The European Competence Center
There are already extensive activities in the EU in terms of research, technologies and industrial development in the area of cyber security. However, these activities are often limited to certain regions, company sizes, sectors or areas of society. In future, these activities should be more closely coordinated within the EU in order to pool resources, create synergies and establish a balanced and competitive level of cyber security.
The EU cyber security ecosystem with existing areas such as measures against cyber crime (Europol), incident response (EU CSIRTs Network), protection of critical infrastructures (Cooperation Group on Security of Network and Information Systems, NIS) or crisis response/management (Cyber Crisis Liaison Organization Network, CyCLONe) is to be supplemented by the aspect of cyber security research.
The European Cybersecurity Competence Center
The European Commission has decided to establish a European Cybersecurity Competence Center for Industry, Technology and Research (ECCC, hereinafter "Competence Center") with Regulation 2021/887. In addition, a network of National Coordination Centers (NCC) will be established in the EU Member States. The Competence Center is based in Bucharest and will become the EU's most important instrument for pooling investments in research, technology and industrial development in the field of cyber security. This also includes the realization of cyber security products, services and processes. In particular, the plans of the European funding programs "Horizon Europe" and "Digital Europe" in the area of cyber security will be better coordinated. The interests of small and medium-sized enterprises (SMEs) and start-ups in particular must be taken into account in these activities.
The competence center is managed by the member states and the European Commission. A Governing Board has been set up for this purpose, consisting of members of the Commission and representatives of the Member States. The BSI represents Germany on the Governing Board. The Governing Board steers the strategic direction of the Competence Center's activities and ensures that its tasks comply with the Regulation.
In contrast to computer security incident response teams (CSIRTs) and their CSIRT networks, the competence center should not perform any operational cyber security tasks such as detecting and managing incidents. However, the center should be able to facilitate the development of digital infrastructures in the service of the economy, in particular SMEs, research communities, civil society and the public sector in line with the mission and objectives of the Regulation.
Goals and visions
One of the central objectives of the competence center is to strengthen the Union's leadership role and strategic autonomy. This is achieved by maintaining and further developing capacities and capabilities in the area of cyber security. Furthermore, the competence center focuses on increasing the global competitiveness of the cyber security industry and ensuring high cyber security standards.
The National Coordination Centers are the point of contact for the ECCC at national level. The NCCs are in turn networked with the cyber security community. This creates a network that intensifies the exchange between the member states so that possible international project partnerships can be found better and more quickly and cooperation can be established, thereby strengthening digital sovereignty in Europe. In addition, the NCCs provide expertise and support in fulfilling the strategic tasks of the ECCC.
The National Coordination Centers will promote the exchange between relevant national bodies in the research and business sector in the field of cyber security and cyber defense within the Member States. This will bundle the flow of information to the competence center in order to provide the best possible support to the respective national cyber security communities. At the same time, national interests can be placed in the European research programs in a targeted manner. Another goal of the National Coordination Centers is to promote and disseminate educational programs in the field of cyber security. This will counteract the acute shortage of specialists in this field in the medium and long term.
The European Union Agency for Cybersecurity (ENISA) is also involved, providing advice to the Competence Center and the National Coordination Centers.