The Solution is in the Details: Building Cybersecurity Capacity in Europe

This paper uses theoretical and empirical methodologies to answer the question on how the 2020 Cybersecurity Strategy, launched by the European Union (EU), should be implemented to ensure cybersecurity capacity building internally and externally. Accomplishing the aims of the 2020 Strategy will require a balancing of national and supranational direction across member states to meet both their national cybersecurity priorities and their commitments with the European Community. In this regard, the paper presents recommendations arising from a research project examining how cybersecurity capacity building activities could help support the delivery of the 2020 European Union Cybersecurity Strategy internally across its member states and externally across the EU partners, while promoting the Paris Call for Trust and Security in Cyberspace.

The authors use data on cybersecurity capacity for above 80 countries to test whether the empirical evidence supports the hypotheses. Regarding building capacity internally, they find that the 2020 Strategy should prioritise social and cultural aspects of cybersecurity to booster the effects of investing in the core national capacities required in it. Moreover, they find that countries more mature in cybersecurity capacity are more likely to have states supporting the Paris Call, and this evidence suggests that the EU efforts in building capacity externally can support the advancement of the Principles of the Paris Call. Finally, they propose a flexible framework for capacity building that would enable states to progress in achieving broad principles and collaborating in operational cybersecurity functions to achieve a common aim, without necessarily needing to agree on the details of their implementation.