Mr. Olli Ruutu:

With regard to preparedness, our focus is on building a collaborative approach and collaborative opportunities for cyberdefence capabilities. I gave the committee a few examples of different projects. We try to structure and find common interests for cyberdefence capabilities. As we move to the next generation of defence capabilities and our co-operation on them, we need to pay systematic attention to make sure that cyberdefence-related aspects are considered.

From our perspective, we are in intergovernmental agency within the European Union. We help the member states to build their capabilities and come together, for example, through the Cyber Ranges Federation project where we are able to test together how our readiness, detection and responses to cyber threats are developing in the defence domain. We also have the co-operation of the military CERTs to test this and simulate what types of options and means of responding we would have at a national level and in consultation.

The committee will also be aware of the joint cyber unit, the establishment of which was a Commission recommendation. It is also referred to in the European Union cybersecurity strategy. Here, the aim is to increase the usability to cope with large cyber incidents by promoting co-operation across the different cyber communities. The recommendation includes the defence community as one of the four communities. There are also the civilian, law enforcement and diplomacy areas, although I note also the specificity. We are now working on how to engage the defence community to receive feedback on how it wants to be engaged in this wider effort.

While the European Defence Agency is not directly involved in cyber incident management, we are ready to be associated with the efforts designed at increasing overall preparedness, including the development of specific tools and capabilities which will benefit the cyberdefence community. That is a process on the joint cyber unit that has led to the discussion by the Commission, together with the member states and other actors in the area. Our way to support preparedness is to have collaborative approaches for the development of national capabilities, and then to network those.

On cybersecurity and cyberdefence, I have outlined what we do mainly on cyberdefence. We have a prioritisation framework, which means that we want to look at what European defence requires over the long term, what capabilities are key for our ability to act and prepare European Union member states' interests over the longer term, and how to invest in cyberdefence capabilities in order that our still limited resources - even collectively - would be used in the best and most effective possible way. We offer a platform for collaboration on cyberdefence capabilities, which is where we are active. Technologically, the line between pure cybersecurity and cyberdefence is often not that clear, but we want to make sure that the co-operation within the agencies framework by defence sectors is raising our industrial technological level and that there is an active engagement and networking with cybersecurity actors who would do that more from the civilian perspective. In any event, our approach is based on cyberdefence capability development in that sense.

On the issue of interference, we are not working actively on that or on incident management as such. We are preparing the capabilities for member states to be able to do so first and foremost in the defence field. The Deputy asked whether it was one of our areas of focus and he cited election interference as one example, among others. We are part of the European Union effort to be more capable technologically, now and in the long term, to withstand pressure that is being seen in this area. Our mandate is to work on defence capabilities and cyber capabilities to that extent. Perhaps Mr. Roehrig will add to that.