2019. Born
in 1958, Mr Haavisto served as
Minister of the Environment and
Development (1995-1999) and as
Photo: Jamo Kuusinen / Prime
Minister’s Office, Finland
Minister of Development and State
Ownership (2013-2014). He led several missions to conflict areas as the
Chairman of UNEP’s post-conflict work from 1999 to
2005. He also worked as the European Union Special
Representative (EUSR) in Sudan and Darfur (2005-
Cybersecurity is a top priority for the EU
2007), and as a Special Advisor for the UN (ASG) in
Against this backdrop, it follows naturally that protecting the
integrity and security of the EU, its Member States and their
citizens against cyber threats has become a top priority for the
EU. Promoting the comprehensive security of our citizens is
also one of the main priorities during our ongoing EU presidency. The EU has taken a wide range of concrete measures to
strengthen cybersecurity in recent years, i.e. the adoption of
the Directive on security of network and information systems
(NIS) and the EU Cybersecurity Act. These measures and policies put in place will help to forge closer cooperation and coordination between the Member States and thereby to ensure
that the EU is better equipped to address the ever-evolving
cybersecurity challenges. Cybersecurity and diplomacy have
also gained a significant place on the agenda of the Common
Foreign and Security Policy and the Union now has various
diplomatic measures at its disposal, including the newly
the Darfur peace process (2007).
adopted cyber sanctions regime, to prevent, deter and respond
to malicious cyber activities.
Due to the global interconnected nature of the cyber domain,
fostering international partnerships and engagements is
pivotal for building cyber resilience. Consequently, it is in our
best interest to engage with other states and stakeholders to
promote the EU’s vision of a rules-based, free, open, secure
and stable cyberspace founded on the important universal
values of democracy, the rule of law and human rights, and fundamental freedoms. A chain is no stronger than its weakest link
in the interconnected cyber domain. Supporting efforts to build
cyber resilience elsewhere will increase the level of cybersecurity globally, as well as benefitting the EU as a whole. To this
our EU Presidency and beyond, Finland will do its utmost to
“During
contribute to the progress towards our shared objective of building a
Europe that is well equipped to reap the full benefits of the digital age
and rise above its challenges.”
8
+++ EU Presidency +++
documentation
end, the EU has been actively engaging with key partners and
international organisations in bilateral and regional contexts
by means of cyber policy dialogues, capacity and confidence
building initiatives, and technical cooperation.
Making our critical societal functions more resilient to withstand potential attacks is crucial, but it is equally important
to create and uphold a credible deterrence policy to deter
malicious behaviour from taking place in the first place. Greater
international cooperation and coordination between likeminded countries is necessary to achieve effective deterrence. It is
about making any inappropriate behaviour very costly for the
potential perpetrators by signaling in a credible and consistent
way our resolve and readiness to respond. The recently adopted EU cyber sanctions regime will contribute to further developing the EU’s readiness to deter and respond to malicious cyber
activities.
Important progress in the EU has been achieved to protect critical societal functions against ever-evolving cyber threats, but
a lot more can and should be done. Building our cybersecurity
and resilience on an EU level requires continuous and farsighted efforts in different policy fields. It requires more robust
and effective structures to prevent and respond to cyber-attacks not only in the Member States, but also in the EU’s own
institutions. Building credible cyber resilience and capabilities
depends largely on having people with the right skills, driving
technological innovation to stay ahead of those looking to do
us harm. It means more investments in innovation and skills
to ensure that the EU develops its own essential technological
capacities and solutions that work across the EU to secure its
digital economy and society.
Reaping the benefits of the digital age
At the heart of all our common endeavors should be the
whole-of-society approach: close cooperation not only between
different EU and state institutions, but also with civil society,
academic community and private sectors. During our EU Presidency and beyond, Finland will do its utmost to contribute to
the progress towards our shared objective of building a Europe
that is well equipped to reap the full benefits of the digital age
and rise above its challenges.
> See our chapter on cybersecurity (pp 15-40)
Finland’s EU Presidency
Finland’s Presidency of the Council of the European Union
was inaugurated on 8th July in a summer party organised
by the City of Helsinki. During that day, a participatory performative artwork designed by the environmental artist
Kaisa Salmi was mounted in Kansalaistori Square next to
the venue of the Presidency meetings to take a stand on
climate change. Standing at the top of her plastic creation,
artist Kaisa Salmi was sermonizing on environmental issues
for a total of ten hours.
Presidency programme
Finland’s third Presidency of the Council of the European Union
for a 6 month period began on 1st July 2019. The priorities
for Finland’s Presidency are to strengthen common values
and the rule of law, to make the EU more competitive and
socially inclusive, to strengthen the EU’s position as a global
leader in climate action and to protect the security of citizens
comprehensively.
> Web Presidency Programme: https://bit.ly/31mscAV
Member States holding the Presidency work together closely in
groups of three (“trios”). Finland is in a trio with Romania and
Croatia. The “trio programme” for a period of 18 months was
The Summer Day festival at Töölönlathi Bay, Helsinki,
adopted by the General Affairs Council in December 2018.
8th July 2019�
photo: © Viivi Myllylä/Prime Minister’s Office
> Web Trio Programme: https://bit.ly/2BWccee
9
THE EUROPEAN – SECURITY AND DEFENCE UNION
In the Spotlight
+++ EU Institutions +++
EU Top Jobs – the new leaders
President of the European Parliament
David Sassoli MEP (Italy) was elected as President of the European Parliament (EP) on
3rd July 2019 in Strasbourg.
David Sassoli was born in 1956 and graduated in political science from the University
of Florence. He became a professional journalist in 1986. Mr Sassoli, Member of the
Democratic Party (PD), was elected in 2009 as Member of the European Parliament.
Re-elected in 2014 he became one of the EP’s Vice-Presidents.
President of the European Council
Charles Michel (Belgium) was elected on 2nd July
as President of the European Council by the
EU heads of state and government, for the
period from 1st December 2019 to 31st May
2022. This mandate is renewable once. He will
also hold the presidency of the Euro summit
for the Member States whose currency is
CHARLES MICHEL
the Euro. Charles Michel was born in 1976
and became a Member of the Belgium Parliament at the age of 23. He became minister one year later. In 2014
he was elected as Prime Minister.
EU High Representative/
Vice President of the Commission
Josep Borrell Fontelles (Spain) was considered
by the European Council on 2nd July to be the
appropriate candidate for High Representative
of the Union for Foreign Affairs and Security
Policy. On 26th July, the President-elect of
the Commission, Ursula von der Leyen,
agreed on the candidate. The EuropeJOSEP
an Council formally appointed Josep
BORRELL FONTELLES
Borrell Fontelles on 6th August as High
Representative. As a Commission Vice-President, he will be subject
to a vote of consent by the European Parliament (EP). His term of
service will be five years ending on 31st October 2024.
Josep Borrell was born in 1974. He holds Bachelor’s degrees in
Aeronautic Engineering and Economy and a master’s degree in
Mathematics from Stanford University. In 2004, he was elected as
Member of the EP and was President of the Parliament for two and
a half years. He served as Foreign Minister of Spain from June 2018
to September 2019. Borrell was re-elected to the EP in May 2019,
but gave up his newly won seat in June.
photos: CC-BY-4.0: © European Union 2019 – Source: EP (Sassoli); EC – Audiovisual Service;
Creemers, Lieven (Michel); © EU, Etienne Ansotte (von der Leyen); © European Union 2016 –
Source: EP (Fontelles); MEDEF, CC-BY-SA 2.0, Flickr.com (Lagarde)
10
DAVID SASSOLI
President of the
European Commission
Ursula von der Leyen (Germany) was
designated as candidate for President of
the European Commission by the European
URSULA
Council on 2nd July, and she was elected
VON
DER LEYEN
by the European Parliament on 16th July.
Her term of service will be 1st November
2019 to 31st October 2024. The mandate is renewable. Ursula
von der Leyen was born in 1958. She graduated as a physician
from the Hanover medical school and started her political career
in 1996 in the German Christian Democratic Party (CDU). She
served as minister for 14 years (2004-2019) in different ministries in the three governments of Chancellor Angela Merkel.
President of the
European Central Bank
Christine Lagarde (France) was nominated candidate for P
resident of
the European Central Bank (ECB)
by EU leaders on 2nd July. The
CHRISTINE LAGARDE
Economic and Financial Affairs
Council then issued a formal recommendation on 9th July. The
European Parliament and the ECB delivered their opinions
to the European Council, respectively on 17th September and
25th July. Christine Lagarde was a
ppointed by the European
Council on 18th October President of the ECB for a non-renewable term of 8 years. She will take office on 1st November
2019.
Christine Lagarde was born in 1956 and is a French lawyer.
She was the Chair of law firm Baker& Mckenzie between
1999 and 2004 and held different ministerial posts in the
French government from 2005 to 2011. She was nominated
Chairwoman of the International Monetary Fund/Managing
Director (IMF) in 2011 and resigned from it on 16th July 2019.
+++ EU after Brexit+++
To be continued...
?
31.10.
2019
+++ ….
23.10.
2019
+++ EU President Donald Tusk recommends Brexit delay
+++ Johnson says he does not believe that any delay beyond 31 October is in the UK’s interests
22.10.
2019
+++ EU chief negotiator Michel Barnier says Brexit is “lose-lose”
21.10.
2019
+++ UK Parliament speaker John Bercow refuses vote on Brexit deal
19.10.
2019
+++ Defeat for Johnson: UK Parliament refuses vote on the deal
+++ Parliament forces Prime Minister to send letter to the EU asking for an extension of Brexit
deadline; Johnson sends letter but does not sign it
17.10.
2019
+++ Jean-Claude Juncker announces Brexit deal with Boris Johnson on Twitter
© Peter Slama
Always look on the bright side of life...
11
THE EUROPEAN – SECURITY AND DEFENCE UNION
In the Spotlight
+++ Commentaries +++
GUEST COMMENTARY
Our freedom starts with Hong Kong
by Jean-Dominique Giuliani, President of the Robert Schuman Foundation, Paris
O
n 4th July 1997, Hong Kong was returned to China. It was my privilege to
represent France on that occasion. René
Monory, the President of the Senate, led
our delegation, which included amongst
others Alain Peyrefitte.
The symbolism of this handover was not lost
on us. Martial China and its elite troops goosestepped their way as they took back this tiny piece of
land, that had become British after the signature of some
one-sided treaties.
Indeed, the island of Hong Kong and the peninsula close
to Kowloon had been ceded to Britain in perpetuity. It was
the new territories, leased for 99 years, which were to be
returned – but it was difficult to separate them from the rest,
such was the density of the urban fabric. However, Margaret
Thatcher, who signed an act of retrocession in 1984, could
not help but “regret having to give all of that back to the
Communists.” She was not wrong. It was clear that the Chinese would not keep their word which had, however, been
included in a treaty filed with the UN Secretary General, and
that they would not protect Hong Kong’s status for 50 years.
Despite the Chinese Communist Party having become the
champion of capitalism, it could never tolerate political
liberalism, and quite simply, the freedom of expression.
During the four days of endless rain, we were able to take
stock of the extent of the misunderstanding unfolding before
our eyes.
Chris Patten, the British governor, explained his efforts to
leave behind seeds of democracy in Hong Kong, where,
rather late in the day and to the great displeasure of the
Chinese, he had organised the first free elections.
Prince Charles, whose poise was admirable in the downpour
that required the lamination of the pages of his retrocession
speech, was not deceived either. In his opinion, it was yet
another decolonisation ceremony, of which he had become
the specialist. Since the 1960s he had always represented
12
the UK on the many occasions that former
British colonies became independent.
God knows he had witnessed the lowering of the Union Jack enough times! And
to think that some envied him!
The British always quit the territories of
their former empire awkwardly. They left
suddenly, coldly – with regret – but curtly. They
abandoned the citizens of Hong Kong to their fate
because the banks interested them more than the challenge
set by the Chinese Communist Party.
Today, it is the young people who are demonstrating. Their
idea of freedom is also ours: economic and political freedom
are indissociable. As in an Asian picture, they go hand in
hand like air and water. In the eyes of the Chinese dictatorship the challenge is a vital one. Its existence possibly
depends on the way it emerges from this crisis.
The victory of the Beijing regime over the democrats in
Hong Kong would mean the greatest danger for our freedom. Angela Merkel was not mistaken when she advocated
giving support to the young demonstrators in China, and as
she criticised the Orwellian system of social rating that the
Chinese regime is now deploying across the land, before
extending it to Asia and beyond. The future confrontation
with the Middle Empire will first affect the universal values
of freedom and democracy that it rejects.
Whoever knows the region also knows that Hong Kong is not
just a rock that was occupied for a few years by a Western
power. It is an island of freedom in an autocratic ocean. Its
survival could be the starting point for a return of freedom
on the continent. Neighbouring Shenzhen now has the same
skyscrapers and its opulence is even more evident. But it
lacks that one vital thing!
The West and Europe would be wise to be inspired to support those who are defending their idea of freedom. Before
it is too late.
+++ Commentaries +++
COMMENTARY
Security must be palpable
by Hartmut Bühl, Publisher and Editor-in-Chief, Brussels/Paris
D
onald Trump is in the process of squandering America’s heritage. The betrayal
of his Kurdish allies in Syria will have an
impact on America’s allies all over the world
and will not leave NATO unaffected.
The Kurds were the shining example for the
United States of the necessary sacrifices in
the fight against the Islamic State. After a
telephone call to Turkish President Erdogan, and
without any consultation with his administration,
Trump tweeted that he was abandoning the Kurds from one
day to the next, because he no longer needed them, fully
realising that he was leaving them to be slaughtered by the
Turks. He withdrew his troops, giving Erdogan a free hand.
Now that the inevitable damage has occurred, he is trying,
as a result of pressure from his own side, to backtrack, but
he has left it too late. The Russian President has already
made his move to fill the geostrategic vacuum.
Betrayal – there is really no other word to describe the American President’s attitude towards his Kurdish allies. They experienced heavy losses in battle, keeping faith in their great
ally in the hope that they were on track to establishing their
own state. Trump had previously advised the Kurds to dismantle the border with Turkey. Even if he warned the Turkish
President shortly before his troops were ordered to cross
the border into Syria and tweeted that he would impose
sanctions, he has left Erdogan free to undertake his war
of destruction. The risk of a war between
Turkey and Syria is clearly an outcome he
has disregarded. He no longer sees it as
relevant to America’s role as a world power
as it wreaks further havoc throughout the
region, in which fires already rage.
Donald Trump, the populist, is in the process
of demolishing the foundations of American
foreign policy as Washington throws away its last
shred of credibility in international relations as well as the
international order that generations of American politicians
have taken a leading role in building up for the benefit of all.
Today, American security guarantees are still in place.
They have always been worth more than the paper they are
printed on. Under them, America’s allies have felt safe and
protected. The western world has felt secure for over 40
years and trust in America has been the cornerstone of its
foreign and defence policy.
Who knows what Trump, “in his great wisdom” as he says
himself, will tweet next? What Europeans are increasingly
coming to realise, however, is that they can no longer rely on
Trump’s America.
Trump has betrayed the Kurds. Will he also betray us, his
European allies, by telling us that American troops will only
go into battle if America’s interests are at stake? Sooner or
later, the future of NATO itself will be at stake.
Trump – a reliable partner?
Donald Trump (second from
the right) and Recep Tayyip
Erdoǧan (third from the right)
at the G20 Summit in Japan,
28 June 2019
�
photo: © European Union,
EC Audiovisual Service
13
THE EUROPEAN – SECURITY AND DEFENCE UNION
In the Spotlight
+++ EU-US Relations +++
Europe has few viable alternatives to strategic dependence on the United States
The world needs Europe as a global player
by Michael Singh, Managing Director, The Washington Institute for Near East Policy, Washington, DC
S
ixteen years ago, the United States was at the height of its
response to the attacks of September 11, 2001; it had decimated the Taliban regime in Afghanistan that had harbored
the 9/11 terrorists, and was poised to invade and topple the
government of Saddam Hussein in Iraq. It was in this context
that Robert Kagan wrote Of Paradise and Power, memorably
laying out the stark differences in the ways that Americans and
Europeans perceived and utilized power on the international
stage. Kagan described differences that were both ideological – Europeans were idealistic, Americans more pragmatic
– and material – the United States simply had far more power
with which to achieve its ends than did the states of Europe.
The result, in his view, was a profound gulf between a United
States that believed in the efficacy of military power and was
willing to use it, and a Europe that eschewed it. The upshot,
in Kagan’s view, was that the United States not only could
“prepare for and respond to the strategic challenges around
the world without much help from Europe,” but was already
doing so.
or delayed a reckoning for European foreign policy. Whatever
the successes and failures of European foreign policy, with
its preference for international law and institutions over the
cultivation of hard power, it seems ill-suited to deal with a
revanchist Russia or increasingly ambitious China, and it left
Europe poorly equipped to respond to crises on its periphery,
like Libya and Syria, in the absence of decisive US leadership.
While some European states have in recent years devoted
more resources to defense spending and have become more
comfortable with military missions overseas, these incremental shifts seem inadequate in response to the more substantial
geopolitical changes taking place beyond Europe’s borders.
Europe should be realistic and pragmatic
Yet Europe has few viable alternatives to strategic dependence on the United States. Certainly there is no other external
partner to which Europe can turn to safeguard its security interests. And for all the talk in Europe of “strategic autonomy,”
it strains credulity to believe that Europe or any of its constituent states has the political will or can devote the necessary
The new geopolitical realities
resources to become a strong power in its own right. Far more
Yet nearly two decades on, the American view of power has
realistic would be for the states of Europe to strengthen their
changed. Kagan predicted in 2003 that US power would not
security capabilities, broadly defined. Steps toward this end
decline in relative terms, and that the American willingness
would be welcomed by a United States increasingly focused on
to use power would not change; neither prediction proved
burden-sharing, and be advantageous for Europe, which would
correct. Indeed, American strategy today is shaped signifgain a stronger voice in transatlantic debates which currently
icantly by two realities – first, that of the growing power of
turn on decisions taken in Washington. It would also repreChina, which already rivals the United States in sheer economsent a recognition by Europe that the institutions and norms
ic size and according to US military leaders may catch or even
it cherishes are unlikely to thrive unless backed by power and
surpass the US with respect to certain military capabilities;
the threat of its use.
and second, the failure of America’s post-9/11 wars to pay
That the US and the West need Europe as a partner in global
dividends despite tremendous cost. The result is that two
security should go without saying. The threats the US and EuUS presidents in a row have
rope face are global, whether they
been highly skeptical about the
emanate from large states – think
ambitious use of military power,
Michael Singh
Russian election interference or
however starkly their approachis the Lane-Swig Senior Fellow
Chinese tech infiltration – or small
es may differ in other respects.
and managing director at The
ones – think North Korean ICBMs
Yet this strategic shift in the
Washington Institute for Near
or waves of refugees from conflict
United States should not be of
East Policy, and a former senzones. There can be no opting out,
much comfort to Europe. The
ior director for Middle East affor the US or for Europe. The only
outsize role of US-led foreign
fairs
at
the
White
House
from
question is whether we will face
Photo: The Washington
Institute
wars in post-9/11 international
2005 to 2008.
these threats capably, and whether
relations has arguably prevented
we will do so together.
14
MAIN TOPIC
The ongoing and quickly developing digitalisation of our societies creates high risks for attacks by cyber criminals. How do we
protect ourselves, as citizens, but also our infrastructures and
industry in Europe from such growing cyber threats?
This chapter analyses the evolving cyber threat landscape and
highlights the steps undertaken at a political but also an industrial level in the European Union to adapt to the realities of
these challenges.
The message of our authors is clear: cyber criminals don’t care
about borders…
photo: © Hasselblad H5D, rimom, stock.adobe.com
Cybersecurity
15
THE EUROPEAN – SECURITY AND DEFENCE UNION
Cyber resilience must be at
the top of the EU’s political
agenda
by Prof Dr Angelika Niebler MEP, Rapporteur
for the Cybersecurity Act in the European
Parliament, Brussels/Strasbourg
C
ybersecurity issues are becoming a day-to-day struggle
for businesses and consumers. The high number of recent
cyber-attacks shows us how vulnerable our data and privacy really are. 88% of daily internet users fear that they will become
victims of cyber-attacks and 77% are concerned about the use
of their personal information on the internet.
Photo: European Parliament
How MEPs work
to boost Europe’s
cybersecurity
second half of 2018 – 19 of which were against the electricity
grid. However, the actual number might be much higher as it
is assumed that not all mid-sized infrastructure attacks are
reported.
Shaping a European cybersecurity strategy
These developments are alarming. Therefore, years ago, the
European Union passed a cybersecurity strategy on how to
best prevent and respond to cyber-attacks. The NIS Directive
on critical infrastructure (Directive on Network and Information
Systems Security) was the first piece of EU-wide legislation to
Alarming developments
provide legal measures to boost the overall level of cyberseIn past years, many people still thought of cyber-attacks as
curity in the EU. It was adopted in July 2016 and became fully
science fiction and a story that makes a good Hollywood
binding last year. As it stands, the NIS Directive is going to be
movie. However, in recent years, cases of cyber-attacks have
implemented in all EU Member States.
increased, such as “WannaCry” in 2017 that infected 300,000
The next important milestone in the EU-wide cybersecurity
computers in 150 countries, demanding that users hand over
strategy was the adoption of the Cybersecurity Act last year. As
money in exchange for codes to de-encrypt files. 80% of Eurorapporteur of the Cybersecurity Act in the European Parliament,
pean companies have already
I strongly believe that cyberbeen the victim of at least one
security is not only a national
cybersecurity incident. While in
Prof Dr Angelika Niebler MEP
issue, but it also needs a Euthe past, hacking efforts have
is a Member of the European Parliament since 1999. She
ropean answer. Therefore, the
been more about spying and
is a Member of the Committee on Industry, Research and
European Parliament supported
stealing information, attacks
Energy and a Substitute Member of the Committee on
and strengthened the Commisare now more aimed towards
Legal Affairs. Since November 2018, Professor Niebler
sion’s proposal for a strong
sabotaging our critical infrahas been President of the Economic Advisory Committee
cybersecurity unit at an EU level
structure such as electricity
Bavaria, and she has been the Party Vice-Chair of the CSU
and a European framework
and communication networks.
since 2015. She was appointed Honorary Professor at the
for cybersecurity certification.
In Germany, the national
Faculty of Business Management at the Munich University
Europe needs a cyberspace
cybersecurity authority, BSI,
of Applied Sciences in 2016.
that is safe and secure, and the
recorded 157 attacks in the
Cybersecurity Act largely con-
16
Cybersecurity
rapporteur of the Cybersecurity Act in the European Parliament,
“AsI strongly
believe that cybersecurity is not only a national issue,
but it also needs a European answer.”
tributes to this target. The European Parliament stressed that
cybersecurity is not only about protecting critical infrastructure
and industry, but about users’ confidence in the safety of their
connected devices. Thus, in increasing the cyber resilience in
Europe, it must be our objective to look at and evaluate the
whole cyber ecosystem.
The European Parliament worked hard to ensure a strong European response to the increasing number of threats. The result
is the establishment of a European cybersecurity certification
framework, which will be implemented on a voluntary basis to
begin with. However, the European Commission is obliged to
assess whether some certification schemes should be made
mandatory, in particular in view of critical infrastructures.
These certifications will be a common European approach and
will be valid throughout the EU. The dynamic and risk-based
certification schemes will be market-oriented and will also take
into account globally relevant international standards. The
European Parliament also strengthened stakeholders’ involvement in the certification process. Furthermore, we required that
the European Commission create a work programme on upcoming certification schemes for more transparency. And, last but
not least, ENISA, the European cybersecurity agency, will have
a permanent mandate and a much stronger role.
What internet users can do
As already addressed, the European Parliament wants to make
sure that all users of Internet of Things (IoT) devices can place
their trust in the safety and security of their products. With
more and more devices and services connected to the internet,
users are increasingly put at risk of cyber-attacks. By 2020, the
vast majority of our digital interactions will be machine-to-machine with tens of billions of IOT devices. As we all know,
humans are often the biggest security risk. We do not change
our passwords regularly or protect our home routers and smart
home appliances. However, every user can help to create a safe
environment and therefore, has to play an active role. In order
to support the user, product information for smart devices must
now be provided, so that users are given guidance and learn
about secure configurations and maintenance of their devices,
availability and duration of updates and known vulnerabilities.
If users follow these recommendations, it will provide for more
cybersecurity and resilience. Furthermore, the Cybersecurity
Act also asks for cybersecure default configurations and cybersecurity by design applications. This means that undertakings,
organisations and the public sector should configure the ICT
products, services or processes defined by them in a way that
ensures a higher degree of security and therefore provides the
first user with a default configuration including the most secure
settings possible and no burden on the user to configure the
product themselves. It also means that security measures
should be implemented at the earliest stage of the design
and development to allow for the highest possible degree of
cybersecurity from the very beginning and throughout its entire
lifecycle. All future cybersecurity certification schemes have to
be designed in a way that addresses these security objectives.
Thanks to the European Parliament, security and resilience now
have to be built in by default and by design more adequately to
ensure our internet connected devices are more secure.
The way ahead
The next effort at an EU level to strengthen cybersecurity in the
Union is the establishment of a network of cybersecurity industrial, technology and research centres. These centres shall be a
common platform to share expertise, help deploy cybersecurity
products and solutions and build up strategic cooperation
between industry, research and governments.
The digital world provides a lot of opportunities for society and
industry. However, in order to create a prosperous European
Digital Single Market, we have to improve on cybersecurity,
trust and privacy! The topic of cybersecurity and how to build
up cyber resilience and expertise must continue to be at the top
of our political agenda in the EU.
The Cybersecurity Act of 17 April 2019
This new regulation strengthens the European Union Agency
for Cybersecurity (ENISA) by granting to the agency a permanent mandate, reinforcing its financial and human resources
and overall enhancing its role in supporting EU to achieve a
common and high level cybersecurity.
The Cybersecurity Act establishes the first EU-wide cybersecurity
certification framework to ensure a common cybersecurity
certification approach in the European internal market and
ultimately improve cybersecurity in a broad range of digital
products and services.
> Web https://bit.ly/2OLS5ri
17
THE EUROPEAN – SECURITY AND DEFENCE UNION
Democracies must learn to
withstand, in peacetime, a permanent
war in cyberspace
Governance remains the number one challenge
by Jean-Louis Gergorin and Léo Isaac-Dognin,
co-authors of Cyber, la guerre permanente
(Editions du Cerf, Paris)
O
n 4th October 2019, Microsoft announced that they have
uncovered multiple attempts by hackers believed to
be linked to the Iranian government to infiltrate a 2020 US
presidential campaign1. While far from ground-breaking, this
revelation is yet another sign of a major strategic disruption:
over recent years, cyberspace has become the most fertile
battleground for states and non-state actors seeking to further
their geopolitical and economic ambitions.
The digital world has phenomenally expanded the means and
thresholds of aggression, and rendered obsolete the traditional
dichotomy between war and peace. Over the years, western
democracies have found themselves on the back foot against a
boom in cyber threats. At the heart of their vulnerability is their
struggle to grasp and act on the full scope of cyberspace.
Cyberwarfare is a reality
Cyberspace encompasses all the global hardware and software
means of storing, processing and transporting bits and bytes,
but also, and most critically, all the information-content of
that data. Cyberwarfare is the offensive use of these multiple
components with the purpose of exerting influence or control
over an adversary. Practically speaking, it can take the form of
hacks that seek to compromise the confidentiality or integrity
of digital systems for the purpose of espionage or sabotage,
but also of assaults on the integrity of the information sphere,
such as the mass dissemination of fake, biased or incomplete
18
information through digital media. To cite only a few examples,
the disruption and partial destruction of Iranian centrifuges
by the Stuxnet malware in 2010, the North Korean-led hack of
Sony Pictures in 2014, the mailbox hacks of Hillary Clinton’s
presidential campaign and the targeted social media propaganda operation orchestrated over the course of 2016 by a constellation of Russian-affiliated actors (most prominently, Russian
military intelligence and the Saint Petersburg based Internet
Research Agency), and, last but not least, the WannaCry and
NotPetya attacks of 2017 have all made for headline-grabbing
news. Far from being isolated events, such operations are increasingly part of integrated strategies that seek to undermine
an opponent by acting under the threshold of open warfare.
At this early stage of cyber competition, there are clear winners
and losers. China and Russia were quick to recognise and
experiment with the asymmetric opportunities of cyberspace.
China first specialised in the cyber theft of western intellectual
property assets. Today, its leaders see digital technology as a
major way towards global economic leadership.
Russia, for its part, has made cyber operations a key component of what it considers its legitimate response to western
attacks on its sovereignty and sphere of influence. Following a
string of events that range from endorsements of the “colour
revolutions” by American officials and US-based NGOs to the
enactment of economic sanctions against Russia, Moscow saw
in cyber-attacks an opportunity to hit western countries at their
weakest point while remaining below the threshold of open
warfare.
Smaller actors, namely Iran and North Korea, have also recognised the extent to which cyber operations can transform an
Cybersecurity
Jean-Louis Gergorin
is the owner of JLG Strategy, an aerospace and defence
consultancy. He teaches a course entitled “The New
Strategic Upheaval” at Sciences Po Paris. An alumnus of
Ecole Polytechnique, Ecole Nationale d’Administration and
the Stanford Executive Program, he is the co-founder of
Photo: private
the French-American Cybersecurity Conference. He was
previously inter alia Executive Vice-President (Strategy)
of EADS (now Airbus) and Head of Policy Planning of the
French Foreign Ministry.
photo: © vectorfusionart, stock.adobe.com
this early stage of cyber
“Atcompetition,
there are clear
winners and losers.”
United States has come a long way since 2017, bolstering its
defensive and offensive doctrine and capacities in cyberspace,
to the point of pre-emptively knocking IRA servers offline in the
run up to the 2018 midterm elections, and ensuring an increasingly active ‘forward’ presence on foreign networks to defend
its own critical infrastructure. Similarly it has been revealed
by Reuters on October 16th that at the end of September a US
cyberattack targeted the Iranian digital propaganda apparatus.
Our Old Continent, however, remains a step behind on both
fronts. Europe has struggled to weigh in coherently against
“digital powers”, whether they be states or private enterprises, and several EU Member States have already faced serious
challenges to their electoral processes and wider security in
cyberspace.
Governance in cyberspace is the challenge
unfavourable balance of power. Iran’s response to the Stuxnet attack is most telling: within the space of two years after
discovering the US-Israeli malware, Iran was able to mount a
series of incursions on US financial institutions that completely
inhibited President Obama from further cyber offensive actions.
After two decades of overconfidence in their cyber intelligence
collection, US officials were alarmed to discover foreign actors’
proficiency in hacking into their critical infrastructure, and completely caught by surprise by the information attacks that took
place during the 2016 presidential campaign. That said, the
Léo
Governance remains the number one challenge: no one would
contest the fact that the internet is now a vital global infrastructure yet there is no international body in charge of protecting it.
What the International Civil Aviation Organisation (ICAO) is for
commercial aviation or the International Atomic Energy Agency
(IAEA) for nuclear energy simply does not exist in the cyber
sphere. To date, the only significant initiative in this direction
is the Paris Call for Trust and Security in Cyberspace launched
by President Emmanuel Macron in November 2018. This code of
good conduct in cyberspace has the merit of hailing signatories from 67 States, 139 international and civil
society organisations, and 358 private companies and its principles have already started
to positively influence UN debates on global
Isaac-Dognin
cybersecurity. However, it lacks the signatures
is an engagement manager at Capgemini Invent in Paris,
of the USA, Russia and China. As we argue
where he advises public and private organisations on
in our book, the creation of an “International
digital strategy and artificial intelligence. He holds a BA
Cybersecurity Agency” is essential, and it will
from the University of Cambridge and a joint MPA/MIA
only see the light once major powers agree
from Columbia University and Sciences Po, focused on
to mutual confidence-building measures in
technology and policy. He also lectures at Sciences Po
Photo: private
cyberspace.
Paris. He previously worked for the UK’s Financial Conduct
At a European level, the Council agreed on two
Authority as a financial crime analyst and policy advisor.
major decisions in 2019 to improve govern-
19
THE EUROPEAN – SECURITY AND DEFENCE UNION
would contest the fact that the internet is now a vital
“Noglobaloneinfrastructure
yet there is no international body in charge
of protecting it.”
ance and security. First, on 9th April, the Council adopted the
Cybersecurity Act, thereby establishing EU wide certification
schemes and transforming the current ENISA into a EU Cybersecurity Agency. Secondly, on 17th May, it decided to give the EU
the capacity to sanction persons or entities directly or indirectly
responsible for cyber-attacks against its institutions or Member
States.
Information sharing and partnering
These moves are significant but remain insufficient to cope
with two emerging challenges. First, states are seeing an
increasing amount of ”pre-positioning” cyber-attacks against
their critical infrastructures, particularly in the energy sector.
While implants may be innocuous, they put targets at risk of
sabotage at the will of an aggressor, with potentially devastating effects. This very capacity serves to pressure the targeted
country. Secondly, artificial intelligence will soon make attribution far more difficult, reducing a target’s ability to retaliate,
and increasing the risk of escalation in the case of ”false flag”
attacks.
To face these challenges, the cyber commands and intelligence
agencies of the most capable and determined Member States
must reinforce information sharing, and develop common plans
of response to attacks below the threshold of open warfare. In
spite of Brexit, partnership with the UK remains essential. In
addition, we recommend the establishment of a cyber innovation unit within the new Directorate-General for Defence, able
to work with the private sector in agile ways that reflect the
speed of technological change and to grant contracts exclusively based on the technological merits of their proposals.
1 Media reports suggest the target was President Donald Trump’s re-election
campaign: https://reut.rs/2AOGkYB
PUBLICATION
Cyber, la guerre permanente, by Jean-Louis Gergorin
and Léo Isaac-Dognin (2018, Editions du Cerf).
rs
Call for pape
Annual Privacy Forum 2020
The European Cybersecurity Agency (ENISA) issued a call for papers for the 8th ENISA
Annual Privacy Forum (APF) to be held on 4-5 June 2020 in Lisbon, Portugal, in collaboration with the Católica University of Portugal, Lisbon School of Law. Bringing together
contributions from policy, research and industry, the conference seeks to support the implementation of information security in the area of privacy and personal data protection.
The APF sets the stage for discussions of research proposals, solutions, models, applications and policies. In the last few
years, the APF has also developed a deeper industry footprint, to complement its original research and policy orientation.
The conference is looking for papers presenting original and previously unpublished work on the themes of data protection
and privacy and their repercussions on information security technology, business, government, law, research, society and
policy. Policy makers and implementers, Data Protection Authorities, industry, research, consultants, NGOs and civil society
are invited to contribute, as the forum aims at broad stakeholder participation that stimulates interaction and the exchange of
opinion.
To promote the participation of young researchers, the submission of papers by students is particularly welcome.
The deadline for submission is 17th January 2020.
More information: https://privacyforum.eu/call-for-papers
20
Cybersecurity
The vulnerability of energy supply will increase with digitalisation
The crucial role of cybersecurity
for a resilient energy supply
by Prof Dr Peter Martini, Fraunhofer
Institute for Communication, Information
Processing and Ergonomics (FKIE), Bonn
Prof Dr Peter Martini
is the Director of the Fraunhofer
Institute for Communication, Infor-
T
he events in Ukraine removed all doubt regarding how
vulnerable our energy systems are to cyberattacks. This
vulnerability will only increase in the course of continuing digitalisation, a fact that demonstrates the necessity of cybersecure, resilient energy systems. Although the effects have been
manageable so far, each attack increases the hackers’ capabilities and knowledge of system vulnerabilities. This is an overall
threat to the economies of industrialised nations.
Attacks are no longer the stuff of fiction
Electricity is the foundation of our modern life. Production,
mobility, communication and trade grind to a halt without it.
Thus, a reliable, affordable, and constantly available energy
supply forms the backbone of today’s industrialised countries.
The increasing digitalisation in the energy sector not only offers
huge opportunities to secure the European economic region, it
also entails significant risks. Threat and vulnerability increase
in proportion to the dependency of society.
Thus, a successful attack on critical infrastructures, such as
electricity networks and power plants, would not only have
far-reaching consequences for the targeted country but also
for the entire economic region of the European Union. Such
mation Processing and Ergonomics
(FKIE) in Bonn and he is the Director of the Institute for Informatics
Photo: FKIE
IV at the University of Bonn.
even against the backdrop of the transition to renewables – or,
rather, precisely in response to this transition. If the goals are
to ensure supply security, to extend automation as an economic factor, to improve planning and operation of the energy
supply system through digitalisation, and adequately counteract threats from cyberspace, the corresponding research must
follow an interdisciplinary approach.
Assembling cross-disciplinary competences
To this end, Fraunhofer FKIE and an A-list of partners, including
the Fraunhofer Institute for Applied Information Technology
(FIT), the Institute for High Voltage Technology (IFTH) and
the E.ON Energy Research Center of the Technical University
(RWTH) in Aachen, have developed the concept for the Fraunhofer Center for Digital Energy. The center gathers cross-disciplinary competencies in the key areas of
energy technology, digitalisation, IT security
and economics. This interdisciplinary,
directly deployable, independent collaboration produces valuable foundations for and
contributions to the secure and successful
digitalisation of energy supply. By relying
on the three pillars of, first, research and development, second,
education and training, and third, test methods, we address the
topics of new technologies and processes, shortages of specialised personnel, and integration of research contributions.
Fraunhofer FKIE – together with its close cooperation partners
– focuses on research and development in essential aspects of
cybersecurity in critical infrastructures. We address prevention,
detection and reaction with respect to both individual systems
within the energy network and to the overall network. A challenging effort – but in a world like ours it is how we achieve reliable energy supply. Ultimately, this is the only way to achieve
prosperity, growth and peace in Europe, at least in this area.
attack increases the hackers’ capabilities
“Each
and knowledge of system vulnerabilities.”
attacks are no longer the stuff of fiction but, for companies in
the energy industry, have long since become a part of day-today operations. Furthermore, these are not merely attacks by
lone hackers, but rather they have been elevated to the level of
coordinated campaigns for some time, as the German Federal
Office for Information Security (Bundesamt für Sicherheit in der
Informationstechnik, BSI) has repeatedly emphasised.
In order to protect and further develop the increasingly digitalised energy supply as effectively, responsibly, and as close to
the point of use as possible, we have to realign the branches of
research and industry specialised in this field. In doing so, the
aim is to create a reliable, efficient and resilient energy supply
21
THE EUROPEAN – SECURITY AND DEFENCE UNION
Taking a cyber leap
forwards
Europe must respond to
the evolving cyber threat
landscape
by Roberto Viola, Director-General,
DG CONNECT, European Commission,
Brussels
T
he increased connectedness and the borderless nature
of digital communications have put cybersecurity at the
forefront of EU policy, leading to the adoption of the first pieces
of EU-wide legislation on cybersecurity. Despite this effort,
the proliferation of interconnected devices and the rollout of
high-capacity communications infrastructure, such as 5G, give
rise to a plethora of new vulnerabilities and risks. Moreover,
state actors are increasingly employing cyber tools to achieve
geopolitical goals. Therefore, the European Union will have
to adapt to this evolving threat landscape by developing new
responses and by making the most of the legal framework
recently adopted.
A robust framework has been put in place
Over the last five years, the European Union has developed a
set of measures that has strengthened the cyber resilience of
organisations, improved the EU’s ability to respond to external
threats and laid the ground for enhancing the security of ICT
products, services and processes.
With the adoption in 2016 of the Directive on security of network and information systems (NIS Directive)1, the European
Union has developed its first cybersecurity legislation. The
directive requires Member States to ensure that key companies
in essential sectors, such as energy or transport, take appropriate security measures and notify national authorities of
cyber incidents. It has served as a catalyst for Member States,
triggering real change on the ground. However, the NIS Directive is much more than just a set of common rules. It has also
established the Cooperation Group, a forum where Member
States exchange experiences, align regulatory approaches and
build trust. The group serves as a platform for developing com-
22
mon approaches on a wide variety of subjects, such as election
security, sector-specific alignment and security of 5G networks.
In order to address the external dimension of cybersecurity,
the Council, with the support of the European External Action
Service, has developed the Cyber Diplomacy Toolbox. The
framework consists of a number of measures, including a new
sanctions regime adopted in May 2019. The regime enables the
EU to put in place targeted restrictive measures to deter and
respond to external cyber-attacks. It allows the EU to impose
sanctions on individuals and entities, including travel bans and
freezing assets.
The recently adopted Cybersecurity Act2 illustrates in a powerful manner that cybersecurity has evolved into a priority at EU
level: fifteen years after its foundation, ENISA, the European
Union Agency for Cybersecurity, has now been given a permanent mandate, more resources and new tasks related to cybersecurity certification and operational support in the case of
cyber-attacks. The act also puts in place a legal framework for
EU-wide cybersecurity certification schemes to improve the security of ICT products, services and processes. The Commission
has already asked ENISA to prepare a first candidate scheme
and more will follow. We are also exploring the introduction of
mandatory schemes in priority areas.
Cyber resilience remains a priority
The Commission will continue to work to increase the Union’s cyber resilience. European Commission President-elect
Ursula von der Leyen has proposed to set up a Joint Cyber
Unit to prevent, respond to, but also investigate cybersecurity
incidents. The purpose is to speed up information sharing and
bring cooperation between Member States and EU institutions
to a new level. This initiative will build on existing work on
rapid emergency response, notably on the Blueprint, a set of
commonly agreed procedures ensuring a coherent Union-wide
response in the event of a large-scale cyber incident.
Cybersecurity
Roberto Viola
photo: © ipopba, stock.adobe.com
Creating a real single market for cybersecurity
will remain an important priority for the Commission. This will entail enhancing Europe’s
technological sovereignty. We will invest in
technologies such as blockchain, high-performance computing and algorithms. The next
multiannual financial framework 2021-2027
will provide funding opportunities for cybersecurity under two programmes: Horizon
Europe to promote research and the Digital
Europe Programme (DEP) for deployment. The
DEP will set aside almost 10 billion euros of
funding, exclusively earmarked for supercomputing, artificial intelligence, cybersecurity,
advanced digital skills, and ensuring a wide use of digital
technologies across the economy and society.
We also intend to push for a swift adoption of the Commission’s proposal for a European Cybersecurity Competence
Network and Centre.3 By managing the cybersecurity funds
under the next multi-annual financial framework, the initiative
will help to create an interconnected, Europe-wide cybersecurity industrial and research ecosystem.
Technological sovereignty
Technological sovereignty also means defining our own standards for crucial new-generation technologies. For example, the
Member States, with the support of the Commission and ENISA,
i
DG CONNECT
The Directorate-General for Communications Networks,
Content and Technology (DG CONNECT) is the European
Commission department responsible for developing a digital
single market to generate smart, sustainable and inclusive
growth in Europe.
The EU has adopted a wide-range of measures to shield the
has been the Director-General of the European Commission’s Directorate-General for
Communications Networks, Content and
Technology (DG CONNECT) since 2015. He
holds a Doctorate in Electronic Engineering
Photo: provided by the EC
and a Master’s degree in Business Administration (MBA). From 1985 onwards, Mr
Viola served in various positions including as Head of Telecommunication and Broadcasting Satellite Services at the European
Space Agency (ESA). Prior to his current post, Mr Viola was the
Deputy Director-General of DG CONNECT.
have just concluded a coordinated EU-wide risk assessment on
5G security under the NIS Cooperation Group. The results will
feed into a toolbox of mitigating measures by the end of the
year. It will address the 5G risks identified by Member States
and facilitate a common approach.
In our endeavour to strengthen the single market, we will also
make the most of existing instruments. For instance, we intend
to develop more certification schemes in the coming years,
such as on Internet of Things devices or cloud computing. This
will happen in very close cooperation with national experts and
representatives from the private sector. An obvious candidate
for a future scheme are 5G networks and equipment, complementing the work currently undertaken by the Cooperation
Group. In addition, the Commission will review the functioning
of the NIS Directive at the latest by spring 2021.
The last five years have put cybersecurity at the top of the political agenda and we have been able to lay crucial groundwork
at the EU level. We have recently witnessed some of the largest
cyber incidents to date. Malware attacks such as WannaCry
and NotPetya have generated global costs in the range of
billions of dollars. They have demonstrated the relevance of
our cross-border policy response to cyber risks. Given the
continued importance of cybersecurity, we must now breathe
life into the EU’s newly established legal framework and push
for another round of ambitious steps forward.
European Digital Single Market and protect infrastructure,
governments, businesses and citizens. These measure include, amongst others the Directive on security of network
and information systems (NIS), the EU Cybersecurity Act, and
the European Cybersecurity Certification Network.
DG CONNECT issued a brochure on how the EU works on
many fronts to strengthen cybersecurity and cyber resilience:
> Web https://bit.ly/2IgyMm7
1 Directive (EU) 2016/1148 of the European Parliament and of the Council of 6
July 2016 concerning measures for a high common level of security of network
and information systems across the Union.
2 Regulation (EU) 2019/881 of the European Parliament and of the Council of
17 April 2019 on ENISA (the European Union Agency for Cybersecurity) and on
information and communications technology cybersecurity certification and
repealing Regulation (EU) No 526/2013.
3 Proposal for a Regulation establishing the European Cybersecurity Industrial,
Technology and Research Competence Centre and the Network of National
Coordination Centres.
23
THE EUROPEAN – SECURITY AND DEFENCE UNION
Interview with Arne Schönbohm, President of the Federal Office for
Information Security (BSI), Bonn
T
he European: Mr Schönbohm, you have been the President of the German Federal Office for Information Security
(BSI) since early 2016. In February of that year you were given
the task of re-designing and building up this agency on solid
foundations and with a budget allowing you to pursue ambitious objectives. On the national level, you developed the BSI
into the German cybersecurity agency with the obligation to
help the private sector develop security standards. Within the
European Union you cooperate with your counterparts from
other Member States, supporting the EU to ensure coherence
and efficiency in cybersecurity. Have you been able to realise
your ambitions and what is the status of German cybersecurity
today?
Arne Schönbohm: Indeed, we have made great progress in the
field of cybersecurity in general. The IT-security law of 2015,
24
which was a great effort by the Federal Ministry of the Interior
and the federal government, has had a big impact, especially
for critical infrastructure, and will continue to do so. We have
developed a common and widely regarded cloud security
standard (C5) with our French partner agency ANSSI. Last but
not least, the EU Cybersecurity Act was passed.
The European: What are its advantages?
Arne Schönbohm: This legislation will allow us to develop
a more streamlined European IT security certification policy
which will improve the security features of IT products potentially having a large impact on the unregulated market for the
Internet of Things (IoT) consumer devices and more. Together
with the new and improved mandate for the EU Agency for
Cybersecurity (ENISA) we are heading steadily in the right
photo: ESDU
Europe needs coherent national
strategies and EU operational
concepts
Cybersecurity
direction. But make no mistake, we still have a long way to go.
We still see a very high level of threat. We have seen a new
quality in cyber-attacks and we have all witnessed successful
cyber-attacks with enormous economic damage. We need to
make cybersecurity a top priority at all levels of our society, in
business and industry, consumer markets and the government.
The European: As you said, there many examples of successful
responses at the administrative level, but have you succeeded
in helping the private sector, the more vulnerable part of your
system, to correct its weaknesses?
Arne Schönbohm: We are working hard
to prepare all small and medium-sized
businesses for their digital future. We
have a lot to offer and our approach
is widely accepted. Our Cybersecurity Alliance offers close to 4,000 companies,
organisations and institutions the right
setting for the exchange of best practices and practical IT security measures.
For example, we support the development of sector specific “IT Basic Protection Profiles” and have
launched many awareness campaigns. But again, cybersecurity
needs a permanent effort to succeed.
in each Member State. These preparations were started in a
timely manner and included preparations and exchanges on
a European level with the relevant Union institutions and the
involvement of many Member States.
The European: Does this mean that you take your cue from
ENISA?
Arne Schönbohm: The extension of ENISA’s mandate has further supported its mission to increase the maturity of cybersecurity within Europe. At the same time, we must not slow down
to make cybersecurity a top priority at all
“Welevelsneedof our
society, in business and industry,
consumer markets and the government.”
The European: Allow me to come back to Small and Medium
Enterprises (SMEs) in Europe, the backbone of our industry.
What about their security? Allensbach in cooperation with
Deloitte state in their 2018 Security Report that SME CEOs’
awareness of the likelihood of a cyber-attack is falling.
Arne Schönbohm: I think it is clear that we have made significant progress here. The 2019 Cybersecurity Report states that
managers see a rising threat level, especially for data theft or
data abuse. Almost 90 percent of small and medium-sized businesses have seen attacks on their networks. Four out of five
companies are in favour of a strengthened Federal Office for
Information Security. That same report states that only 25 per
cent of company CEOs are regularly informed about the state of
cybersecurity in their companies. We need to raise that number
to close to 100 percent!
The European: When you compare the German system of cybersecurity with those of your partners in Europe, what are the
lessons we have learnt from the most recent cyber-attacks?
Arne Schönbohm: We have seen data leaks, ransomware
attacks and industrial espionage all over Europe. Like all of
our partners, we are therefore directing our efforts to address
these issues more robustly. As cooperation is key, we see great
value in the collaboration with our European partners and
ENISA. Our success with preventative actions is encouraging,
for example, in our successful efforts to secure the EU elections
our efforts at the national level. Each national agency must
continue to increase its own capacities – especially in the field
of detection and responses to cyber-attacks. The good news is
that I do not see any of our partners falling back here. Without
any doubt, these efforts will bear fruit by making cyber-attacks
more difficult to perpetrate and reducing their possible impact
all over Europe.
The European: Let us turn now to the European Union, your
other strategic terrain as you mentioned: didn’t the EU Global
Strategy from 2014 open more than an interesting discussion
on cyberspace and defence, meaning “Integrated Cyber”. Does
this mean that cyber will never stand alone? For any nation, for
any purpose? Will it be sufficient to “think integrated” – or do
we need advanced operational planning?
Arne Schönbohm: To be clear on your question, cyber definitely never stands alone. Cyber threats may often appear in
isolation, no matter what kind of actor we are dealing with.
At the same time, “hybrid threats” are high on the agenda in
discussions in different forums. In principle, hybrid threats
are nothing new. There are many examples in the past of a
mix of methods. The new development today is the scale of
hybrid threats. Clearly, cyberspace works like a catalyst and
cyber threats are an important component. However, it is only
one component in a number of potential threats, ranging from
external players fomenting social strife to military attacks.
In order to optimise our preventive and defensive measures
against potential hybrid threats, BSI therefore has to cooperate
closely with other security authorities. This is not only true for
hybrid threats but also for cybersecurity itself.
25
THE EUROPEAN – SECURITY AND DEFENCE UNION
The European: Ultimately, that means that
effective cyber resilience has to be embedded in
the whole of society. Where do we stand in this
regard, both in Germany and the EU?
Arne Schönbohm: I am convinced that cybersecurity is the premise for successful digitisation.
Only if we implement adequate security measures
consistently, in every digital product and in every
single IT network, will we be able to enjoy the
wider benefits of digitisation. No one will use
self-driving cars if they can be taken over remotely. No one will trust the underlying infrastructure
if it can be hacked. That is why we are working on
securing car-to-car and car-to-x communications.
Arne Schönbohm
has been President of the Federal Office for Information Security (Bundesamt
für Sicherheit in der Informationstechnik – BSI) since February 2016. Born in
1969 in Hamburg, Germany, he studied International Management in Dortmund,
London and Taipeh. Mr Schönbohm worked in different positions at EADS, inter
alia as Vice-President for commercial and defence solutions. In 2008, he became
Chairman of the board of the BuCET Shared Services AG (BSS AG). Prior to his
current position, Mr Schönbohm was President of the Cyber-Security Council
Germany. Throughout his career, he has been security expert and advisor for
several political decision-makers at the regional, federal and European level.
The European: How far do you see this “security strategy”
going?
Arne Schönbohm: Without any doubt, the same is true for
the security of our personal data, our health care data, our
financial services and our power grid. From IoT to International
Card Services (ICS) products, security and robustness must
be an integral part of implementation from the outset. At the
same time, users must be able to choose the products that put
them at lesser risk. Ultimately this requires better labelling and
awareness about the processing of their data. So yes, effective
the less advanced. As national responsibility comes first, how
might the EU support its less advanced members to do more
and better?
Arne Schönbohm: The most important step in this regard was
the NIS Directive, which sets the framework for a higher level
of cybersecurity in Europe and guarantees a minimum level of
cybersecurity with respect to critical infrastructures as well as
a functioning cybersecurity architecture. In addition, the establishment of new cooperation formats like the NIS Cooperation
Group or the CSIRTs Network are of great value and definitely
support smaller Member States and nurture an enhanced
spirit of cooperation and communication between all European
stakeholders on cyber issues. Next year,
there will be an evaluation of the NIS
Directive and I am confident that we will
identify the next steps that we will need
to take.
firmly believe that the best way to increase trust
“Ibetween
partners is to engage in dialogue at a
bi-or multilateral level. Europe is the natural forum
in this regard.”
cyber resilience has to be societal. And we are working very
closely with our research clusters and data protection offices as
well as our police authorities, civil defence authorities, armed
forces and so on to achieve the highest possible level of cybersecurity for our society as whole.
The European: President, these are the national efforts. What
about efforts in other countries?
Arne Schönbohm: These efforts must not stop at our national
borders. I think there are promising approaches in the EU as
well, ranging from legislation to other measures like awareness
raising. The EU Cybersecurity Act and the “European Cyber
security Month” (October 2019) are just two examples.
The European: I agree with you that, when you are operating
within a coalition, the more advanced will be held back by
26
The European: This is a positive development, but all this is purely defensive.
The EU as a whole has a multitude of
industries and our welfare depends on
their capacity to produce. The protection of European critical infrastructure is essential for all of us
across Europe. Do you believe that the EU can survive just with
a handful of sophisticated measures to ward off attacks and
no deterrence? Hackers, from wherever they come, may have
no fear of retaliation. Might a hack-back strategy not be more
appropriate?
Arne Schönbohm: The first thing we need is preventive measures. We need to ensure that cybersecurity becomes one of the
top priorities in the whole of the ongoing process of digitisation. We need to make sure – as a society – that we protect
our critical infrastructure. We have made progress with the IT
security law, which will be evaluated and updated. Regarding
active cyber defence we already stated in the Cybersecurity
Strategy 2016, that serious cyber-attacks are conceivable
where preventive measures are not sufficient for an effective
and immediate defence. We must examine the extent to which
Cybersecurity
ENISA celebrated its 15th anniversary in March 2019 in Brussels, in the presence of its then Executive Director Udo Helmbrecht, who handed
over his duties to his successor, Mr. Juhan Lepassaar on 15th October 2019�
we need measures that are more active to stop the negative
effects of such cyber-attacks. But that has nothing to do with a
hack-back deterrence strategy.
The European: Cybertechnologies, because of their importance
for a nation or a coalition, are in many cases highly political and
controversial. This is the case in the discussion of equipment
for future 5G networks. Mr Trump has advised his European
partners via Twitter not to buy from “enemies”, which means to
not to cooperate with Chinese providers namely Huawei. Is this
a question of trust? What exactly is the problem?
Arne Schönbohm: We need to make sure that we protect the integrity and the availability of our communication networks. This
is why we are working closely with the German Federal Network
Agency on the development of a catalogue of minimum standards for 5G networks. We are confident that this catalogue will
provide a robust technical basis to ensure the security of 5G
networks. Furthermore, we are also working within the EU on
this matter and have concerted our efforts for making 5G highly
secure. The EU has initiated a process to develop a combined
risk assessment as well as a toolbox with effective mitigating
measures to be available by the end of this year.
photo: © European Union, 2019; Source: EC – Audiovisual Service/ Jennifer Jacquemart
at a bi or multilateral level. Europe is the natural forum in this
regard.
The European: And looking across the Atlantic?
Arne Schönbohm: Well, we must not lose sight of transatlantic
cooperation. But we must never forget that in some instances,
cybersecurity is definitely a national issue when it affects our
local or national networks. Not everything can be solved on
an EU or international level. This is why national Cybersecurity
Agencies are still so essential. Only capable national agencies
can contribute to an effective exchange and the construction of
an international ecosystem in cybersecurity.
The European: President Schönbohm, I am grateful for your
openness and wish you every success in your future endea
vours.
Cybersecurity Alliance
The Cybersecurity Alliance (Allianz
The European: Isn’t it frustrating to hear from time to time from
politicians, corporate leaders and academia that cyber is an
issue of national sovereignty and therefore that cooperation
must be restricted? There is mistrust at all levels.
Arne Schönbohm: I really do not agree with this perception!
There is no need to be afraid and to lose a lot of sleep over
cybersecurity. Sure, there is work to do, but Europe generally
is still in good shape. We should value the partnership we have
and the good work that has been done on so many levels rather
than downplay these advances. I firmly believe that the best
way to increase trust between partners is to engage in dialogue
für Cyber-Sicherheit) was founded
in 2012. This platform for cooperation with business, government,
research and science and other institutions offers a wide range
of information on cybersecurity issues. The initiative focuses
in particular on small and medium-sized enterprises. With
the Cybersecurity Alliance, the Federal Office for Information
Security (BSI) is pursuing the goal of strengthening Germany’s
resilience against cyber-attacks.
> Web www.allianz-fuer-cybersicherheit.de
27
THE EUROPEAN – SECURITY AND DEFENCE UNION
We need more efficient
cybersecurity capacity
building worldwide
Cybersecurity should be considered a
transversal issue in development and cooperation
by Carlos Bandin Bujan, Programme
Manager, DG DEVCO, European
Commission, Brussels
E
ver-evolving Information and Communications Technologies
(ICT) have revolutionised the way we live and interact in our
society. Over the past 20 years, ICT has evolved to become in
many cases a determining element in a variety of policy areas.
Cyberspace provides the underlying platform for development,
distributing transformative digital technologies, with profound
global implications and many human, economic as well as
social benefits1.
Our vulnerability to intrusion and manipulation
Nowadays, two thirds of internet users are said to live in the
developing world, where access to the internet is growing
almost four times faster than in developed countries. It is
estimated that by 2020 the number of devices connected to
the internet will reach 50 billion – all potentially vulnerable to
intrusion and manipulation. Businesses, banks, utility services,
critical national infrastructure, and government agencies – all
rely on IT systems to provide a flow of information that enables
fast delivery of services across national and international territories. But these, and even our personal social media systems
and personal appliances, leave us more exposed to potential
harm.
Nevertheless, there is increasing awareness that the benefits
of ICT cannot materialise in a vacuum. The increased number
28
of cybersecurity incidents that cause major economic damage
to the global economy and security underscore the need to prioritise measures addressing such threats and promote secure
digital services and infrastructure.
The landscape of threats can be categorised into three main
areas:
• The threat to critical infrastructure: due to the increasingly
digitalised environment we operate in, it has expanded in
scope in comparison to a decade or more ago. Potential
damage of this typology of security incidents can cause thousands if not millions of casualties and/or billions of losses;
• Online criminal activity (cybercrime) in relation to digital
content, ranging from ID theft and non-cash payment fraud,
to online terrorist propaganda and child exploitation etc.,
and last but not least;
• Cyber as modus operandi and enabler of many other threats,
including hybrid attacks. This is particularly worrisome with
the prominence of the crime-as-a-service business model.
The EU Cybersecurity Strategy
In the 2013 EU Cybersecurity Strategy and its 2017 revision, it is
highlighted that external cyber capacity building is a strategic
building block of the EU’s cyber policy. This was also brought
forward as a key ingredient in the 2015 European Agenda on
Security. It also contributes significantly to creating operational
cooperation frameworks between partner countries and the EU
(ensuring an internal-external security nexus), which ultimate-
Cybersecurity
Carlos Bandin Bujan
photo: U.S. Embassy Ghana, Flickr.com
ly should lead to an improved global
cyber ecosystem with positive results for
the entire community. Finally, it allows
cooperation with partner countries in a
way that eventually translates to policy
influence. This is especially important
in the context of global polarisation on
cyber issues, including the promotion
of principles of open, free and secure
cyberspace in full compliance with human
rights protection and the rule of law.
Since the adoption of its Cybersecurity
Strategy in June 2013, the EU has been
leading in international cyber capacity
building and systematically linking these
efforts with its development cooperation
funds. Such actions are based on promoting a rights-based and whole-of-government approach that integrates lessons
the EU has learnt from the development
effectiveness agenda.
Moreover, in 2017 there was a clear
recognition at the EU level that cybersecurity should be considered a transversal
issue in development and cooperation
that can contribute to the realisation of the 2030 Agenda for
Sustainable Development, as stipulated in the EU’s Digital4Development policy framework. The significance of efforts to build
national resilience in third countries as a means of increasing
the level of cybersecurity globally, with positive consequences
for the EU, was also recognised in the 2017 Joint Communication on ‘Resilience, deterrence and defence: Building strong
cybersecurity for the EU’.
Lessons learned for the way ahead
has been Security Desk Officer and
Programme Manager in Unit B5 of
the European Commission’s Directorate-General for Development
and International Cooperation
photo: private
(DEVCO) since 2017. He was born
in 1973. From November 2006
to June 2007 he was the Head of the Military Police Unit
of EUFOR in Mostar before becoming Head of Unitin the
Crime Department at Guardia Civil HQ in La Coruna in
2007. He joined the European Commission as Intelligence
Analyst and Investigator (team leader) in the Security
Directorate in 2015.
impact is still difficult to translate into metrics and we will have
to wait a few more years to witness the evolution of our digital
societies and whether today’s efforts have been rightfully identified and implemented. However, some lessons learned can
already be drawn from this process:
• Tackling cybersecurity threats and building cyber resilient societies is something which has to happen at multiple levels,
and across the globe.
• We can no longer hope to protect ourselves by building an effective barrier which keeps all threats out. From time to time
successful attacks on our systems will happen, consequently
we need to develop strategies and operational capabilities
to bounce back from successful attacks on our systems and
ensure the functioning of the services.
• Effective interinstitutional and international cooperation is
key when tackling cyber threats, as the cyberspace is ubiquitous and threats can emanate from the most remote areas on
earth, targeting our assets in seconds.
1 The European Commission’s 2017 Digital4Development Staff Working
document, explores the significant influence digitalization can have towards
increased productivity, sustainable growth, job creation and the empowerment
of women.
In essence, cyber capacity building is crucial to promote
cybersecurity across the globe and as
such, in broader terms, capacity building
in the cyber domain aims to build resilient
and accountable institutions to respond
Digital4Development
effectively to existing cyber threats and to
The Digital4Development approach was set out in a European Commission working Paper
strengthen society’s cyber resilience. This
of May 2017. This approach aims to promote information and communication technolis an integral component of international
ogies in developing countries as enablers of growth, and to better mainstream digital
cooperation that can foster international
solutions in development. Digital4Development is guided by international frameworks,
solidarity with the EU’s vision for a free,
such as the UN’s 2030 Agenda for Sustainable Development and its Addis Ababa Action
open, peaceful, secure, interoperable
Agenda for financing development (AAAA). One of the objectives is to promote access
cyberspace for everyone, while ensuring
to affordable broadband connectivity and contribute to reducing the digital divide and
compliance with human rights and the rule
facilitate access to Internet to the least developed populations or communities having
of law.
no access to digital technologies today.
Efforts made by the EU in building a strong> Web https://bit.ly/2p0jMAO
er and more resilient digital ecosystem are
measurable and quantifiable, however the
29
documentation
THE EUROPEAN – SECURITY AND DEFENCE UNION
Cybersecurity in 5G networks
Report on EU coordinated risk assessment of
5G networks security
On 9th October 2019, EU Member
States, with the support of the European Commission and the European Union Agency for Cybersecurity
(ENISA), published a report on the
EU coordinated risk assessment on
cybersecurity in fifth-generation (5G)
networks. The report is based on the
results of national cybersecurity risk
assessments by all EU Member States,
which is part of the implementation
of the European Commission Recommendation adopted in March 2019 to
ensure a high level of cybersecurity of
5G networks across the EU.
5G networks will provide virtually
ubiquitous, ultra-high bandwidth and
low latency connectivity not only to
individual users but also to billions
of connected objects. 5G networks
are expected to serve a wide range of
applications and sectors, which could
include a diverse range of services
that are essential for the functioning
of the internal market as well as for
the maintenance and operation of vital
societal and economic functions, e.g.
energy, transport, banking, and health,
as well as industrial control systems.
Also the organisation of elections is
expected to rely more and more on
digital infrastructure and 5G net-
works. It is evident that
ensuring the security and
resilience of 5G networks is
graphik: © dmutrojarmolinua,
stock.adobe.com
essential and that any vulnerability in 5G networks or a cyberattack targeting the future networks
in one Member State would affect the
Union as a whole.
“
Protecting 5G networks aims at protecting
the infrastructure that will support vital
societal and economic functions – such
as energy, transport, banking, and health,
as well as the much more automated
factories of the future. It also means protecting our democratic
processes, such as elections, against interference and the
spread of disinformation.”
Commissioner Mariya Gabriel, in charge of the Digital Economy and Society,
26 March 2019�
phto: © European Union 2019, Source: EC – Audiovisual Service
The Report
The report identifies a number of important security challenges likely to appear or become
more prominent in 5G networks, in reason of the key innovations in 5G technology, in particular
the important part of software and the wide range of services and applications enabled by 5G.
30
Conclusions (excerpt):
number of attacks paths that could be
“a) The technological changes introduced by 5G will increase the
exploited by threat actors, in particular
overall attack surface and the number of potential entry points for
non-EU state or state-backed actors, be-
attackers:
cause of their capabilities (intent and
• Enhanced functionality at the edge of the network and a less
resources) to perform attacks against
centralised architecture than in previous generations of mobile
EU Member States telecommunications networks,
networks means that some functions of the core networks may be
as well as the potential severity of the impact of such attacks.
integrated in other parts of the networks making the corresponding
(…)
equipment more sensitive (e.g. base stations or MANO functions);
Together, these challenges create a new security paradigm, making
• the increased part of software in 5G equipment leads to increased
it necessary to reassess the current policy and security framework
risks linked to software development and update processes, cre-
applicable to the sector and its ecosystem and essential for Member
ates new risks of configuration errors, and gives a more important
States to take the necessary mitigating measures. This requires
role in the security analysis to the choices made by each mobile
identifying potential gaps in existing frameworks and enforcement
network operator in the deployment phase of the network;
mechanisms, ranging from the implementation of cybersecurity leg-
b) These new technological features will give greater significance to
islation, the supervisory role of public authorities, and the respective
the reliance of mobile network operators on third-party suppliers and
obligations and liability of operators and suppliers.”
to their role in the 5G supply chain. This will, in turn, increase the
> Web https://bit.ly/33RmoAY
Cybersecurity
“Fake news” and disinformation
The Action Plan on d
isinformation
With the aim to strengthen resilience to disinformation
campaigns ahead of the 2019 European elections, the
European Union outlined in December 2018 an Action
Plan to step up efforts to counter disinformation in Europe
and beyond. Focusing on four key areas, this plan serves
to build the EU’s capabilities and strengthen cooperation
between Member States by:
• improving detection, analysis and exposure of disinformation;
• stronger cooperation and joint responses to threats;
• enhancing collaboration with online platforms and industry to tackle disinformation;
• raising awareness and improve societal resilience.
> Web https://bit.ly/2Rqyqzo
graphik: © finevector, stock.adobe.com / ESDU
How the European Union is fighting against
the spread of disinformation
The Code of Practice on Disinformation
• Making political advertising and issue based advertising
more transparent;
• Empowering consumers to report disinformation and access different news sources, while improving the visibility
and findability of authoritative content;
• Empowering the research community to monitor online
disinformation through privacy-compliant access to the
platforms’ data.
> Web https://bit.ly/2xEjvpw
The Communication on tackling
disinformation
These actions have built on the Communication on tackling
online disinformation from April 2018, which highlighted
the role played by the civil society and the private sector in
tackling the spread of disinformation.
photo: © European Commission
The Code of Practice on Disinformation is the first worldwide self-regulatory set of standards to fight disinformation
voluntarily. It was signed by platforms, leading social networks, advertisers and the advertising industry in October
2018. Signatories of the Code presented detailed roadmaps to take action in 5 areas:
• Disrupting advertising revenues of certain accounts and
websites that spread disinformation;
• Addressing the issue of fake accounts and online bots;
> Web https://bit.ly/2HUijoc
Publication
Journalism, ”Fake News” and Disinformation – Handbook for Journalism Education and Training
Published by UNESCO, this handbook is
why trust matters; thinking critically about
part of the “Global Initiative for Excellence
how digital technology and social platforms
in Journalism Education”, which is a focus
are conduits of the information disorder;
of UNESCO’s International Programme for
fighting back against disinformation and
the Development of Communication (IPDC).
misinformation through media and informa-
The handbook, written by experts in the fight
tion literacy; fact-checking 101; social media
against disinformation, is intended for all
verification and combatting online abuse.
those who practice or teach journalism in
> Web Access to the publication:
the Digital Age. It explores the very nature
https://bit.ly/32ELCm0
of journalism with different modules on:
31
THE EUROPEAN – SECURITY AND DEFENCE UNION
The NATO AEW&C Programme Management Agency (NAPMA) uses a SINA1
solution, enabling staff members to securely work with classified and
unclassified data simultaneously. In December 2017, the specific N
APMA
infrastructure which includes the SINA solution was granted security
accreditation by the NATO Office of Security. Furthermore, the agency
recently decided to extend the solution.
The following interview was conducted by secunet,
the German company that developed the SINA
solution. Stephan Sauer who was heading NAPMA’s
Information Management Branch from February
2017 to March 2019 elaborates on the initial challenges and how the SINA solution solved them.2
S
ecunet: Who and what is NAPMA and what is the organization’s mission?
Stephan Sauer: The NATO Airborne Early Warning & Control
(NAEW&C) Programme Management Organization (NAPMO)
was created in 1978. This organization is responsible to the
North Atlantic Council for the NAEW&C Programme – which, in
short terms, is the NE-3A aircraft, the NATO AWACS.
The NAEW&C Programme Management Agency (NAPMA) is the
executive agency of NAPMO. Within the responsibilities granted
to NAPMA, the agency manages all aspects of the Programme
from acquisition through delivery and on through Life Cycle
Management of the NE-3A.
secunet: Within NAPMA, what do you and your team look
after? What are your key operational responsibilities, goals &
objectives?
Stephan Sauer: NAPMA’s Information Management Branch is
the Information Management (IM) and Information Technology
32
(IT) service provider of the agency. Its mission is to enable
NAPMA with IM/IT services and capabilities needed to perform
NAPMA’s executive, administrative, and project management
functions in an effective and efficient manner.
The availability and control of information is critical to NAPMA’s
organizational success. Currently, NAPMA operates a small
secure dedicated CIS environment centered on Microsoft technology to provide office automation and external connectivity
located at one site in Brunssum, The Netherlands. The main
services provided to the users are e-mail (MS Exchange), document management (MS SharePoint) and an enterprise resource
planning system (SAP). With the extension of the SINA laptops
and secure smartphones, around 70% of the NAPMA staff is
now equipped with a SINA laptop.
secunet: When working in such an operational environment
you need to be able to securely receive, store, work on and
transmit sensitive and/or highly-sensitive data. What kind
of CIS policies & processes do you need to follow to ensure
compliance?
Stephan Sauer: As with other NATO entities, NAPMA shall comply with NATO-wide IT related and CIS Security policies, directives, and guidelines. At NAPMA those policies, directives, and
guidelines are further tailored to NAPMA’s business requirements while maintaining a security accreditation by the NATO
Office of Security (NOS). A prominent milestone was achieved
photo: NAPMA
NAPMA further expands its SINA
Secure Remote Access
capability
Advertorial
Photo: NAPMA
availability and control
“The
of information is critical to
in December 2017 when NOS granted security accreditation authorizing the NAPMA NR Main CIS to store, process, or transmit
information up to and including NATO RESTRICTED (NR). This
accreditation included the SINA implementation at NAPMA.
With regard to the capability to securely store, process, or
transmit sensitive data, it is mandatory for NAPMA to keep
control and ownership of the information. Likewise, supervisory control of all external IT services/support shall remain with
NAPMA. From this perspective, SINA is a great capability for
NAPMA’s IT to meet this requirement.
secunet: When you and your team formulated your requirements for a secure remote access capability, what were the key
objectives and challenges you were seeking to address?
Stephan Sauer: Intent was to enable staff to work on- and
off-site, on- and off-line with the same functionality as the inhouse NAPMA NR workstations and with a similar performance.
The challenge was to implement a service that not only meets
the user requirements, but also fits into NAPMA’s framework
regarding e.g. pricing, quality of service, and implementation
timelines. In addition, NAPMA strived for a system that provides the user with two strictly separated workspaces:
First, a managed workspace for NAPMA business like on
any other NAPMA workstation for up to and including NATO
RESTRICTED.
Second, a low cost (e.g. license free) and low maintenance
workspace allowing web-browsing and basic office applications
during business travel (e.g. no content filtering on internet
Stephan Sauer
APMA’s organizational
N
success.”
access to allow check-in for flights, etc.). In 2015, we obtained
the SINA SRA capability and, in 2018, we decided to triple the
size of the infrastructure. One of the reasons for this was that
the NAPMA users have been very pleased with the SINA devices
regarding performance and user handling.
secunet: What are the key benefits your network and system
administrators as well as your daily users have encountered
and voiced back to you?
Stephan Sauer: After three years of operation I may summarize
that the SINA solution has fully met the users’ as well as administrators’ expectations regarding these criteria. The fact, that in
three years of using 30 SINA devices NAPMA just had to open
12 support tickets, speaks for itself.
With regard to the extension of the SINA devices at NAPMA, it is
a fair statement that the new SRA users have fewer difficulties
handling their “unknown” SINA device than they have with
adapting to the software change that took place in parallel from
Win 7 to Win 10 and to the new version of MS Office.
The network and system administrators benefit very much from
the smooth integration of the backend and the devices into
the existing IT infrastructure. Managing the capability does not
require a lot of effort. Using the same software images on the
SINA, as well as remaining desktop computers, is more than
beneficial. Positive feedback is also coming from CIS Security
staff, who is pleased to see the separation of the restricted
business workspace and the less protected session for Internet
access.
secunet: Thank you Mr Sauer for this interview. We wish you
success in your next position at the German Armed Forces’
Cyber and Information Domaine Service (CIR).
is a German Air Force General Staff Officer. From 2014 to 2017
Mr. Sauer had been the Executive Officer of the NAPMA General
Manager. During this period, he established the Information Assurance Section at NAPMA deriving initial Information Assurance
requirements for the Final Lifetime Extension Programme of the
NE-3A (AWACS). In 2017 he took over as Chief the Information
1 SINA (Secure Inter-Network Architecture) is a high-security solution that
secunet has developed on behalf of the German Federal Office for Information
Security (Bundesamt für Sicherheit in der Informationstechnik, BSI). SINA has
already been successfully used for many years by public authorities and the
armed forces, both in Germany and abroad.
2 The interview was conducted before Lt Col Sauer left NAPMA.
Management Branch responsible for providing IT services to the
agency. In April 2019, Mr Sauer left NAPMA and joined the German Armed Forces’ Cyber and Information Domain Service (CIR).
MORE INFORMATION:
Jerome Kühnert
secunet International GmbH & Co. KG
Kurfürstenstr. 58, 45138 Essen, Germany
33
THE EUROPEAN – SECURITY AND DEFENCE UNION
Cyber defence in the
European Union is part of
its defence capabilities
Cyber strongly influences any kind
of capability development
by Wolfgang Röhrig, Head of Unit Information
Superiority, European Defence Agency,
Brussels
T
oday, cyber space is recognised as a domain of military
operations, which is, per se, of cross-cutting nature. Thus,
cyber strongly influences any kind of capability development.
Before tackling cyber defence, let’s have a look at the strategic
defence context in Europe.
The strategic context of European defence
First, some facts and figures on European defence: the defence
expenditures of EU Member States in 20161 added up to about
208 billion euros. In terms of the Gross Domestic Product
(GDP), the estimated average figure was about 1.4%. In 2016,
the collaborative spending on equipment purchases reached
6,3 billion and the collaborative expenditure on research and
technology was about 143 million euros. This means only a
small portion of about 3.1% of the overall expenditure was
spent collaboratively. These figures illustrate the need for defence to be better organised at a European level. We need more
debate on the better implementation of defence cooperation.
European defence needs interoperable capabilities incorporating innovative solutions – technologies that are not fielded
in defence until now and that are increasingly important, like
artificial intelligence or nanotechnology. These will dramatically
change defence capabilities, and Europe shall not stay behind.
European defence has gained new momentum, especially with
the implementation of the European Union’s Global Strategy
34
published in 2016. Since then, several new EU instruments
have been launched to support the development of new and
innovative military capabilities – including cyberdefence – such
as the Coordinated Annual Review of Defence (CARD), the
Permanent Structured Cooperation (PESCO) and the European
Defence Fund (EDF). Furthermore, the upcoming new European Commission will set up a specific Directorate General for
“Defence Industry & Space”. Taking into account the currently
fragmented European defence sector, the goal must be to make
the European defence landscape more coherent. This requires
more than just asking Member States to spend 2% of their GDP
on defence.
Coherent approach from priorities to impact
To that end, there is a need for the integration of joint priorities
for the development of European capabilities as they were
agreed in the Capability Development Plan (CDP), the latest
version of which was approved by the EDA Steering Board in
June 2018. The CDP addresses the security and defence challenges from a European perspective, looking at the future operational environment and defining the capability needs agreed
by the Member States, reflecting the contributions of the
Military Committee and the European Union Military Staff. The
CDP sets a total of 11 priorities, and among them is “Enabling
capabilities for cyber responsive operations”. These priorities
represent the main orientation for the development of capabilities in a collaborative way in Europe. Avenues of approach for
their coherent implementation have been agreed in the related
Strategic Context Cases (SCC) in June 2019.
Cybersecurity
Wolfgang Röhrig
has been the Head of Unit Information Superiority in the Capability, Armament and Planning
Directorate of the European Defence Agency (EDA) since November 2018. He was born in 1966
and entered the German Navy in 1985. In March 2012, he joined the EDA as Project Officer
and became Programme Manager for Cyber Defence at the beginning of 2014. In this position,
he shaped the EDA Cyber Defence Programme. In February 2018, he returned to the German
Photo: EDA
Armed Forces becoming a staff member of the new Cyber and Information Domain Services
Headquarters, before taking up his current post at EDA.
photo: ©Gorodenkoff, Fotolia.com
Now, the task is to link the new EU
defence cooperation tools (CARD,
PESCO and EDF) to these priorities by
generating collaborative projects in
such a way that the result contributes
to a greater coherence of European
military capabilities. And what applies
for defence capabilities in general
also applies to capabilities that enable cyber responsive operations.
The technological revolution we see
with 5G, robotics, autonomous systems, etc is expected to dominate the future battlefield as well
as the inherent question of how those capabilities can create
an advantage against adversaries. There is often a tendency
to think that in such digital scenarios, ICT systems are the only
systems that are protected against the occurrence of cyber-attacks. However, other components such as, for instance,
electromagnetic signals that are used to transport communications are also part of this environment and the convergence of
cyberdefence with electronic warfare becomes evident. Going
forward, increasingly automated scenarios will increase with
the proliferation of autonomous systems, which in turn bring
new challenges on system integrity as well as ethical and legal
considerations about their usage. In addition, they must be
prepared to operate in cyber and electromagnetic contested
environments. This is where future cyber defence will be most
needed. The challenge is to secure the entire military value
chain: from the sensors over decision-making to the effector
systems.
EDA’s Cyber Defence Programme
The EDA’s cyber defence programme supports the development
of the necessary capabilities for responsive cyber operations in
the light of CDP implementation. This comprises the following
areas of work:
• Improve cyber defence competencies and skills for military
personnel,
• Ensure the availability of state-of-the-art cyber defence
technologies. This includes the identification of those that
will have the biggest impact on the research agenda,
• Adopt an approach to cyber “systems engineering” with
special emphasis on architecture,
• Ensure coordination with other European agencies and institutions responsible for cybersecurity and other international
actors,
• Implement cyber defence measures in a cross-cutting way in
the air, land, sea and space domains.
Today, the EDA runs three ad hoc projects in the implementation phase (Cyber Ranges Federation, Cyber Situation
Awareness for HQs, Improved APT detection) with different
constellations of contributing members. At the same time,
there are also two cyber related projects progressing under the
Permanent Structured Cooperation (PESCO) initiative. Additional cyber projects can be expected from the 2019 call for new
PESCO projects. Furthermore, the European Defence Industrial
Development Programme (EDIDP) and the consecutive EDF are
expected to incentivise cooperation in this field. The current
EDIDP work programme includes topics on cyber defence and
one can expect new cyber project proposals from mixed consortia as part of the recent call for EDIDP project proposals, and for
which the proposals are currently under evaluation.
Conclusions
Artificial intelligence is expected to change the way of thinking.
It will facilitate the way cyber defence is handled and controlled
by providing, for example, automatic detection of vulnerabilities that can be resolved without operator intervention,
networks that “heal” themselves by installing semi-autonomous or autonomous smart agents much faster than human
beings. Other technologies of interest are blockchain, the
Internet of Things or big data analysis as disruptive innovations
in defence.
In the strategic landscape of European defence, the new EU
defence cooperation instruments – the revised CDP, CARD,
PESCO and EDF – are means of achieving better coherence and
improved European military capabilities – including in cyber
defence.
1 EDA Defence Data 2016-2017: https://bit.ly/35N7bm7
35
The new role of
the Defence Chief
Information Security
Officer (CISO)
Defending information, improving readiness, and succeeding anywhere
by Sir Rob Wainwright and
Honorable Beth McGrath, Deloitte,
Amsterdam/Washington
A
s defence organisations become more data-driven, the role
of the Chief Information Security Officer (CISO) is changing.
It is rapidly shifting from a technology-oriented position to a
business leadership-focused one, with significant demands
from and impact on mission readiness. That is why defence organisations across the globe measure, evaluate, and re-measure their “readiness.” While the specific term may vary from
country to country, the heart of readiness remains the ability
of an organisation to execute its assigned mission promptly
and capably. Therefore, understanding readiness starts by
understanding the basic capabilities of a force: its equipment,
people, and infrastructure.
Data for the creation of a real-time picture
Traditionally, the picture of those capabilities was developed
through regular reporting on the status of smaller units, aggregated into a readiness picture at successively higher units.
However, these historical snapshots of readiness lost much of
the detail leaders needed to make decisions. As a result, many
forces are beginning to use real-time data taken from sensors
and analytics to create a real-time picture of projects, performance, and maintenance. Rather than relying on summary
reports, leaders at every level, from defence ministry secretaries to mechanics on the flight line, can pull from the same pool
of actual data. By filtering and analysing it, they can get the
information they need, whether that is force-training levels or
the broken part on a particular jet.
While the greater use of operational data in readiness decision-making can give leaders greater insight, it also greatly
increases the importance of cybersecurity. Every organisation
36
tries to protect its sensitive data, but bringing large volumes of
data on the location and status of military forces requires even
more vigilance. The result is that cybersecurity is now being
dealt with higher up the corporate ladder. In many cases, the
CISO has become a close peer of the chief information officer
(CIO). The role now demands business leadership as well as
information security and technical skills, and the CISO is now
seen as a business partner, not just a business protector.
The evolving role of the CISO
Understanding the threats and putting effective counter measures in place is the responsibility of the CISO. However, as the
organisation begins to use data in new and different ways, the
CISO must also understand how that changes its risk exposure.
In a bid to better understand and improve readiness, defence
organisations are using more and more real-world operational
information to budget, recruit and make other decisions. While
these types of decisions may previously have used “back-office” data that was less sensitive, the aggregation of many
different types of mission-related information makes the CISO
an integral part of the executive team. The CISO must be fully
involved in the decision making process so that they can make
sure that decision makers at every level have the information
they need, but yet still protect sensitive operational data. This
means ensuring that the right people get the data they need,
and only the data they need.
There is a significant change in the role of the CISO. In the past
four or five years, it has broadened, from being almost purely
technology-oriented to more people-oriented, and from being
a middle-management function to a business and technology
leadership function. The role continues to accelerate in the
same direction to meet these needs.
photo: ©Gorodenkoff, stock.adobe.com
THE EUROPEAN – SECURITY AND DEFENCE UNION
Cybersecurity
“
The CISO must be fully
involved in the decision
making process.”
Honorable Beth McGrath
is a Managing Director in Deloitte’s Government & Public Service (GPS) practice and
leads Deloitte’s global Defence, Security,
& Justice (DS&J) practice. Beth has broad,
multidisciplinary, strategic, and operational
Photo: private
management experience acquired from
more than 25 years of successful perfor-
To be successful, modern CISOs need to know more than just
technology. They need to communicate the nature and extent
of the cyber threats to all levels of the company. Then, along
with CIOs, they need to balance the needs for cybersecurity
against the information sharing needs of the organisation.
Finding that balance is the key to success: too little information
sharing, and the organisation cannot make effective decisions,
too little security and it is all for nothing with sensitive information lost to adversaries. Today’s high-level CISO is fundamentally different from yesterday’s information security manager.
The CISO as a value-protector and a value-adder
Cybersecurity is expensive. The CISO’s department is typically
a cost centre. But it is now gradually less focused on justifying
costs and more on enabling valuable activities.
It is difficult, if not impossible, to quantify the return on investment of security spending. Certainly, it is easy to quantify the
costs of not having effective cybersecurity. A quick glance at
the headlines is enough to draw attention to the many companies and government agencies that were victims of high-profile
cyber-attacks. The cost of these in reputation as well as in real
monetary value is clear to see. For most CISOs, demonstrating
value has typically ended there: success was the absence of
bad news. Today, however, that may be slowly changing.
A few of the brightest CISOs are beginning to explore how cyber
know-how can be a valuable commodity. Some companies and
government agencies that have developed expertise in protecting their own vast networks are able to offer that knowledge
to other companies and agencies as a service. In that way the
CISO’s cost centre can actually become a profit centre.
Admittedly, that is not the goal nor likely outcome for most
Sir Rob Wainwright
mance in the federal government serving in positions up to the
undersecretary level in the Department of Defence (DoD). Prior
to joining Deloitte, Beth was confirmed by the Senate as the
deputy chief management officer (DCMO) for the DoD and has
held numerous other executive positions in government service.
CISOs. Success for today’s top government CISOs is not only
protecting data but enabling the mission.
CISOs are being asked by leadership to keep data safe, but also
make sure security measures do not get in the way of digital
transformation, and figure out how technological know-how
can be used to create frictionless information sharing. Keeping
data safe while staying out of the way of modernisation efforts
is critical.
A safer information flow leads to better decisions
Remote payments are a prime example of the benefits of
“security by design,” where robust security measures, far from
slowing down and spoiling the user experience, have sped it
up and enhanced it. Users who have confidence in the security
and ease of remote payments are more likely to use it. For
government agencies, a safer information flow means a greater
information flow, which directly leads to better decisions. So
cybersecurity at this level of sophistication will not just protect
data but will make an organisation more mission-effective.
Different countries and agencies are at different stages of the
evolutionary cybersecurity process, depending on a variety of
factors such as management foresight, industry and sector,
and country of operation. However, what is common across all
of them is that as defence organisations make better use of
the volumes of digital data produced by the modern world, the
CISO will increasingly be a critical part of the realisation of the
mission.
has been a Partner with Deloitte since
June 2018, working in its cyber and financial crime practices. He was the Executive
Director of Europol (2009 to 2018). After
a 25 year career in intelligence, policing,
government, EU and international affairs,
Photo: © Europol
including at the Serious Organised Crime
Agency, National Criminal Intelligence Service and in the British
Security Service, in June 2018 he was awarded a Knighthood by
HM The Queen for his services to security and policing.
1 We are grateful to Joe Mariani, Chris Verdonck, Nick Seaver, Mark Nicholson,
Vikram Bhat, Stephen Bonner and Michael Imeson for their insight and guidance, without whom this article would not have been possible.
modern CISOs
“Toneedbe tosuccessful,
know more than just
technology.”
37
THE EUROPEAN – SECURITY AND DEFENCE UNION
The importance of a
European Air Power solution
Space and cyberspace have become
ubiquitous in recent conflicts
by Dirk Zickora, Lieutenant Colonel (ret), Marketing Manager for
Combat Air Systems, Airbus Defence and Space GmbH, Munich
T
he European security landscape is at a crossroads. The
range and nature of threats are proliferating, the capabilities of potential adversaries becoming increasingly sophisticated and the way wars are fought evolving. European nations
need to recognize this reality and act collectively and decisively. The United States of America is currently the only western
nation capable of projecting and delivering decisive and
sustainable military power throughout the globe. In contrast,
Europe and its individual nation states would be incapable of
providing a sustainable conventional resistance to a near-peer
threat without the US military component in NATO and its
nuclear deterrence umbrella.
However, stretched budgets and a legacy of deferred investments have not improved the European capability landscape
and will continue to exert a negative impact on the rejuvenation
of Europe´s Air Power. The UK and France can back up certain
shortfalls with their national nuclear deterrence capability, but
it is only by expanding their air power capabilities that European nations will be able to provide sufficient support to their key
NATO partner, the United States.
Space and cyberspace have become ubiquitous
The world has recently seen a fundamental shift in how wars
are fought. The classic domains of warfare like land, air and
sea began to coalesce decades ago, with the joint amphibious
Availability of independently operable capabilities
campaigns in the Pacific and the landings in Normandy and
If a greater European role within the current transatlantic
Southern Europe during World War II as early examples. Today,
partnership were desired, it would require a skill set and an
new domains are emerging and interacting with the established
asset portfolio based on available and independently operable
ones. Space and cyber warfare have become ubiquitous in
capabilities. At the same time, fair burden sharing within NATO
recent conflicts, sometimes in support functions, like satellite
and meeting agreed and declared commitments, both in size
imagery or communications, sometimes as fields of engageand over time, continues to require a high level of resources.
ment in their own right with non-kinetic effects like disinformation campaigns, network denial cyber-attacks or
malicious network infiltration.
To prevail in these multi-domain operations,
Lt Col (ret) Dirk Zickora
it will be essential to provide a large enough
is Marketing Manager Combat Air Systems at Airbus
portfolio of assets to deliver the required effects
Defence and Space GmbH, Manching. Born in 1975, he
(kinetic or non-kinetic) and resist similar effects
joined the Luftwaffe in 1995 to fly fighter jets for over
from the adversary with the appropriate level of
22 years. Before joining Airbus, his last tours were Chief
resilience.
of the Flying Branch and Opposing Forces Coordinator
Among other things, it is necessary to sustain
(2013-2018) at the Tactical Leadership Programme in
a robust European airborne Counter-A2AD1
Photo: private
Albacete, Spain, and Staff Officer in the CJFAC Strategy
capability, a skill currently to be found only in the
Division at NATO HQ AIRCOM in Ramstein (2018-2019).
arsenals of the US Navy and the Royal Australian
Air Force. Freedom of movement for a nation’s
own forces is paramount not only during conflict.
38
photo: © Airbus
Cybersecurity
Denial of use of airspace can be a crucial factor in the positioning and operating of certain High Value Airborne Assets in
times of crisis.
Considering individual and regional priorities as well as fleet
sizes and the value of such assets, a large scale conflict in the
Pacific theatre (e.g. hypothetical simultaneous North Korean
and Chinese adversarial actions involving the United States)
would mean a significant shortage of assets for a potential
European or Middle Eastern crisis or conflict at the same
time. Currently, the European portfolio of assets is not large
enough to fill this gap. Such a capability needs to be provided
by multiple user nations, otherwise it creates a bottleneck for
future conflicts, especially if only one nation were to develop
the capability.
From a military point of view, there are a number of
key takeaways from a recent study performed by the
MITRE Corporation2 for the Office of the Secretary of
Defense of the United States of America. The authors
conclude that increased operational readiness can be
achieved through increased combat effectivity and
efficiency, where a larger portfolio of diverse kinetic
and non-kinetic effects increase options for warfighters and
decision makers. Furthermore, a higher mission capable rate
has the same net effect as a larger fleet. Based on this analysis,
investments are paramount in order to raise mission capable
rates and to procure more reliable / available platforms. At the
same time, smaller fleets of expensive aircraft that are difficult
to sustain is an outcome to be avoided.
sessment, fleet sizes (combat mass provision, endure attrition,
scale effects on maintenance costs), true multi-role capability
(jack of all trades and master of none vs. system of systems
approach) and economic impact are the predominant factors.
Through an effort to pool same type platforms under an umbrella like the recent EEAW3 model, significant cost savings for
operations are feasible, even during times of austerity, while
preserving affordable national prerogatives over a specific
number of jets.
Harnessing the benefits of a large and already existing common
fleet like the Eurofighter Typhoon could be the most beneficial
strategy. The true multirole capability and enormous potential
still to be unlocked provide NATO with an unmatched opportunity. Development synergies and benefits, financial risks and
operational flexibility would be shared among partner nations
with individual freedom to expand or restrict own capability or
accessibility. Neither development nor deployment would be
restricted by third party regulations like ITAR, FMS or diverging
national policies or priorities. High mission availability rates
above 80% are already a reality and would further boost the
effectiveness and affordability of this European pillar of NATO
Air Power.
Approach to strengthen European sovereignty
New technologies – even some of those envisioned for a Next
Generation Fighter concept – could be introduced and matured
on a common, open architecture platform like the Eurofighter
Typhoon, enabling a “plug and fight” capability for a Future
Combat Air System, which could be opened to other European
partners. Such an approach would strengthen and consolidate
world has recently seen a fundamental
“The
shift in how wars are fought.”
European sovereignty, its defence industry and technological
know-how. A common and compatible platform and system of
systems strategy would be a catalyst for and bolster European
defence integration. Common connectivity protocols and sufficient bandwidth for network-enabled operational applications
would further enhance cooperation across all NATO platforms,
including US fighters, both current and future.
Procurement options for future effectivity
Based on the analysis above, it follows that an assessment of
procurement options needs to be done to ensure delivery of
future effectivity, efficiency, connectivity, resilience (conventional and cyber), survivability and sustainability. For this as-
1 A2AD: Anti Access Area Denial
2 MITRE U.S. Air Force Aircraft Inventory Study, Unclassified report, 07 Aug 2019,
https://bit.ly/33DSWyg
3 European Participating Forces Expeditionary Air Wing
39
Visit us on Euro
pe’s leading ev
ent
for European Se
curity and Defen
ce
26. – 27. November 2019
Vienna House Andel’s Berlin
Impressions of the BSC 2018
Europe and its external challenges –
a 360° approach in uncertain times
Partner in 2019: Italy
Highlights Main Programme, e.g.
> HIGH-LEVEL DEBATE: European Security and Regional Stability – coherence in times of epochal transition?
> HIGH LEVEL-INTERVIEW: UN Resolution 1325 – Women, Peace and Security
> HIGH-LEVEL MILITARY FORUM: The Mediterranean Sea and North Africa – striving for regional stability to enhance European Security
> FUTURE FORCES FORUM: The European Defence Architecture – challenges and vulnerabilities versus innovation
Panels, e.g.
> PESCO – a major step of the EU Defence Strategy
> Joint and Combined Armed Forces / Multinational Formations in a 360° approach
> Terrorism – the future of countering the global threat
> Digitization versus Cyber Threats – multidomain operations as part of digital warfare
> Military Mobility – Combined Joint Support and Enabling in Europe for larger formations
> Arms Control – how to prevent a new arms race in Europe?
> Conflict Scenarios of the Future – the impact of digitization
150 Top Speakers, e.g.
Miroslav Lajc̆ák
Minister of Foreign and
European Affairs of the
Slovak Republic
Ine Marie Eriksen Søreide
Minister of Foreign Affairs,
Norway
General Claudio Graziano
Chairman of the European
Union Military Committee
Niels Annen MP
Minister of State,
German Federal
Foreign Office
General Enzo Vecciarelli
Chief of Defence, Italy
Dr Peter Tauber MP
Parliamentary State
Secretary, German Federal
Ministry of Defence
Dr Judit Varga
Minister of Justice and
Minister of European Affairs,
Hungary
General Eberhard Zorn
Chief of Defence,
Federal Ministry of
Defence, Germany
Further Information www.euro-defence.eu
Organizer
Photos: Dombrowsky; Bundeswehr 2018, BPA, Kugler; BMEIA; kormany.hu;privat
Security and defence
photo: Š Yeongsik Im, stock.adobe.com
Security and defence cooperation is on the EU’s political agenda.
Countering global threats with military means needs new technologies
for command and control, hybrid energy and potable water autonomy
in operations and excellent capabilities in medical service. The use
of robotics has become a reality. But we should not forget that global
security and the fight against threats that go beyond national borders
also go hand in hand with international cooperation and development
policy. This chapter puts the focus on these different aspects.
41
THE EUROPEAN – SECURITY AND DEFENCE UNION
Finland promotes
an EU defence
cooperation
Finland’s goal is to advance the
connections and coherence of
different defence initiatives
by General Timo Kivinen, Chief of Defence,
Finland, Helsinki
F
inland actively participates in the development and execution of the European Union’s Common Foreign and Security
Policy. For Finland, the European Union (EU) is both a security
policy choice and a community of values. A strong Europe
strengthens Finland’s security. By ensuring its own defence
capability, Finland also acts responsibly and participates in
guaranteeing the EU’s security. During its Presidency from 1st
July to 31st December 2019, in the field of defence, Finland
strives to both ensure the effective implementation of previously set goals, and to have discussions on the development of
future capabilities and the enhancement of cooperation.
EU cooperation supports the defence of nations
The changes in the military operational environment during the
last five years have deepened defence cooperation within the
EU. After the publication of the Global Strategy for the European Union’s Foreign and Security Policy, defence cooperation
has advanced in great strides: these issues now have an established position on the EU’s political agenda.
Finland supports the facilitation of defence cooperation and
the strengthening of the EU as a security community. The
Finnish Defence Forces use the EU as a forum for cooperation,
particularly to advance concrete capability projects. In building
a capability, the goal is to acquire the best possible option as
cost-effectively as possible. Generally, capability planning is
done with the perspective, and needs, of national defence in
mind. The interoperability of forces and compatibility of systems will become increasingly more important in the future.
Furthermore, the Finnish Defence Forces actively participate
in Permanent Structured Cooperation (PESCO) projects. The
potential interfaces with either existing or planned national
projects are checked with every new project cycle. The selected
cooperation projects will support the building of national capabilities. Overall, during the first two project cycles, Finland has
joined eleven PESCO projects. In addition to PESCO, Finland
participates in several other European defence projects.
General Timo Kivinen
is the Chief of Defence in Finland. He started his career at the Finnish
Military Academy in 1979. After the War College (1991 - 1993) he
served as the Finnish Defence Attaché in Austria, Hungary (resident)
and Ukraine from 1998 to 2001 before commanding the Utti Jaeger
Regiment (2001 - 2004). He graduated from the Royal College of
Photo: MOD Helsinki
Defence Studies in 2008. He was promoted to Brigadier General in
2010 and was assigned as Commander of the Karelia Brigade in
2011. From 2015, General Kivinen served as Deputy Chief of Staff, Strategy after which
he was appointed Chief of the Defence Command in 2017. Timo Kivinen became the
Commander of the Defence Forces on 1st August 2019 and he was promoted to General.
42
National capabilities strengthen
the EU’s security
Europe’s safety and security is the
responsibility of every Member State.
With PESCO, the members have,
among other things, agreed to regularly
increase their defence expenditure.
Finland participates in guaranteeing
Europe’s safety and security by continuously developing its own defence.
Threats can be deterred by maintaining
and developing capabilities suitable for
the requirements of the operating environment, and being ready and able to
Security and Defence
interoperability of forces
“The
and compatibility of systems
photo: MOD Helsinki
will become increasingly more
important in the future.”
give and receive international assistance. The wartime strength
of the Finnish Defence Forces is one of the largest in Europe.
Finland creates common security with a solution based on general conscription, combining high-end capabilities and a large
reserve. However, security and safety are not guaranteed with
military capabilities alone, but with multidisciplinary national
cooperation. Comprehensive security is a Finnish operating
model reaching back over 50 years, which relies on inter-agency cooperation between different authorities. It is still used
today to respond to modern security and safety challenges that
affect all of society. The Finnish Defence Forces are one part of
this entity.
Finland also contributes to Europe’s security by participating in
the EU’s military and training missions, and by providing troops
to the Union for these operations. Currently, Finland participates in EUNAVFOR MED – OPERATION SOPHIA in the Mediterranean and in the training missions in Mali and Somalia.
Finland also prepares to use other capabilities of the Finnish
Defence Forces, according to political decisions, in operations
executed within the EU framework. Additionally, we have been
a part of the EU Battle Groups since 2006. In 2020, we are
contributing an armoured reconnaissance unit and Headquarter (HQ) staff for the 2020 German-led Battle Group standby
period.
Digitalisation and artificial intelligence in defence
Finland holds the Presidency of the Council of the EU for the
latter half of 2019. Finland’s third Presidency coincides with
an important time for the Union, since Finland will be the first
country of the Presidency to implement the focus areas of
the 2019-2024 Strategic Agenda into the practical work of the
Council. The focus areas of the Finnish Presidency are tightly
linked to the new Strategic Agenda. Our priorities are:
• the strengthening of common values and the principle of the
rule of law;
• a more competitive and socially intact Union;
• strengthening the EU’s position as a global climate leader;
• ensuring the comprehensive security of citizens.
Two special themes have been named for the field of defence
during this Presidency: digitalisation and artificial intelligence
in defence, and as a topic encompassing the whole of government, responding to hybrid threats. Both themes focus
on partnerships, particularly the cooperation between the European Union and NATO, and the European Union and the United
States. The themes have been carefully selected, paying special attention to their potential and importance in the future.
Addressing both themes is absolutely necessary for all Member
States. Finland’s goal is that the work on the special themes
will continue in the different institutions of the EU during the
next Presidencies too.
To boost discussion on digitalisation and artificial intelligence
in defence, Finland, together with Estonia, France, Germany
and the Netherlands, has written a Food for Thought paper
on the topic. The events and meetings of this Presidency will
include discussions on the possibilities and effects of digitalisation and artificial intelligence on the development of military
capabilities, while also taking the ethical and legal perspectives
into account. However, discussions are merely the first step.
Europe has to be at the forefront of development, which also
requires concrete action in the future. No single EU Member
State can be successful alone in the global competition, but
with cooperation we can develop capabilities for the future and
strengthen common security.
Implementing previously set goals
During its Presidency of the Council of the European Union,
Finland strives to ensure the effective implementation of previously set goals, and to continue and promote active strategic
conversations. The goal is to advance the connections and
coherence among different defence initiatives. The EU must
develop its security and defence cooperation to protect its
citizens and to strengthen the EU as a provider of security in a
challenging security environment. Europe must do more for its
own security.
43
THE EUROPEAN – SECURITY AND DEFENCE UNION
Germany’s policy on arms exports
is still a very sensitive issue
photo: MCSN Michael Starkey
Germany – a touchstone
for the arms policy of
the European Union
A conversation between Dr Hans-Christoph Atzpodien, Managing Director of the Federation of German
Security and Defence Industries e.V. (BDSV), Berlin; Patrick Bellouard, Engineer General (ret), President
of EuroDéfense France, Paris, and Prof Trevor Taylor, Professorial Research Fellow in Defence Management at RUSI, London.
The discussion was led by Hartmut Bühl and Nannette Cazaubon, Brussels/Paris
H
artmut Bühl: Welcome to this round table discussion on
European arms policy and in particular Germany’s arms
export policy. In conferences, participants regularly complain
to me about Germany’s arms and export policies. They tell me
that it lacks coherence and reliability. The German government
regularly engages in huge arms cooperation projects without
giving its partners any assurances that they will be authorised
to export. Mr Bellouard, what are your thoughts on this?
Patrick Bellouard: A country’s policy on arms exports is a tool
of its foreign policy and its sovereignty. The Common Foreign
country’s policy of
“Aarms
exports is a tool
Photo: private
of its foreign policy
and its sovereignty.”
44
�
Patrick Bellouard
and Security Policy (CFSP) of the European Union (EU) was
introduced by the Maastricht Treaty in 1993 and reinforced by
the Lisbon Treaty in 2009, that clarified the role of the High
Representative of the Union for CFSP. However, policy discussions take place within the intergovernmental framework and
it is a real challenge to obtain a consensus between the 28 EU
Member States on critical issues. Although there has certainly
been huge progress over the last ten years, there is still a long
way to go before CFSP is a reality. Member States will continue
for some time yet to have their own foreign and export policy,
as we can see in the Yemen conflict.
Nannette Cazaubon: But this situation should not prevent
Member States from engaging in arms cooperation projects, as
cooperation is the only solution to reach their objective of EU
strategic autonomy?
Patrick Bellouard: Yes, European cooperation on defence is
clearly vital for the future of European defence and security.
The level of European cooperation on arms is still very low
(stable at 20 % of total defence investment expenditures of
EU Members States during the last 30 years) and the Member
States must increase this level of cooperation if they want
to reach their objective of EU strategic autonomy. However,
nations that wish to cooperate on
huge projects must reach agreement on future exports from these
projects and make real commitments on this before the project is
launched.
Photo: © Anke Illing
Security and Defence
of fact that Germany
“Itdoesis anotmatter
regard arms exports as an
integral part of its security
strategy and foreign policy.”
Hans-Christoph Atzpodien
Hartmut Bühl: I agree with you
that export regulations are national prerogatives but that they
should not hinder collaborative projects. Let me ask you, Dr
Atzpodien, the Managing Director of the German BDSV: is it
fair to accuse Germany of pursuing an export policy that is
not reliable and coherent with European ambitions on arms
cooperation?
Hans-Christoph Atzpodien: First of all, it is a matter of fact that
Germany does not regard arms exports as an integral part of its
security strategy and foreign policy. Moreover, we need to bear
in mind that the major German defence contractors are privately owned, with no government involvement. I do not agree
with blanket criticism of Germany for its policy of arms exports.
I think we simply have to acknowledge that so far there have
been significant political differences between Germany and its
closest European neighbours and allies like France and Great
Britain. This makes it more difficult for these countries to enter
into viable European cooperation projects with Germany than
it would be with if there were a more harmonized export policy
vision.
Nannette Cazaubon: Professor Taylor, would you like to respond directly to Dr. Atzpodien?
Trevor Taylor: Collaborative projects are primarily a joint effort
to develop and produce systems that would not be affordable
on a national basis and decisions about exports should also be
made on a collective and not a unilateral basis. The experience
with Germany and Saudi Arabia underlines that the private and
in some ways informal arrangements to deal with the export
of European products are no longer satisfactory. The civil war
in Yemen has presented all the suppliers to Saudi Arabia with
some difficult challenges but unilateralism is simply bad for
European cooperation.
Hartmut Bühl: Professor, let us stay with the United Kingdom: in your experience, are the British more flexible on arms
exports than Germany? What are the rules and principles in the
UK?
Trevor Taylor: The guidance and rules on exports are broadly
the same in the UK as in other states accepting the Common
Position which really addresses factors to be taken into account rather than hurdles that must be cleared for an export to
be allowed. There are debates in the UK about the exports to
be permitted, but in many ways the underlying issue is whether
export licensing should be based on some simple ethical
position (most obviously the precautionary principle of “first
do no harm”) or on calculations of the short and medium term
consequences of a licence rejection. In a realistic perspective,
these would include the increased prospect of Russian and
Chinese sales to Saudi Arabia and enhanced efforts to develop
national arms industries.
Nannette Cazaubon: Is there a common view on human rights,
in your opinion, corresponding to the values of the European
Union?
Trevor Taylor: On human rights, of course the UK government
and society have a serious commitment to their promotion but
we should recognise that in many areas the specific nature of
such rights, while pretty settled in Europe, is a contested area
on the global scale and that the real battle is how best to promote acceptance of our views on human rights by governments
with little respect for such ideas.
Nannette Cazaubon: Gentlemen, may I make the transition to a
very practical issue and ask Mr Bellouard about his long experience of being the Director of OCCAR*, managing the A400M
programme, not only for EU but also for third countries. What
lessons can you share with us
from OCCAR that would be useful
for the EU?
Photo: private
projects are p rimarily a
“Collaborative
joint effort to develop and produce
systems that would not be affordable
on a national b asis.” �
Trevor Taylor
Patrick Bellouard: Although
many lessons could be learnt
from the A400M programme in
general, I do not consider that
significant lessons can be learnt
about the export of the A400M
45
THE EUROPEAN – SECURITY AND DEFENCE UNION
European cooperation in armaments would
in principle reduce the need to export but we
must remember that one goal of collaboration
is to enhance or sustain national defence
industrial capabilities to develop, produce and
support equipment. Sustaining such a range
of capabilities needs a constant drumbeat of
work which usually means that exports are
particularly valued once the national needs of
the collaborators have been met and before a
The German Leopard 2 tank�
photo: 7th Army Training Command, CC BY 2.0, flickr com
successor project is ready to launch. The case
of Typhoon illustrates this. Even US defence
aircraft. Only two export contracts have been signed, one with
businesses, despite the scale of their national market, are now
South Africa, which South Africa subsequently cancelled in
feeling more pressures to sell overseas.
2011, mainly for technical reasons, and one to Malaysia (for
four aircraft). There was a full consensus among the A400M
Nannette Cazaubon: Dr Atzpodien, you have vast experience
partners on these contracts and I have not heard of any politwith cooperation on naval armaments. Did you ever have probical difficulty concerning the implementation of the Malaysian
lems with your partners because of Germany’s export restriccontract.
tions? Would you like to see wide-ranging EU regulations for
arms exports?
Hartmut Bühl: Does this mean that A400M partners will not
Hans-Christoph Atzpodien: On my experience in naval cooperfind it difficult to make future export decisions and, in the long
ation, I have to say that Germany is not the only country with
term, to implement those export contracts many years after
certain political restrictions; in my experience this is also true
their signature?
for other countries like Scandinavian countries. Therefore, it is
Patrick Bellouard: Of course not! There are examples of
of paramount importance for any supra-national arms coopcooperative projects for which a nation later decided to stop
eration that the countries involved reach a clear agreement to
the implementation of previously agreed export contracts by
handle their arms export policies for the respective products in
blocking the delivery of subsystems.
a harmonised or at least a coordinated way.
Hartmut Bühl: Could EU regulations solve that issue?
Patrick Bellouard: EU Member States do not seem prepared
to accept any EU involvement in exports beyond the current
EU regulation on dual use trade controls, adopted in 2009 and
currently being revised in discussions between the Council and
the Parliament. This EU regulation simply reflects commitments
agreed upon in key multilateral export control regimes. However, progress could be made in two fields:
• firstly, a culture of exports, where Member States must recognise that the EU defence industry cannot survive without
exports, especially for as long as some EU Nations spend a
significant part of their defence budget on contracts with US
industry;
• secondly, European cooperation on arms, which remains very
low. A significant increase in EU cooperation would reduce
the industry’s dependence on exports and therefore reduce
the political difficulties in this area.
•
Hartmut Bühl: Professor Taylor, wold you like to comment on
what has just been said from the other side of the channel?
Trevor Taylor: Yes, I would like to comment on this. Increased
46
Nannette Cazaubon: But what are the requirements for that to
happen?
Hans-Christoph Atzpodien: Well, in the first place, it requires
a decision by each government involved. I doubt whether this
can simply be replaced by an EU regulation. The experience
with the Council Common Position of 8th December 2008 shows
that its wording can accommodate very different export policy
approaches. The reason for these differing interpretations is
the simple fact that arms exports are a matter of national sovereignty, which in most cases tends to prevail in export policy
decisions.
Hartmut Bühl: Professor Taylor, there are obviously limits on
the extent of European arms cooperation for European defence.
But shouldn’t the EU have binding rules at least for arms cooperation with third countries?
Trevor Taylor: The EU may be able to devise and enforce rules
where EU funding is involved but even here there is the issue
of how to treat foreign owned businesses in Europe that have
owners outside the EU, but which fund and develop intellectual
property within the EU. General Dynamics and Raytheon, for
Security and Defence
example, are in this position. Where no EU money is involved,
individual EU states should surely be free to arrange projects
as they see fit with partners inside and outside Europe.
Hartmut Bühl: Indeed, it was the USA I had in mind. But after
Brexit, won’t there likely be a new deal? Mr Bellouard, would
you like to comment?
Patrick Bellouard: Firstly, nobody knows today if Brexit will be
implemented or not, and there is a high probability that the UK
will once again seek and be granted an extension. If Brexit is
indeed implemented, the UK will be treated as a third country,
like Norway for example. That should not prevent the UK from cooperating with EU partners
on arms, and I certainly hope it will continue to
do so. However, British industry will no longer
be eligible for EU funds: you cannot be in and
out of the EU at the same time.
Hartmut Bühl: But what is this due to?
Hans-Christoph Atzpodien: It is due to an administrative habit
to link even routine approvals, on which everybody could firmly
rely in the past, to the government’s geopolitical thinking. This
means that even for smaller parts designated for existing European programmes, everyday export approvals can be reversed
by the administration for no visible reason. This practice has
damaged Germany’s reputation for reliability vis-à-vis its European partners more than some of the more prominent cases of
open political disagreement.
Nannette Cazaubon: I think this is the time to
come back to the core question of reliability in
arms cooperation. Professor Taylor, what are
the essentials for such cooperation?
Trevor Taylor: Further to my previous comment, collaborative projects (which often have
an active life of 40 years or more before the disposal phase) should only be undertaken with
partners with a high probability of pursuing a
The future MALE RRPAS system is a cooperation project between France, Germany
foreign and security policy compatible with that
and Italy �
photo: European Defence Agency
of other partners, but there will be always an
element of risk.
Hartmut Bühl: That is why your partners have had, in one way
The major arms developing nations should perhaps have a
or another, doubts about the well-known German quality and
private but serious conversation on the consequences that
reliability. Have you encountered significant and insoluble
have stemmed from very restrictive arms export stances. Do
problems?
they too often actually promote the proliferation of defence
Hans-Christoph Atzpodien: Absolutely! The famous “German
industrial capabilities?
free” advertisement on a product shown at a defence exhibition
has been quoted frequently – but it is no myth! This also has a
Nannette Cazaubon: Thank you Professor, I think we need a
bearing on quality, because delivery reliability in the politically
German comment on this: Dr Atzpodien, German industry is
sensitive defence business is as important as technological
involved in huge bilateral and multilateral arms projects in
quality. At both levels – political and technological – the main
Europe. What is your opinion on confidence, credibility and
contractor must be able to rely on the delivery of a part in order
the other criteria Professor Taylor mentioned? Are these the
to perform on time and on budget.
essentials?
Hans-Christoph Atzpodien: As mentioned before, national
Hartmut Bühl: Mr Bellouard, some years ago, when I did an
policies for arms exports need to be harmonised as much as
interview for this magazine with you as Director of OCCAR in
possible in order to make supra-national projects successful.
Bonn, you pleaded for big projects between EU Member States
This, however, has to include more than just a broad political
to be able to compete with the US and to avoid export probalignment. Just as an example: in recent years hurdles have
lems. Today there are two huge French-German projects for a
been faced during the process of defining German arms export
future combat aircraft and a combat tank. Do you have doubts
policies. These have resulted in a substantial lack of trust in
regarding your German partners?
the consistency of German arms export decisions as they are
Patrick Bellouard: I have no doubt that the political authorities
not that politically visible.
in both Germany and French have fully understood the impor-
47
THE EUROPEAN – SECURITY AND DEFENCE UNION
tance of these cooperative projects for the future of European
defence and security. But I have doubts concerning the effective and efficient implementation of these projects. Difficulties
can come from both partners and success will require a real
trust and a common resolve at all levels, government, administration and industry.
Nannette Cazaubon: Are there ways of reducing these risks?
Patrick Bellouard: Yes, I think that there are, which is why I
propose to use the OCCAR organisation for the management
of these projects. OCCAR has proven its efficiency, it would
avoid issues of leadership between France and Germany, and
it would help build trust between all partners. In addition, I am
convinced that these programmes will not survive as projects between France and Germany alone. It will be crucial to
include other European partners as early as possible.
Hartmut Bühl: With what objectives?
Patrick Bellouard: The objective would be, without introducing
new specifications and delays to the project, to reduce the
budget for each partner and to increase the project’s “European qualification”.
Nannette Cazaubon: Dr Atzpodien, I am sure you will want to
comment…
Hans-Christoph Atzpodien:This is definitely is a good vision,
which has been on the European political agenda for many
years. In the meantime, pressure has clearly been mounting to
seriously reduce the diversity of Europe’s arms programmes.
Nevertheless, I am convinced that true sharing of equipment
among European nations will only work if the countries concerned demonstrate strong political will and everything that
Europe does is truly embedded within NATO.
Hartmut Bühl: Gentlemen, this leads me to another field of
arms cooperation. The European Defence Agency (EDA) is
making considerable efforts to create “capabilities” and is
initiating cooperative arms projects. Germany and France
are active participants in these projects. What are their other
objectives apart from the product? Are Small and Medium
Enterprises (SMEs) a factor in such collaborative efforts? I
would imagine that the BDSV is exerting influence in favour of
SME’s, the backbone of German industry. What are France’s
objectives?
Hans-Christoph Atzpodien: Of course, SMEs are the backbone
of Germany’s and probably also France’s defence industry.
However, SMEs alone will not be able to succeed in organising
and implementing major arms programmes on a European
scale. This also requires strong so-called “systems-houses”,
which already integrate SMEs into their value chains to a large
extent. But perhaps I should turn to Mr Bellouard to give us
France’s position.
Patrick Bellouard: Thank you Dr. Atzpodien. Although the
landscape of French and German SMEs is somewhat different
(German SMEs are generally stronger), there is not a big differ-
48
ence between the French and German approaches to the arms
industry. Both nations need, as you have mentioned, strong
“maîtres d’oeuvre” (systems integrators) as they are called,
supported by established SME value chains. It is the task of
these systems integrators to provide the armed forces with
the weapons systems they need. For me, the main obstacle
to cooperation is not the different industrial organisations, it
is the lack of political will of the partners to reach consensus
on the military requirements. One of the missions of the EDA
is precisely to harmonise and prioritise the military needs. I
consider that this important task is absolutely critical to the
future success of the European Defence Fund.
Nannette Cazaubon: Thank you all for your openness. I think
the time has come to sum up. May I ask you, Professor Taylor,
to try and summarise, or at least to provide an answer to the
title of our discussion, “Germany – a touchstone for the arms
policy of the European Union?”
Trevor Taylor: I judge that Germany and Europe would have
been better off if Berlin had looked for a cooperative response
to the war in Yemen, bearing in mind that defence exports to
Saudi Arabia have been a source of major public debate also
in France, the UK and of course the US. In the bigger picture,
specialised military equipment is the simple if difficult part of
the problem. The more complicated issues concern the export
of dual-use technology valuable for both civil, internal and
military applications. Much electronic technology can enhance
the capabilities of oppressive governments to monitor their
citizens. How is that sector to be controlled? Do we also need
to think about controls over people, if human rights are to be
a major factor in where we chose to work? It is notable that
Saudi Arabia, partly as a response to the threat of embargoes,
is developing its own Saudi Arabia Military Industries with a
German Chief Executive recruited from Rheinmetall…
Hartmut Bühl: Nannette, gentlemen, my gratitude for this
insightful round table discussion. There are no simple
solutions but there are national and industrial interests. We
have learned that arms projects are based on national needs.
Projects can become collaborative when there is the necessary
political will and industrial strategy to bring them to fruition.
These projects certainly need the prospect of export opportunities, realising that export decisions are national ones and
will ultimately be taken for business reasons. We have heard
that German industry is a competent and reliable partner, but
that Germany’s policy on arms exports is still a very sensitive
issue for German society, due evidently to Germany’s history. I personally think that the fact that Germany upholds its
constitution, entailing an extensive interpretation of human
rights with due regard for Germany’s history, should not be
held against it.
*OCCAR: Organisation Conjointe de Coopération en matière d’Armement /
Organisation for Joint Armament Co-operation.
The leading magazine for Europe’s security
and defence community
The magazine is the first winner of the European award for “Citizenship, security and defence” 2011
Please find the subscription order form:
www.magazine-the-european.com/subscription/ or by E-Mail: subscription@magazine-the-european.com
MEDIA AND CONTENT SALES
Andy Stirnal
Phone: +49(0)176 66 86 15 43 · E-Mail: mediasales@magazine-the-european.com
3 issues for one year, including postage and delivery:
Subscription EU: 42,–
International subscription: 66,–
For further information about the magazine: www.magazine-the-european.com
The Future of European Integrated
Air and Missile Defence
photo: © Raytheon
The Patriot partnership of
17 countries is a strong and
attractive community
Interview with Bruce R. Eggers, Raytheon’s Business Development Director
for German Integrated Air and Missile Defense, Andover, Massachusetts
T
he European: Mr Eggers, Germany recently made the decision to upgrade its Patriot air and missile defence system to
the most modern configuration currently available – Configuration 3+. Why is that so significant for NATO?
Bruce R. Eggers: Germany, the Netherlands, as well as five
other European nations and the US, entrust Europe’s Integrated Air and Missile Defence to Patriot. By upgrading to Configuration 3+, Germany has the latest updates to address evolving
threats, to remain technological compatible and interoperable
with its allies for many years to come.
The European: Can Patriot handle the next generation of
threats?
Bruce R. Eggers: Yes. We are offering Germany our Next
Generation Patriot solution package, which addresses advan
ced threats with a cutting-edge, 360-degree radar that has
undergone more than 3,000 hours of testing. Commanders
also have operational flexibility due to Patriot’s missile mix
of GEM-T interceptors and the PAC-3 MSE interceptor. Of
course, those interceptors are already integrated into Patriot
Configuration 3+.
The European: And what about the IRIS-T SL option as an
additional capability?
Bruce R. Eggers: We have the additional capability to integrate
IRIS-T SL, subject to the permission of both the German and
US governments. Together with Rheinmetall’s solution, all of
50
this fits into a seamless architecture that can cover Germany’s
ground-based air defence needs.
The European: You see me hesitating, but let me provoke: Is
my feeling right that you are convinced that Next Generation
Patriot is a German solution because you have a partnership
with Rheinmetall?
Bruce R. Eggers: Absolutely. Raytheon has a global strategic
partnership with Rheinmetall, and they are integral to our
solution. We talked about the opportunity to integrate IRIS-T
SL already. Beyond that, and with the permission of the US
and German governments, we could potentially incorporate
a German medium-range radar and German made command,
control and communications. In Germany, it is a single solution
that combines the current working system Patriot by filling the
gap against short range attacks and thus protecting the own
military forces.
The European: And your Patriot-partner MBDA?
Bruce R. Eggers: I’d also point out that MBDA currently does
work on German Patriots, and the Patriots of other partners.
The European: What is the workshare e.g. for your German
partner MBDA?
Bruce R. Eggers: We have a joint venture with COMLOG. They
are responsible for two main servicing and maintenance tasks
for Patriot. First, they do all the missile upgrade work not only
photo: © Raytheon
Security and Defence
for German missiles but also for other partner countries as
well. There are 80+ employees working solely on Patriot missile
upgrades in Schrobenhausen alone. In Freinhausen all Patriot
user tests are done. We would not anticipate that changing.
Furthermore, MBDA does launcher integration for our worldwide Patriot customers, not just for Germany.
The European: What then do we do with the claim of some
experts in Europe, but also of Raytheon’s competitors, that
MEADS represents the future, while Patriot is the past?
Bruce R. Eggers: Patriot is the air and missile defence system
of choice for 17 countries. Four new countries have joined the
partnership since November of 2017 – the Kingdom of Bahrain
is our newest addition, joining in August. Those countries
looked at the threat, evaluated the data, and made their choice
for today and for the future. How many countries have selected
MEADS?
The European: Sir, let me turn back to the past and ask why in
2011, the US Army – up to this date fully behind the MEADS-programme, decided to terminate participation in the programme?
Bruce R. Eggers: MEADS was billions over-budget and years
behind schedule. The reality is that MEADS is built on a foundation of not of the state of art technology that never made
it through the formal systems qualification process, whereas Patriot’s technology is constantly refreshed, tested and
upgraded thanks to continued investment by the entire Patriot
community. The 17 countries of the Patriot community which
collectively own 240 Patriot fire units pay for modernization
and upgrades which are based on testing and lessons learned
in ongoing operations.
The European: But the threat is constantly evolving and improving. Isn’t a new system required to address that?
Bruce R. Eggers: Patriot certainly has the same name that
it had when it was first fielded – and even looks the same on
the outside – but the resemblance ends there. Threats have
always evolved and improved. An air defence system must be
constantly upgraded and enhanced in order to outpace threats,
regardless of who makes it. Maintaining this constant pace of
improvement would be incredibly expensive if one nation had
to go for it alone.
The European: Maintaining this constant pace of improvement
is highly expensive.
Bruce R. Eggers: In addition to being not state of the art at this
moment, MEADS is untested against the spectrum of air and
missile threats it claims to be able to address. MEADS development has a reported 4 billion price-tag, so let’s assume
that at some point in the future it does get built. There are no
other customers in the queue. It appears Germany would own
a stand-alone system and the threat is not going to stand still.
Germany will also be responsible for all upgrades and updates
on their own. Is Germany prepared, as the only member of the
MEADS Club, to pay all of these bills?
The European: This is going to be exciting, and I thank you for
your openness.
Bruce R. Eggers (right) receiving Hartmut Bühl at Raytheon’s premises
in Berlin�
photo: © Raytheon
51
THE EUROPEAN – SECURITY AND DEFENCE UNION
CONFERENCE REPORT EU CBRN Centres of Excellence Initiative
7th International Meeting of
National Focal Points
photo: Hartmut Bühl
by Nannette Cazaubon, Paris
H
ow should we fight jointly against Chemical, Biological,
Radiological and Nuclear (CBRN) risks and threats around
the world? These challenges go beyond national borders and
cannot be tackled alone, as recent CBRN attacks and events
in Europe, its neighbouring countries and the use of chemical
weapons in Syria showed. This is also true for the re-emergence
of epidemic diseases like Ebola in Africa, or the increasingly
devastating effects of natural disasters and climate change.
In answer to this urgent problem, the European Union launched
in 2010 an initiative called “European Union CBRN Risk Mitigation Centres of Excellence” (EU CBRN CoE).
Within this initiative, there are currently 61 partner countries
grouped around 8 Regional Secretariats1, collaborating with the
aim of fostering national, regional and interregional cooperation around the world to better prevent CBRN incidents or
disasters.
The initiative is well on track
Led by the European Commission’s Directorate-General for
International Cooperation and Development (DG DEVCO), the
EU CBRN COE initiative is now well on track, as was highlighted
during the “7th International meeting of National Focal Points”
that took place from 12th to 14th June in La Hulpe, near Brussels.
This international three-day meeting gathered about 180 participants from countries involved in the EU CBRN CoE Initiative,
who all agreed that the initiative has reached a turning point.
Organised by DG DEVCO and the United Nations Interregional
Crime and Justice Research Institute (UNICRI), with the support
of the European External Action Service (EEAS), the meeting
in La Hulpe was the opportunity for fruitful discussion among
the participants from Africa, Asia, the Middle-East, South East
and Eastern Europe, as well as observers from Kazakhstan,
the USA, and regional and international organisations. Plenary
Regional Roundtable meetings were held on the second day of the conference
Presentation of a mobile biosafety laboratory
photo: Devco
52
�
photo: Devco
Security and Defence
i
sessions and regional round tables provided the opportunity
to assess progress made over the past year and to discuss
working perspectives for the year to come.
During the session breaks, participants were able to visit, in the
conference venue, a mobile biosafety laboratory developed by
the Belgian Praesens Foundation.
On the last day of the meeting, the third EU CBRN CoE prize
awards took place, rewarding the best regional success stories
and innovative and creative proposals.
The EU CBRN CoE Initiative
Launched in 2010 and led by the European Commission’s
Directorate-General for International Cooperation and Development (DG DEVCO), in close coordination with the European
External Action Service (EEAS), the EU CBRN CoE Initiative is
the largest European civilian external security programme,
with a budget of €155 million for 2014-2020. EU support is
provided to implement a wide range of CBRN Risk Mitigation
activities including needs and risk assessments, national and
regional action plans, trainings, Train the Trainer modules,
Sharing ideas and defining next steps
table top and real time (including cross-border) field exercis-
The meeting was opened by Henriette Geiger, Director, People
and Peace (DG DEVCO), and Bettina Tucci Bartsiotas, Director of UNICRI. Ms Geiger said that the meeting “gives us the
chance to share ideas and define next steps, in a creative and
visionary way.” Ms Tucci Bartsiotas told the audience that the
CoE Initiative, with 61 countries working together “is a telling
example of a collective action for the common good”.
Chaired by Olivier Luyckx, Head of Unit B5 (Security, Nuclear
Safety) in DG DEVCO, and his colleagues Eddie Maier, Deputy
Head of Unit B5, and Tristan Simonart, CoE Coordinator, the
meeting was the opportunity for the Heads of the 8 Regional
Secretariats to report on the huge progress in each region,
including the development and use of CBRN National Action
Plans and the launch of new regional and interregional projects. Thematic sessions addressed CBRN Risk assessment,
training and exercises, and a briefing from the European Commission focused on cybersecurity in relation to CBRN. During a
Regional Round Table meeting with the presence of delegates
from the Gulf region (Qatar, United Arab Emirates, Saudi-Arabia
and Kuwait), a first common CoE project was launched in this
complex region.
es. A National Focal Point (NFP) is appointed by each of the
Outcome of the meeting
Participants agreed that the EU CBRN CoE Initiative has
developed into a real joint programme with increasing Southto-South and region-to-region cooperation like in the North
During the EU CBRN CoE prize awards ceremony
photo: Devco
61 Partner Countries and a CBRN National Team is tasked
with the implementation of the initiative at the country level.
NFPs report to and rely on one of the 8 Regional Secretariat
hosted and led by one of the Partner Countries in the region
and supported by a UN Regional Coordinator.
Africa and Sahel region, in Central Asia, and in the Gulf region.
Furthermore, important training and capacity building progress
has been accomplished. Many field exercises took place and
others will be organised in the next two years. Regional CBRN
Schools of Excellence and networks of CBRN training institutions emerged in South East and Eastern Europe, the Middle
East and several African regions.
It was also highlighted that emerging technologies with a
potential CBRN dimension, like artificial intelligence, the use of
drones, or cyber applications have to be taken more and more
into account and that the subjects of cybersecurity of infrastructure related to CBRN will be part of working perspectives
for the years to come.
In his conclusion, Olivier Luyckx underlined that this meeting
was a breakthrough for the CoE initiative. He highlighted the
“spirit of trust and confidence” between the participants, saying that this was unprecedented. Pawel Herczynski, Security
and Defence Policy Director (European External Action Service)
thanked the audience in the name of the EU High Representative Federica Mogherini for “their efforts, the very rich and
inspiring discussions” and their enthusiasm which he called
essential for this initiative. He said that he was truly impressed
by the progress made, and that the EEAS will continue to work
to increase the visibility of the CBRN CoE initiative.
1 African Atlantic Façade (AAF); Central Asia (CA); Eastern and Central Africa
(ECA); Gulf Cooperation Council Countries (GCC); Middle East (MIE); North
Africa and Sahel (NAS); South East Asia (SEA); South East and Eastern Europe
(SEEE).
53
THE EUROPEAN – SECURITY AND DEFENCE UNION
Another innovative step towards smart energy infrastructure in development policy
No more dead through contaminated water!
by Raymond Hernandez, Business Development Water Treatment, BLÜCHER GmbH, Erkrath
E
very human being in the world has the fundamental right
to proper drinking water (see https://bit.ly/2WcLuYo ), but
the United Nations reports, that there are more dead through
contaminated water than war.
Water consumption is increasing by 1% each year. The reasons
for this are not only population growth and changing lifestyles,
but also the climate change and related droughts and floods
which complicate access to drinking water.
Around 844 million people do not have any access to drinkable
water and only 39% of the world’s population benefits from
water purification services. 780,000 people die every year
because of inadequate water and failing purification services,
causing dysentery and cholera. This is more than the victims of
wars, earthquakes and epidemics.
United Nations development
“The
programme has set as objective to
grant the whole world’s population
access to drinkable water at a low
price by 2030. This could help to
encourage people to stay in their
regions.”
The United Nations development programme has set an objective to grant the whole world’s population access to drinkable
water at a low price by 2030. This could help to encourage
people to stay in their regions. It is a real challenge, but at
BLÜCHER we have the capacity and will to help reach this goal
with our water purification systems.
From idea to implementation
In 2014, BLÜCHER decided to develop a dual use water purification unit for decentralised applications, which should be highly
mobile with airdrop capabilities, low weight, low energy consumption and high efficiency output. The uses are military and
peacekeeping, crisis and disaster management, contribution
54
to development aid such as in African settlements and villages
suffering from contaminated drinking water and no access to
water purification.
Time for innovation in water purification
The two long established technologies for the treatment of
water are ultrafiltration for water with specific pollutions only
and reverse osmosis in cases of known or suspected chemical
pollution. More recently, however, the increasing presence
of dissolved organic compounds and traces of heavy metals,
pharmaceutical pollution and pesticides has turned out to be
a challenge in both urban and rural environments. The existing
technologies have proven incapable of removing some critical
substances, as well as having high-energy demands and requiring bulky, heavy and immobile installations. The user community – either small, deployed military forces or disaster management units – has therefore been encouraging the industry to
provide innovative solutions with enhanced mobility, energy
efficiency and water quality. BLÜCHER’s mobile BWP400 water
purification unit addresses those requirements.
Low weight and small footprint
Thanks to its low weight (approximately 100 kg) and small
footprint (the size of a Euro pallet), four operators can move
BLÜCHER’s water purification unit. Its electricity consumption
(less than 1 kW) keeps energy requirements to a minimum, and
in environments with scarce water supplies its average yield
of 90% is advantageous. Highly automated, the unit can be
easily commissioned and operated, even by personnel with a
minimum amount of training. The unit is easily transportable on
any small truck or trailer and any transport helicopter, enabling
it to be deployed in inaccessible zones and difficult terrains.
Innovative filtration concept
The BLÜCHER’s BWP400 is designed to cope with a range of
difficult water purification challenges. The concept is based on
an ultrafiltration step, which retains particulate contamination
such as suspended solids, bacteria and viruses, followed by
an adsorptive filtration unit operating a special high purity
and high capacity synthetic activated carbon bed. 8,000 liters
of drinking water are delivered per day in a nearly continuous mode and, depending on the water quality, the unit can
produce approximately 200,000 liters of drinking water before
cartridge replacement.
Security and Defence
Raymond Hernandez
has been Head of Business Develop-
Dual-use prototypes successfully tested by NATO
Prototypes of the BLÜCHER’s BWP400 water treatment unit
took part in NATO’s Smart Energy demonstration activities
during a civil-military exercise (the Capable Logistician 2015 –
CL15) organised in Hungary. The unit drew significant interest
from military as well as civilian attendees with disaster management and humanitarian or development aid backgrounds.
At temperatures between 36° and 40° Celsius, the unit successfully proved its fitness for use in military and disaster response
environments. It was deployed and relocated several times,
demonstrating its high mobility and performance under varying
requirements. Thanks to its low energy consumption and
resulting connectivity to a range of energy sources, e.g. solar
panels, the system can be operated autonomously, waiving
the need for a continuous fuel supply and the related logistic.
Easily and quickly customisable to various water and energy
sources as well as to different water supply and storage equipment, it successfully demonstrated its interoperability and
hence its decisive role in a smart energy environment under
high demanding security and reliability requirements.
Lessons learned and consequences
Water treatment and supply is vital everywhere. To guarantee
drinkable water in developing countries without sufficient access to treatment capacities, suitable water treatment systems
ment Water Treatment at BLÜCHER
GmbH in Erkrath since 2017
Born in 1958 Hernandez earned his
LL.M. (International / European Law
Photo: private
and Political Sciences) in Paris and is a
special postgraduate in European Law.
He has held, among others, these positions:
2004-2016: Project Director International, GELSENWASSER
AG, Gelsenkirchen; 1989-1998: International Business
Development, Veolia Environnement, Paris; 1983-1989:
International Project Manager DG DEVCO, European Commission, Brussels.
will save people from epidemics and allow for better live quality. In the fields of military as well as civil peacekeeping and
humanitarian operations, energy-efficient, mobile water supply
units bring a decisive performance and safety leverage.
Trials under real operation conditions showed that such water
production systems must be customisable. The experience
gathered during the CL15 exercise and consecutive discussions
revealed the need for current technology standards for decentralised drinking water production to be reviewed focusing on
enhanced mobility, autarky, performance and safety.
The high mobile BWP 400 with a weight of 100 kg needs 1,5 kVA ( = 1 Solar Panel) for the production of 400 l/h potable water. Low operator
skill, ruggedized construction and low logistical requirement make BWP400 the ideal water purification system for settlements, housing at construction sites as well as medical stations or mining in regions under development to guarantee continuous supply of potable water.
Illustration: BLÜCHER GmbH; photo: Scott Griessel, stock.adobe.com
55
THE EUROPEAN – SECURITY AND DEFENCE UNION
CONFERENCE REPORT International Workshop at Kärcher Futuretech
photo: ©Kärcher Futuretech
Life Support Solutions –
Field Camp Services
(Hartmut Bühl, Brussels/Paris) An international workshop on the initiative of the Association of the
German Army (FKH) and organised by Kärcher Futuretech, a wholly owned subsidiary of Alfred Kärcher
SE & Co. KG, took place on 26th and 27th June 2019 at the company’s headquarters in Schwaikheim,
near Stuttgart, Germany. The workshop brought together major players in the political, public, business and industrial sectors, including scientific research, to focus on the deployment of land forces in
joint and combined operations in humanitarian, peacekeeping and peace enforcing missions. The primary aim of the FKH is to put forward, for the benefit of the German parliament and German government, solid arguments about how to equip German land forces in the most modern and efficient way.
T
he General Manager of the Association of the German Army
(FKH), Major General (ret) Wolfgang Köpke welcomed more
than 100 representatives from 21 nations to this two-day workshop, comprising an exhibition of equipment, presentations
and round table discussions. He asked the participants to exchange ideas and experiences and said, “I hope that at the end
of our discussions, we will have found the appropriate answers
to the key challenges of future conflict scenarios.”
View into the exhibition space of companies and organisations
photo: ©Kärcher Futuretech
56
Thomas Popp, the Managing Director of Kärcher Futuretech and
organiser of the workshop, emphasised that all presentations
and speeches would be open for wide-ranging discussion. “The
speeches of officials”, he said, “and the different companies
present at the workshop, will provide insight into the issues
and offer solutions to be discussed in a most constructive
way.” In handing over to the master of ceremonies, Dr Patrick
Marcus, Executive Head of Development, Testing & Technical
Communication, who led the discussions and managed the
event to participants’ great satisfaction, Thomas Popp said
wisely: “There is never only one solution, but each solution
generates ideas.”
Presentations were given by partner armies and international
companies. The insightful presentations on life solutions for
camps by Austria, Canada and Sweden clearly showed that
there is no standardisation and that each army has its own
views on the issue. The company presentations by GOFA
Gocher Fahrzeugbau GmbH on vehicles for transport and water
storage and Drehtainer GmbH on the properties and use of
containers in operations demonstrated different customer-approved solutions. The Danish Dantherm Group showcased
solutions for mobile heating and cooling in camps. Stefan
Monig, Managing Director of M. Schall GmbH, presented the
Security and Defence
Detailed discussions after industry presentations were characteristic for the workshop�
company’s range of highly mobile tent and container solutions,
and the Israeli Beth-El industries, active worldwide in protection and filtration systems for tents, containers and vehicles,
presented its solutions for protection against CBRN attacks and
environmental hazards.
In-camp logistics were presented by the Austrian Palfinger
Emea GmbH and Ecolog, Germany. Josef Fenninger reported on
Palfinger’s solutions for life support in camps. André Hansen,
CEO of URBITAS, a company of Ecolog, focussed on challenges
and solutions for catering during operations, applying hybrid
energy solutions (solar and wind) to all camp installations, from
communication with HQ to tents, kitchens and water treatment
equipment, thus promoting comprehensive solutions to building camps.
photo: ©Kärcher Futuretech
Hartmut Jenner, CEO of Alfred Kärcher SE & Co. KG, opening the
evening session�
photo: ©Kärcher Futuretech
Editor-in-Chief Hartmut Bühl asked the President of FKH, Wolfgang Köpke, on his
impressions about the workshop at Kärcher Futuretech
The European: At the end of the workshop, what is your
overall impression?
W. Köpke: We experienced perfect organisation, great
hospitality and had very constructive discussions.
President FKH, Major General (ret) Wolfgang Köpke,
launching his appeal to industries to keep in mind the
The European: The soldier was at the core of all presentations and discussions. What do soldiers need to fulfil
their missions?
W. Köpke: To achieve military success, modern and
well-organised field camps are a prerequisite to ensure
the well-being of our soldiers and enable them to fulfil
their missions.
The European: Given the threats and setbacks in every
deployment, what is essential for camps?
well-being of our soldiers
photo: ©Kärcher Futuretech
W. Köpke: To accommodate mission-ready forces, the
infrastructure has to be reliable and resilient. The equipment providing energy (fuel or hybrid), water and food
as well as ammunition has to be available 24/24 and 7/7
under all circumstances.
57
THE EUROPEAN – SECURITY AND DEFENCE UNION
Last but not least
Franco-German Ministerial Council pushes defence
industrial cooperation
26 Nov
ENISA Maritime
Cybersecurity Workshop
The ENISA Maritime Cybersecurity Workshop
will be a full-day event and will take place at
EMSA’s Headquarters in Lisbon, Portugal.
The workshop will include presentations and
discussions around the topic of cybersecurity
in the maritime sector, particularly focusing
on ports.
> Web https://bit.ly/2MWrFQM
2-3 Dec
Santiago Climate
Change Conference
(COP 25)
The 2019 UN climate change conference
(COP25) will be held in Santiago, Chile. The
EU and its Member States will take part as
Parties to the UN Framework Convention on
Climate Change (UNFCCC).
> Web https://www.cop25.cl/en/
19-21
Nov
Space Tech Expo
Europe
Space Tech Expo Europe is a major event for
On the basis of the 2018 Franco-German “Declaration of Merseburg” which called,
among other things, for the start of common military research, namely the Future
Combat Air System (FCAS) and the Future Main Ground Combat System (MGCS), the
Franco-German Defence and Security Council agreed on concrete measures in industrial armament cooperation at its meeting in Toulouse on 16th October 2019.
Both sides also agreed to develop a common position on exports of common arms
projects . Regarding the current political situation, France and Germany highlighted
their firm commitment to NATO’s enhanced Forward Presence (eFP), with France
to commit forces in 2020 to the German-led battlegroup in Lithuania. Furthermore,
they declared that they remain fully committed to the resolution of the conflict in
eastern Ukraine in order to restore its full sovereignty, territorial integrity and independence within the Minsk process.
Both sides also confirmed their commitment to strengthening their cooperation in
the space domain, especially in the field of threat assessment.
Regarding industrial armament cooperation, France and Germany reaffirm their
willingness to cooperate in the defence industrial domain to jointly develop leading,
cutting-edge technologies and defence systems with the aim of meeting future national as well as European defence needs.
Toulouse Declaration (excerpt)
Deepening Defence Industrial Cooperation
FUTURE COMBAT AIR SYSTEM /NEXT
GENERATION WEAPON SYSTEM
In the air domain, France and Germany
will develop a Next Generation Weapon System within a Future Combat Air
System (NGWS/FCAS). Research and
technology activities will be contracted
by the end of January 2020 with the aim
of developing a new generation fighter
demonstrator flying by 2026. France and
Germany welcome the initial participation
of Spain.
A new phase of the Joint Concept Study
will be launched following Germany’s
commitment as expressed at the Paris
Air Show in June 2019. The project will
be open to other European nations.
manufacturing, design, test and engineering services for spacecraft, subsystems and
space-qualified components. The event will
take place in Bremen, Germany.
> Web http://www.spacetechexpo.eu
58
NEW GENERATION LAND SYSTEMS/
MAIN GROUND COMBAT SYSTEM
France and Germany reaffirm their
commitment to developing, in common,
a Main Ground Combat System (MGCS)
to be available by 2035. The countries
therefore welcome the signature of a
Letter of Intent by the main German and
French industrial partners regarding their
cooperation for the first study phase of
the project.
The technology demonstrator phase will
be launched with a system architecture
study for MGCS in early 2020. In addition, France and Germany will examine
steps for a further consolidation and evolution of their land systems industries.
The project will be open to other European nations.
MARITIME PATROL SYSTEM
France and Germany also reaffirm the objective to award, in early 2020, a contract
for a feasibility study for the Maritime
Patrol Aircraft project (MAWS).
ARMS EXPORTS
Pursuant to Article 4 of the Aachen
Treaty of 22 January 2019, France and
Germany have committed to developing a
common position on exports of common
arms projects.
France and Germany have concluded
their negotiations with a legally binding
agreement of which the final steps will be
implemented as soon as possible.
Source: Toulouse declaration, 16.10.2019
> Web https://bit.ly/32mgQOI
LAND AND AIRLAND DEFENCE AND SECURITY EXHIBITION
08-12 JUNE 2020 / PARIS
THE UNMISSABLE
WORLDWIDE
EXHIBITION
1,802
exhibitors
+14,7%
from 63 countries
65,9% of international
65 startups at Eurosatory LAB
98,721
Total attendance
(exhibitors, visitors,
press, organisers)
227
Official delegations
from 94 countries
and 4 organisations
(representing 760 delegates)
696
journalists
from 44 countries
75 Conferences
2,102 Business meetings made
2018 key figures
ANYTHING.
In operations, the Eurofighter Typhoon
is the proven choice of Air Forces.
Unparalleled reliability and a continuous
capability evolution across all domains
mean that the Eurofighter Typhoon will
play a vital role for decades to come.
Air dominance. We make it fly.
airbus.com
