While more and more public services become digital and mutually interconnected, the risk of major cyber-attacks or physical attacks on critical infrastructures sharply increases, potentially leading to a 'digital pandemic'. In order to increase the digital resilience in regions and cities, members of the European Committee of the Regions (CoR) have adopted during the plenary session on 30 November an opinion on the Cyber Solidarity Act and Digital Resilience, calling for concrete support from the national and European level for regions and cities undergoing the digital transition, not least to raise the cybersecurity level in smaller municipalities. , calling for concrete support from the national and European level for regions and cities undergoing the digital transition, not least to raise the cybersecurity level in smaller municipalities.
Increasing Europe's cybersecurity
Cyber-attacks occur frequently and increasingly, and the public administration sector is the most targeted in terms of number of incidents. In their recommendations put forward, local and regional leaders stressed that in order to achieve the goal of a digitally resilient Europe, it is essential for politicians and the public to recognise the sharing efforts on cybersecurity. Therefore, all levels of government need to join together to raise awareness and develop protective policy guidelines that target digital attacks.
The rapporteur Pehr Granfalk (SE/EPP), Member of Solna Municipal Council, underlined that "Cyber resilience can be strengthened too by streamlining and fully implementing existing legislation, including the application of certification schemes throughout the supply chain of critical infrastructure components, by introducing common cyber-security standards and trainings."
In this light, the opinion calls for appropriate financial, technical and upskilling efforts to raise cybersecurity levels and ensure stronger capabilities to detect, analyse and process data on cyber threats and incidents at local and regional level. The current lack of clear incentives and processes for municipalities and regions to be active partners in strengthening digital resilience represents a risk for the Union and it is therefore crucial to address this gap and integrate regions and cities in increasing the EU's cybersecurity. Various degrees of maturity regarding protection and security measures show significant differences between national and regional authorities. Reducing these differences and ensuring that all players involved have relatively equal abilities and ambitions is key to create an environment in which municipalities and regional can be integrated and active partners in increasing the EU's cybersecurity.
Skills and collaboration vital to cope with cyber incidents
Local and regional authorities suffer from a severe shortage of personnel that can handle cyber-attacks. CoR members therefore called for a clear strategy to specifically strengthen municipalities and regions with fewer resources and made clear the need for skills and for their funding to attract professionals and promote training on cyber-security. Local and regional authorities play a vital role in in building digital resilience, supporting each other by carrying out awareness-raising campaigns, sharing best practices and exchanging expertise. An inclusive digital and green transition in urban and rural areas will only be achieved if everyone has access to the necessary digital infrastructure and every region has effective and innovative digital tools. By promoting research and innovation, public- and private-sector leaders should collaborate to build practical roadmaps for collective resilience.
The rapporteur said: "In the era of 'permacrisis' with climate change, recovery from the pandemic, the ongoing Russian aggression against Ukraine, high inflation and unprecedented pressures on public expenditure and public investment, it can be difficult for policy makers to justify investments in network security, but a proper functioning cybersecurity framework and secure communication infrastructure are absolutely fundamental!".
More information:
The EU Cyber Solidarity Act , proposed by the European Commission on 18 April 2023, aims to strengthen capacities in the EU to detect, prepare for and respond to significant and large-scale cybersecurity threats and attacks. The proposal includes a European Cybersecurity Shield, made of Security Operation Centres interconnected across the EU, and a comprehensive Cybersecurity Emergency Mechanism to improve the EU’s cyber posture.
The CoR published a study in April 2023 which investigates the state of play of digital resilience across local and regional authorities in the EU and examines the solutions and funds being used at the subnational level to strengthen this resilience. More information here.
The CoR, together with ESPON, has in October launched the LORDIMAS tool, which will serve those in charge at regional, municipal and city level to benchmark their digital maturity against that of their peers. When entering their data, they will receive targeted policy recommendations on how to speed up the digital transformation of their region, village or city. Click here for more information.