A Declaration of Intent endorsing the formation of ‘Cyber Rapid Response Teams’, which will work together to counter cyber attacks, has been signed in Luxembourg.
The project was led by Lithuania, under the Permanent Structured Cooperation on defense (PESCO). Estonia, Croatia, Lithuania, the Netherlands, Romania and Spain have signed the Declaration (PDF). Finland, France, Poland and Spain will join later this year. Belgium, Germany, Greece, and Slovenia are observers.
“EU countries have not had the opportunity to address cyber incidents together so far, and in the meanwhile, the attacks are not limited by country borders. Lithuania has taken up the role of leadership in proposing first a practical solution in strengthening collective defence in cyber space and countering threats in a new dimension,” said Lithuanian Minister of National Defence Raimundas Karoblis.
Lithuania’s investment in the project is unsurprising. The state has boosted its cybersecurity capabilities in recent years in response to Russian “hostile cyber activities”, primarily targeting critical national infrastructure such as state institutions and the energy sector.
In signing the Declaration (PDF). the states announced their intent to:
- provide each other with assistance in response to major cyber incidents (including information-sharing, joint training, mutual operational support, R&D, and creation of joint capabilities)
- create Cyber Rapid Response Teams (CRRTs) to provide this assistance to participating member states and, as appropriate, to other EU member states, EU institutions, and eventually Partners
- use the CRRTs to complement national, EU, regional and multinational efforts in the cyber field
- survey existing national and EU legal frameworks in order to ensure effective deployment of the CRRTs
- consider establishing Cyber Toolkits in order to improve CRRTs’ operational capabilities, perhaps drawing on European Defence Fund co-funding and funding from other EU sources
The declaration also lays out some details about the CRRTs.
Each team is to have a designated leader, and be formed by pooling participating member state cybersecurity experts from Computer Security Incident Response Teams (CSIRTs) on a rotational basis, including training and six month standby periods. Designated experts will combine their work in their original CSIRT and their CRRT.
The teams will be mobilised for planned or urgent tasks agreed by all participating member states, and will only act at the request of a member state, EU institution, or Partner country. They are to cooperate closely with EU institutions, including the CSIRT Network, ENISA, and CERT-EU.
CRRTs are to be jointly civil and military initiatives, which “should help foster civil-military culture in cyber domain”. The Declaration leaves it up to individual member states to decide which of its national CSIRTs (civil or military) will be involved in the project.