Securing Europe’s Defence: Enhancing Defence Industrial Base Cybersecurity Maturity in the Face of New Defence Industrial Strategies (S22a)
The European Commission’s announcement of the first-ever Defence Industrial Strategy (EDIS) and new Defence Industry Programme (EDIP) on March 5, 2024, aims to bolster Europe’s readiness and security by strengthening the European Defence Technological and Industrial Base (EDTIB). This includes significant investments in expanding defence production capabilities, such as new facilities, industrial lines, and efficiency improvements. With increasing focus from threat actors on the military and defence industry in cyberspace, ensuring cybersecurity within this complex ecosystem is paramount. EDIP and EDIS present an opportunity to enhance the cybersecurity maturity of military and defence contractors involved in their implementation. It is crucial for the European Commission and EU Member States to enforce high cybersecurity standards in these projects, especially those receiving EU financial support. This talk explores methodical and normative solutions for enforcing cybersecurity practices among EDTIB contractors and subcontractors participating in EDIS and EDIP. Examples include the Cybersecurity Maturity Model Certification (CMMC) 2.0 for protecting sensitive unclassified information and the US Department of Defence Risk Management Framework (RMF) for securing industrial control systems in defence facilities. By adopting such frameworks, Europe can establish new defence market standards and safeguard investments in enhancing EDTIB, aligning with significant EU and NATO defence plans.
Agenda:
• Key assumptions of EDIP and EDIS and their impact on cybersecurity challenges for the European Defence Technological and Industrial Base (EDTIB)
• The European Defence Technological and Industrial Base (EDTIB) ecosystem
• Case Study 1: CMMC – A normative and methodical framework for enforcing cyber and information security practices. The Cybersecurity Maturity Model Certification (CMMC) 2.0, driven by the US Department of Defence, aims to elevate awareness and enforce protection of sensitive unclassified information shared with contractors and subcontractors.
• Case Study 2: RMF – A normative and methodical framework for securing facilities and control systems (OT). The US Department of Defence Risk Management Framework identifies, assesses, and manages cybersecurity risks and vulnerabilities in defence facilities and installations.
• Key considerations and takeaways for EDTIB
