Andrius Kubilius, the new European Commissioner for Space and Defense, delivered a talk during this year’s EPC annual conference where he reinforced that defense is a priority in the new EU agenda, going as far as saying that the EU must be ready for the most extreme contingency stages (i.e., member states need to be ready for military aggression). Not that this is a desired scenario, but the fact that a major armed conflict is happening in its neighboring territory (i.e., the Ukraine war), alongside the growing rivalry and military power of US, Russia, and China, makes it very clear that the security issue is at an urgency state.
As Kubilius reinforced, a new white report is to be published within the first 100 days of his mandate, which will highlight EU defense priorities, address strategies to grow its own capabilities in terms of military preparedness (including an industrial output plan, considering NATO’s defense plans currently under revision) and formulate on feasible avenues to raise funding for defense investments.
Global geopolitical tensions impacting Telecom compliance
On 05 December 2024, amidst the growing concern by EU political leaders over global geopolitical tensions, the US Federal Communications Commission (FCC) released a public response about the implications of the Salt Typhoon cyber attack on US telecommunication networks. Salt Typhoon is the name given to a Chinese state-sponsored hacker group that infiltrated the infrastructure of at least eight US communications companies and tampered with communication data from senior government officials. It has also been reported that the operation has impacted dozens of countries. [1] In its response, the FCC stated that they are “taking decisive steps to address vulnerabilities in U.S. telecommunications networks” and that “these measures aim to safeguard critical communication infrastructure and ensure national security.” [2]
The measures presented by the FCC indicate new legal obligations ahead to telecommunications carriers. [3] As stated, a new ruling notice circulated by the FCC proposes new annual certification requirements around cybersecurity risk management by the carriers. Moreover, the agency is inviting public comment on i) “expanding cybersecurity requirements across a range of communications providers” and ii) “identifying additional ways to enhance cybersecurity defenses for communication systems”. In the document, the FCC reinforced that telecommunications networks are critical to national security and defense, public safety, and economic security.
Europe’s New Cyber Defense Agenda: A Preparedness Union
In its new Political Guidelines for 2024-2029, the European Commission proposed the creation of a “Preparedness Union”, a policy initiative designed to strengthen Europe’s crisis and security preparedness in response to escalating global geopolitical tensions and security threats. The proposal highlights the critical role of digital infrastructure in safeguarding national security and economic stability. To this end, the Commission prioritizes the strengthening of EU cybersecurity and defense capabilities and the creation of a trusted European cyber-defense industry through coordinated national efforts. These efforts will complement broader measures to enhance deterrence against hybrid attacks and expand the EU’s sanctions framework to effectively counter cyberattacks.
Commissioner Andrius Kubilius’s emphasis on military preparedness and the need for improved defense capabilities also reflect the urgency of addressing both conventional and hybrid threats, including cyberattacks. The EU’s focus on strengthening its cyber-defense industry aligns with the lessons from the Salt Typhoon cyberattack in the US (along with many examples experienced during the Ukraine war), where vulnerabilities in critical infrastructures have become increasingly exploited as offense tactics in international conflicts. This demonstrates the importance of coordinated national cyber efforts at the EU level, while anticipating the potential for new regulatory measures targeting specific industries, including telecommunications. Hence, the EU’s emphasis on securing critical infrastructures – added to lessons observed from emerging international conflicts – may lead to the introduction of more comprehensive cybersecurity standards that, while aimed at mitigating risks from external threats like espionage and cyberattacks, could impose significant compliance obligations on telecommunications providers, increasing their operational and financial burdens.
[1] Source: https://www.wsj.com/politics/national-security/dozens-of-countries-hit-in-chinese-telecom-hacking-campaign-top-u-s-official-says-2a3a5cca.
[2] Source: https://docs.fcc.gov/public/attachments/DOC-408015A1.pdf.
[3] It has also been reported that, after a closed-doors briefing, US Democratic Senator Ron Wyden was working on a new draft legislation on this issue. Source: https://www.reuters.com/world/us/us-agencies-brief-senators-chinese-salt-typhoon-telecom-hacking-2024-12-04/.
Discover more from Aldeota Global
Subscribe to get the latest posts sent to your email.
Aldeota Global 