Mr. Juhan Lepassaar:

I need to emphasise that the EU Agency for Cybersecurity is an Internal Market agency. We do not deal with national security directly. Of course, in the domain of cyberspace civilian security and defence matters overlap to a certain extent. That was also the premise of the Commission's proposal to establish a joint cyber unit. The name is a bit misleading because no structured unit will be established. Rather it is foreseen as a collaboration platform or a co-ordination framework so that different actors who deal with cybersecurity at the EU level, first and foremost, co-ordinate their activities for the benefit of the member states. For example, ENISA has a mandate to establish synergies when it comes to operational co-operation in cybersecurity at EU level between different EU actors. Let us imagine the situation whereby there is a crisis that involves a certain sector which is deemed a critical sector at EU level. Of course it is the member states which are in charge of the response but they may need assistance. The EU will then co-ordinate assistance to members states. It could be the agency I am in, it could be Europol or it could be a specific agency in the sector such as the European Union Agency for Railways for the railway sector or the European Maritime Safety Agency for the maritime sector, or the European Banking Authority for the financial services. We all have one bit of cybersecurity in our mandates. To be useful for the member states in these terms, and not only to respond to crises but to prepare for crises and understand the situation and create a common situational awareness, these different bodies of the EU need to collaborate and co-ordinate their activities better so that one plus one plus one does not equal only three, but five. That is the premise of the joint cyber unit.

Of course the European Defence Agency has a very important role to play when it comes to raising the capacity of member states in terms of defence and cybersecurity capacities. Again, as I said at the beginning, we also need to respect each other's domain of action and ENISA is, first and foremost, the cybersecurity for the Internal Market.