EU cybersecurity governance – stakeholders and normative intentions towards integration

Abstract

In the last decade, the EU’s policy on cybersecurity has changed significantly, both as to its referent objects and priority level. While the 2013 Cybersecurity Strategy focused almost exclusively on the importance of cybersecurity for the proper functioning of the single market, its 2017 version also contained an analysis of malicious cyber activities that threaten the political integrity of Member States and the EU as a whole. As the field’s level of complexity grows and forward-looking initiatives are constantly being proposed in order to promote cyber resilience across the EU, it is increasingly challenging the Union in the process of coordinating and implementing the planned actions. Cybersecurity has also become a national security issue entangling private and public, external and internal, civilian, and military issues making it necessary, but very challenging to widen and deepen ties among stakeholders in the EU. Yet cybersecurity governance is fragmented at the EU level, and there is an evident lack of trust that prevents effective cooperation among stakeholders on crucial aspects of the process. This contribution argues that as a result, cybersecurity policy in the EU remains unsystematic and predominantly reactive in nature, addressing the issuespecific incidents that have already occurred, although in our technology-dependent societies more emphasis should be placed on prevention. Therefore, in a natural scholarly quest for explanations, this chapter focuses on the development and main elements of the EU’s cybersecurity policy, followed by mapping the attitudes of cybersecurity stakeholders and their normative objectives in the context of EU integration in this domain.