Moving beyond the European Union's Weakness as a Cyber-Security Agent

Abstract: Policy and research on European cyber-security remains formative compared to leaders in the field like China and the United States. This article evaluates the European Union (EU) as a cyber-security actor, asking fundamental questions concerning the EU's combination of prominence and obscurity, especially its limitations and prospects. Who and what is going to dominate the European response to cyber-security in the future? These questions are examined within the larger framework of liberal intergovernmentalism. The EU also is compared to the North Atlantic Treaty Organization (NATO), a point of reference to further understand the limitations and challenges ahead for the EU. Two major factors limit the EU as a cyber-security actor: its intergovernmental character, and the lack of collective vision on cyber-security with the EU and between member states. To play an important role in shaping cyberspace and cyber-security, the EU cannot treat the internet as simply a communication tool or trading platform. Cooperation and capacity-building measures are needed to allow EU member states to surpass mere coordination of their respective national cyber-security strategies. To succeed as a cyber-power, the EU should adapt new and different forms of cyber-power, from the compulsory through the institutional, to the structural and productive. Otherwise, coordination of national strategies for cyber-security of EU member states is the most the EU as an actor can aim for.