Asymmetric threats demand EU-NATO seamlessness

In the cyber arena, the EU and NATO must properly settle their division of labour. Technical and educational support for European cyber security efforts would be best concentrated at the NATO Cooperative Cyber Defence Centre of Excellence (CCD COE) in Tallinn, where the European Defence Agency (EDA) has observer status. The EU, meanwhile, should concentrate on law enforcement elements through the European Cybercrime Centre (EUROPOL’s EC3) and maybe also could continue with “network security health” at ENISA. The EU also has a clear role on funding R&D and standardisation issues. But this division leaves some gaps.

Concerning the heightened security threats from Russia, both the EU and NATO need to revisit their previous postures and policies so that Russian asymmetric threats, “the little green men” for instance, can be countered. Most Russian threats take place during what are formally peacetime conditions, and tactically aim to slip between the domains of law enforcement and the military. To respond, law enforcement resources under EU interior ministries could be further converged with military capabilities under the ministry’s planning lead. Both policy planning and exercises are needed here.

On the strategic level, cyber reconnaissance and cyberattacks on critical information infrastructures could be monitored and countered by NATO at the CCD COE, while Influence Operations – “net-trolls” etc. – would be dealt with at the NATO StratCom Centre in Riga. On the security policy level – and I am aware that not every EU member state is on the same page here – more concerted consultations and actions between the European Council and North Atlantic Council may prevent Russia and its proxies from driving wedges between Western cohesion structures.