At least 10 member nations of the European Union are expected by the end of the year to sign a Declaration of Intent to form multiple Cyber Rapid Response Teams (CRRTs) designed to react to major cyberattacks, according to a news release from the Lithuanian government.
Minister of Defense officials from Lithuania, Estonia, Croatia, the Netherlands, Romania and Spain signed the Lithuania-authored declaration in a June 25 session at the Foreign Affairs Council in Luxembourg. Four more countries are anticipated to sign by year’s end, including Poland next. The June 25 news release lists France and Finland as non-signing participants, and Belgium, Germany, Greece, and Slovenia as observers.
The first of the CRRTs will participate in cybersecurity exercises in Lithuania in Fall 2018, the release continues. All current signatories expect to achieve initial operational capabilities by 2019.
The Declaration of Intent states that the CRRTs would “develop and deepen voluntary cooperation” by engaging in “information sharing, joint training, mutual operational support, research and development, and creation of joint capabilities.”
Team members would rotate on every six months, and would be composed of specialists — including a team leader — from the participating countries’ Computer Security Incident Response Teams (CSIRTs or CERTs) and other security institutions. Either civil or military CERTs could lend their expertise, thus giving the CRRTs versatile capabilities “that should help foster civil-military culture in cyber domain and broaden cyber defense concept in the EU,” the declaration further states.
“Each participant would need to have a standing cybersecurity unit, which could join the neutralization and investigation in virtual or even in physical reality in the event of a significant cyber incident,” said Raimundas Karoblis, Lithuania’s minister of national defense, in the news announcement. First steps include assessing the technical and legal aspects of operating the CRRTs and exploring possibilities to finance them via EU budget, followed by joint continual exercises and the creation of cyber defense tools.
The CRRT initiative was introduced under the auspices of the EU’s Permanent Structured Cooperation (PESCO) framework for security and defense. “This is the most advanced PESCO project since its launching point and its participants are showing the real solidarity in collective defense,” said Deputy Secretary General of the EU External Action Service Pedro Serrano in the news release.