At least 10 member nations of the European Union are expected by the end of the year to sign a Declaration of Intent to form multiple Cyber Rapid Response Teams (CRRTs) designed to react to major cyber-attacks, according to a news release from the Lithuanian government.
Minister of Defence officials from Lithuania, Estonia, Croatia, the Netherlands, Romania and Spain signed the Lithuania-authored declaration in a 25 June session at the Foreign Affairs Council in Luxembourg. Four more countries are anticipated to sign by year's end, including Poland next. The 25 June news release lists France and Finland as non-signing participants, and Belgium, Germany, Greece, and Slovenia as observers.
The first of the CRRTs will participate in cyber-security exercises in Lithuania in Fall 2018, the release continues. All current signatories expect to achieve initial operational capabilities by 2019.
The Declaration of Intent states that the CRRTs would "develop and deepen voluntary cooperation" by engaging in "information sharing, joint training, mutual operational support, research and development, and creation of joint capabilities."
Team members would rotate on every six months, and would be composed of specialists -- including a team leader -- from the participating countries' Computer Security Incident Response Teams (CSIRTs or CERTs) and other security institutions. Either civil or military CERTs could lend their expertise, thus giving the CRRTs versatile capabilities "that should help foster civil-military culture in cyber-domain and broaden cyber-defence concept in the EU," the declaration further states.
“Each participant would need to have a standing cyber-security unit, which could join the neutralisation and investigation in virtual or even in physical reality in the event of a significant cyber-incident,” said Raimundas Karoblis, Lithuania's minister of national defence, in the news announcement. First steps include assessing the technical and legal aspects of operating the CRRTs and exploring possibilities to finance them via EU budget, followed by joint continual exercises and the creation of cyber-defence tools.
The CRRT initiative was introduced under the auspices of the EU's Permanent Structured Cooperation (PESCO) framework for security and defense. “This is the most advanced PESCO project since its launching point and its participants are showing the real solidarity in collective defence,” said Deputy Secretary General of the EU External Action Service Pedro Serrano in the news release.