EOS White Paper. Towards Holistic European Security and a Competitive European Security Industry

Transcription

1 EOS White Paper Twards Hlistic Eurpean Security and a Cmpetitive Eurpean Security Industry EOS supprt t the Cmprehensive Assessment f the EU s Security Plicies June 2017

2 Frewrd The Eurpean Organisatin fr Security (EOS) is the vice f the Eurpean Security Industry in Eurpe and beynd. Our gal is t assist in creating a secure Eurpe, develp a harmnised market and enhance the cmpetitiveness f Eurpean security slutins. With ver a decade f experience advcating n behalf f the Eurpean Security Industry, successfully prmting a strnger, mre streamlined dialgue with EU Institutinal stakehlders, EOS is delighted t cntribute t the Eurpean Cmmissin s cmprehensive assessment f EU Security Plicy. The purpse f this paper is t utline the Eurpean Security Industry s bservatins and recmmendatins twards achieving a strng Eurpean Industrial Security Plicy and Eurpean Capacity R&I funding scheme, taking int cnsideratin cmmn threats and challenges. We aim t prvide the Eurpean Cmmissin with suggestins and feedback n relevant industry plicies as well as the prgress f research and develpment prjects, but als elabrate n present and future capability and capacity needs. The Eurpean Security Industry (including Research Centres and Universities) represented by EOS, has wrked and is wrking in cperatin with Natinal, Eurpean and Internatinal institutins and users t imprve ur security, while lking fr an increased level f cmpetitiveness and fcussed investments. At EOS, we cver all aspects f the security sectr: Cybersecurity; Integrated Brder Management Brder (land, sea, check pints) and Migratin; Fighting Terrrism & Crime; Prtectin f Critical Infrastructure and Services; Crisis Management (including Civil Prtectin); Hybrid Threats (fcus n civilian - dual issues); and Security Detectin Technlgies. Mst f these areas are tackled bth frm the Research & Innvatin perspective as well as with regard t different aspects f industrial security plicy (e.g. standardisatin, certificatin, investments, SMEs, training, etc.). Since ur inceptin, EOS has advcated fr a cmprehensive apprach t Eurpean Security, and a better strategy, develped in Public-Private cperatin and with mre fcused investments, fr research, deplyment and use. EOS has prpsed such a slutin in tw f its Flagship initiatives n Integrated Brder Management and Cybersecurity, where ptential jint actins have been identified as critical fr imprving the relatinship between the Eurpean Cmmissin and the Eurpean Security Industrial Base. EOS is the funder, and runs the secretariat f ECSO (the Eurpean Cyber Security Organisatin, supprting the cppp): thanks t this experience we have tday a better view f the challenges and pssible slutins fr an effective public private cperatin in security. This apprach is all the mre relevant tday as we lk twards an increased level f Eurpean svereignty as well as technlgical and industrial autnmy in certain strategic and/r sensitive areas f EU security. Luigi Rebuffi CEO Eurpean Organisatin fr Security 10 Rue Mntyer, 1000 Brussels. EOS is registered n the EU Transparency Register: E O S W h i t e P a p e r n E U S e c u r i t y

3 Intrductin Twards Hlistic Eurpean Security and a Cmpetitive Eurpean Security Industry In recent years, Eurpe has cnsiderably imprved its security strategy, particularly regarding areas such as brder management and cyber security, but majr crises (terrrism, migratin, cyber-attacks, natural disasters) have put a strain n its capacity fr a cllective and adequate respnse. Mst f these threats are interdependent and require a cmprehensive Eurpean apprach. We acknwledge the significant evlutin f Eurpean security framewrk ver the last ten years, but we urge plicymakers t establish a mre cnslidated apprach that wuld facilitate dialgue between natinal authrities, the EU, and industry t build mre resilient scieties. We believe that a strng Eurpean Security Industry can prvide thse slutins and prcesses t address current and future challenges in Eurpean security. Hwever, tday, a cmprehensive Eurpean capability fr EU Security is still in its infancy and a Eurpean industrial plicy fr security has yet t be fully realized. In the current plicy framewrk, we bserve many gaps, which create a fragmented market and reduce industrial cmpetitiveness. In mst aspects, the previus EU Security Industrial Plicy has nt effectively addressed industry cncerns, and mst f the tpics in its actin plan have yet t be implemented. Market fragmentatin remains high at bth the plitical and ecnmic level. The Eurpean security industry is ften mre fcused n the mre attractive nn-eu security markets, than the internal market, prviding nly a limited cntributin t the develpment f cmmn Eurpean slutins. Withut an apprpriate industrial strategy and incentives fr industry, this divisive market apprach will nt change. There is a lack f strng partnerships between the EU and MS Institutins and the Eurpean security industry. A Eurpean security industrial base is missing, and effrts t build a strnger dialgue with EU Institutins has ften received significant criticism frm certain press and NGOs. In terms f security research, H2020 has helped prvide slutins t sme f Eurpe s emerging security challenges, but ensuring the cmpetitiveness f EU industry has nt been a pririty due t evlving scietal cncerns. In February 2004, a Cmmissin Decisin was adpted n the implementatin f the Preparatry Actin n the Enhancement f the Eurpean Industrial ptential in the field f security research. It was an ambitius first step. Hwever, effrts t grw Security Research in H2020 have mainly been managed within the Secure Scieties framewrk. This specific framewrk aims t strengthens the psitive impact f technlgies twards sciety, but at the same time challenges the ecnmic and market impact. The Cmmissin has identified the imprtance f technlgy in security and the need fr a cmpetitive Eurpean security industry in: - Cmmunicatin n Security Industrial Plicy, Eurpean Cmmissin (2012): We need t be aware f the fact that n technlgy will ever guarantee a 100% security, but at the same time, n security cncept is thinkable withut the adequate technlgies. A cmpetitive EU security industry is the cnditin sine qua nn f any viable Eurpean security plicy and fr ecnmic grwth in general. - Cybersecurity Strategy f the EU (2013): There is a risk that Eurpe nt nly becmes excessively dependent n ICT prduced elsewhere, but als n security slutins develped utside its frntiers. It is key t ensure that hardware and sftware cmpnents prduced in the EU and in third cuntries that are used in critical services and infrastructure and increasingly in mbile devices are trustwrthy, secure and guarantee the prtectin f persnal data. - Interim Reprt by the Chair f the High-level expert grup n infrmatin systems and interperability (2016): Technlgy and infrmatin systems fr law enfrcement, if implemented in cmpliance with data prtectin principles, can help public authrities t prtect fundamental rights f citizens. 3 E O S W h i t e P a p e r n E U S e c u r i t y

4 The situatin is different in the US, as we can see in the summary f the latest reprt f the US DHS n its R&D strategy (see belw). T ensure Eurpean security, the Eurpean Agenda n Security needs t vercme the challenges faced by its stakehlders as they cperate within the plicy framewrk. Cperatin and jint actin is necessary t prmte security, but its prerequisite is an pen dialgue fr the cnstructin f a viable agenda. We believe that nly with a multi-stakehlder dialgue it is pssible t prgress and prepare an effective strategy fr the future. Fr the future, EOS wuld welcme strnger public private cperatin, where EU and Member State (MS) institutins will supprt the creatin f a strng Eurpean Security Industrial Base, as they are ding in the defence sectr, where EU and natinal funds will be used t develp, deply and use Eurpean slutins. EOS White Paper n Security This White Paper draws upn the results f discussins held n 15 th May 2017 at a High-level Meeting between the Eurpean Cmmissin and the Security Industry, which addressed the pririties and implementatin f the Eurpean Agenda n Security and f the Security Unin, as well as a new Eurpean Security Industrial Plicy. Furthermre, it sets frth recmmendatins fr future actins, in the shrt term (t be implemented befre the end f the present EC mandate i.e. 2020) and in the lnger term thrugh the upcming MFF (Multiannual Financial Framewrk: budgetary and strategic assumptins fr pst-2020, the discussins f which are starting nw). The industry recmmendatins utlined in this paper als draw upn the results f an EOS survey cnducted in early 2017, which gathered industry feedback n the EU Security Strategy, H2020 research activities and the 2012 EU Security Industrial Plicy. EOS has als leveraged industry perspectives frm previus White Papers shared with the Eurpean Cmmissin in 2016, as well as findings frm the implementatin f ECSO, the Eurpean Cyber Security Organisatin, fr which EOS is prviding Secretariat supprt. The White Paper is divided int fur sectins: - Sectin 1 establishes the Eurpean Security Industry s Glbal Visin fr the future and the bjectives twards which is needs t wrk in rder t ensure a viable future fr itself; - Sectin 2 utlines the Glbal Strategy we believe will be essential fr prviding a cperative framewrk fr EU stakehlders t deliver upn Eurpe s security gals; 4 E O S W h i t e P a p e r n E U S e c u r i t y

5 - Sectin 3 prvides and initial view n mre immediate actins that industry and plicy stakehlders might undertake in the shrt term t reinfrce capabilities and cmpetitiveness in specific Eurpean Security Sectrs; - Sectin 4 prvides a series f lnger term appraches per security sectr, based n a sectr analysis. 1. Our Hlistic Security Visin 2027 The feedback and recmmendatins presented within this White Paper are elabrated with a lng-term visin fr the Eurpean Security in mind. This visin fresees a series f key gals t be achieved by the end f 2027: In 10 years, Eurpe will have implemented the cncrete bjectives f its Industrial Security Plicy and will have cnsiderably increased its strategic autnmy in all security dmains; A Eurpean Cmmissiner, dedicated t the EU Security Plicy and supprted by a dedicated DG, will crdinate budget spending in the transversal sectrs; The Eurpean Cmmissin will have significant investment capabilities, directly r via its agencies r bdies; The EU Security Industrial Plicy will ensure the crdinatin f Eurpean Cmmissin R&I funds as well as Structural / Reginal funds and the ISF, fcussing n few main Eurpean pririties (fllwing agreement with the EP, Cuncil and Cmmissin). These pririties shuld include security fr the digital transfrmatin f sciety, integrated brder cntrl, the fight against terrrism and crime as well as resilience t natural catastrphes, and fr the prcurement f Eurpean slutins; A Public Private Platfrm n Eurpean Security, gathering cmmitted security stakehlders (users and suppliers), will be created (leveraging upn the PPP experience f ECSO), tackling the different aspects f R&I, Security Industrial Plicy and fstering dialgue and trust between stakehlders in thse areas, which are still nt cvered by Public Private apprach (see fr example the issue f cybersecurity with ECSO and its ptential evlutin int a kind f Jint Undertaking). The FP9 (fllwing H2020) will have adequate budget t cver future research, innvatin and validatin issues with tls and prcedures better suited t the specific needs f Eurpe s evlving security envirnment. The Unin, tgether with its MS, will have identified a list f technlgies / sectrs t master and prmte the grwth f technlgical and industrial strategic autnmy at the EU level. The list will be regularly updated by a Eurpean bservatry f svereign security technlgies. Eurpean regulatins will prmte prcurement f svereign security technlgies and will cntrl technlgy transfer as efficiently as dne in the US r in China. Freign (nn-eu) investments in svereign technlgies will fllw a regulatin allwing a Eurpean technlgical and industrial strategic autnmy. A Eurpean NIST (Natinal Institute f Standards and Technlgy) will be created, particularly fr the prtectin f critical infrastructure and sensitive netwrks. A Eurpean Security Single Market will be created, leveraging Eurpean labels and a strng certificatin framewrk, t be recgnised at internatinal level (e.g. ISO). Sme cre cmmn capacity building prgrammes will be created at Eurpean level arund key pririties and supprted by EU funds. 5 E O S W h i t e P a p e r n E U S e c u r i t y

6 2. Our Hlistic Security Strategy: A Eurpean Security Industry Develpment Prgram T achieve ur Visin 2027, a strategic partnership needs t be established between users and slutin prviders, between the Eurpean Security Industrial Base, Member States and the Eurpean Unin, within the framewrk f the Eurpean Agenda n Security and the current develpment f an EU Security Unin. The Eurpean Security Industrial Base is the natural partner fr the design, develpment and implementatin f slutins t address user s needs, fr enabling technlgical advantage and guaranteeing strategic autnmy. A ptential mechanism t d s culd be the adptin f an EU Security Industrial Develpment Prgramme. Cnsequently, we ask the Eurpean Cmmissin t trigger all necessary means t define a Security Industry Develpment Prgramme, the main gals f which shuld be: T develp strategic guidance fr the adptin f cmmn legislative measures based n Industrial cmpetitiveness, which deliver effective and innvative insights, methds and slutins fr the critical needs f the Eurpean Security Industry, and ultimately supprt the capability pririties as jintly agreed by Member States within the JHA Cuncil. T define a technlgy-based capability develpment radmap the EU shuld identify innvative technlgies, standards, certificatins, educatin, training, etc. It shuld als explre the ptential synergies and similarities with the defence sectr (funding mechanisms, shared technlgies, etc.). T fster the Unin s strategic and industrial autnmy as a catalyser fr mre systematic internal security cperatin amng Member States. T enhance the cmpetitiveness and innvatin f the Eurpean Security Industrial Base by prmting a cllabrative undertaking t: Set up innvative mdels f gvernance (security is a dmain very different frm cmmercial r prfessinal markets) and give cherence t existing financial resurces. Maintain sustained investment in research and capability develpment, as well as fill the gap t market thrugh new mdels f strategic innvatin, supprting bth fresight methdlgies and peratinal capabilities that can respnd t the changing threat envirnment and evlving risk scenaris. Maintain sustained investment in capacity building fr Member States t cver thse security gaps that culd affect the verall Security f the Unin. Prvide supprt t peratinalisatin and harmnised use f technlgies fr higher security efficiency, while respecting human rights. Analyse and develp all specific actins, such as the pling f demand and develpment f standards and certificatins, which shuld cntribute t create a truly Eurpean security market that encurages a strng and stable industrial base in the lng term. 6 E O S W h i t e P a p e r n E U S e c u r i t y

7 3. Our Shrt Term Sectrial Recmmendatins EOS and its members have identified a series f Quick Wins, r recmmendatins fr actin that culd reinfrce the EU s Security plicy framewrk and cperatin with a cherent and cmpetitive Eurpean security industry. These actins culd be rlled-ut by the end f the current Cmmissin s mandate. Integrated Brder Management: Creatin f a Public Private Platfrm fr increased dialgue and crdinatin in research, deplyment and use f innvative slutins with a cmprehensive apprach (e.g. EES), as well as fr peratinal definitin f new tls (e.g. ETIAS). Member States facing intense pressure at the external brders f the EU shuld cntinue being equipped with a full range f capabilities with flexible and mbile packaged systems and services in htspts fr: Surveillance, and Search and Rescue Identificatin, Screening and Registratin Capacity Building and Migratin Management The abve slutins shuld allw fast decisin-making t manage massive, mixed flws, with interperable slutins (multi-natinal, multi-agency), clear prcedures and immediate access t data frm and t the htspts (See recent adptin by the Cuncil f the Regulatin amending the Schengen brders cde.) Cybersecurity: Build n the successful beginning f the EU cybersecurity cppp and the ECSO, increasing its representatin and impact n the Eurpean market, in cperatin with Cmmissin Services and ENISA. Definitin and implementatin f an EU Certificatin Framewrk, adapted t specific sectral needs, t prtect the grwth f the EU Digital Single Market and the security f the Unin. Creatin f a Eurpean Netwrk t fster and harmnise Educatin, Training and Awareness fr citizens and prfessinals, t facilitate market grwth and jb creatin, as well as infrmed prcurement and use f trusted slutins and services. Research & Innvatin: Adpt tpics fr Security R&I Wrk Prgramme that are relevant t the Security Unin bjectives and supprtive f a new Security Industrial Plicy, t enhance EU s security and industry cmpetitiveness. Cnsider priritising R&I int technlgies that increase Eurpean strategic autnmy (nt nly digital autnmy). Establish pilts t validate existing detectin technlgies, including users / peratrs, particularly in the transprt sectr and urban envirnment (als linked t secure and smart cities) fr imprved threat / crisis management. Start preparatin f a cmprehensive R&I strategy fr FP9 with clser links between the Prgramme Cmmittee (Cmmissin and MS) and the Private Sectr (beynd the EC Advisry Grup) in a PPPlike cnfiguratin, fr all security R&I issues. 7 E O S W h i t e P a p e r n E U S e c u r i t y

8 Specific rules fr Security R&I in FP9 shuld cnsider: That the security sectr is nt a traditinal cmmercial market in view f the sensitive svereign nature f sme f its technlgies; That funding shuld be tied t the specific market cnditins f the security sectr; Efficient instruments shuld be develped t link R&I funds t prcurement funds further. Hybrid Threats Initiate a Public Private (users and suppliers) dialgue fr the identificatin f peratinal needs and pssible slutins t hybrid threats, fr civilian and defence issues (als including dual use technlgies). Cunter Terrrism Creatin f an EU Public-Private Platfrm fr Infrmatin Sharing / Digital Intelligence fr a mre effective fight against terrrism and crime. The platfrm shuld leverage recent analytics methds and identify areas fr effective cperatin and infrmatin exchange at Eurpean level, while aviding natinal svereignty issues, such as establishing dialgue with the Eurpean Cunter Terrrism centre at EUROPOL. Harmnised EU cmmunicatin tls fr better infrming citizens and relevant stakehlders abut emergencies and crisis situatins. Mre efficient use f scial media in intelligence gathering, by creating guidelines fr their use by security practitiners. New Security Industrial Plicy Creatin f a new EU Security Industrial Plicy mre suited t the needs f the Eurpean Security Industry, rather than being submitted t plitical cnsideratins. A renewed EU Security Industrial Plicy shuld address a range f industry cnsideratins: Standards, Regulatins / Legislatin and Certificatin (fr all security sectrs) Technlgy autnmy; trusted supply chain Investments: link between R&I funds and investment funds (EU, natinal, reginal) Better links between industry, SMEs and Research / Universities Training, Awareness, and Simulatin Dual use / Hybrid Threats Cmprehensive R&I strategy Creatin f a Eurpean NIST, beynd the smetimes cmplex administrative appraches f the EC JRC r f EU standardisatin bdies. This bdy wuld crdinate Eurpean standardisatin and certificatin activities in the varius security sectrs, while als prviding, in crdinatin with ther EU Agencies and Bdies, better visibility n available and trusted slutins t current threats. Public - Private Platfrm n Security (in general) and high-level Public-Private Dialgue t supprt the Eurpean Security Industry Develpment Prgramme Extend participatin in the Eurpean Cmmissin Task Frce fr the Security Unin t representatives f the private sectr - at least initially as bservers. 8 E O S W h i t e P a p e r n E U S e c u r i t y

9 Wrk twards the establishment f a Public - Private Platfrm n Eurpean Security by 2020 t better define R&I strategy, fcus investments, harmnise educatin and training, facilitate implementatin f standards and (certified) slutins accrding t EU legislatins / guidelines. Regularly (at least nce per year) gather high-level representatives frm the EU security industry tgether with EU and MS high-level representatives fr a Security Cuncil t review and advise n implementatin f security plicy and cnslidate the cmmitment f EU industry twards pririties f the future MFF. Investments must fcus n prducing real market riented slutins that cncretely address Eurpe s security challenges. 4. Our Lng Term Sectrial Appraches Based n a cmprehensive series f analyses f key Eurpean security sectrs, EOS and its members utline belw the challenges faced by each sectr in delivering against the gals f the EU Security Unin framewrk, as well present sme initial thinking n the mst viable means t effectively address these challenges tgether with plicymakers and ther stakehlders ver the lnger term. The ideas presented herein are a first step in the lng-term develpment f Eurpe s security architecture and the rle f the security industry within it. EOS welcmes the pprtunity t further shape these ideas alngside EU security stakehlders and jintly address sme f the utstanding questins in Eurpean Security plicy and practice. A. Integrated Brder Management / Migratin 1.0 Sectr Analysis The Cmmn External Brder is a fundamental cmpnent fr a smth functining Single Market as well as the resilience f ur cmmunities. External brders are the critical spt fr data acquisitin, retrievals, infrmatin sharing, analysis and checks. Knwing wh is entering the EU and under which cnditins is essential fr effectively managing migratin flws. Technlgy and infrmatin systems fr brder management and law enfrcement can help public authrities prtect fundamental rights f citizens an issue that deserves mre attentin and emphasis. But these slutins can als be a secnd-t-nne tl t enhance cperatin in the fight against terrrism and rganised crime. Securing EU cmmn external brders, hwever, can nly be achieved thrugh a cmmn effrt. Systematic cperatin between authrities, cmprehensive crdinatin between all stakehlders and a strng cmmitment frm all layers f ur sciety are key. The EU was created t cpe with these challenges and t prvide strategic added-value thrugh Eurpean-scale prjects, fstering cperatin, harmnizatin and infrmatin sharing. The latest view n the specific challenges f this sectr are defined in the COM (2016) 205 final n Strnger and Smarter Infrmatin Systems fr Brders and Security 1, where 3 main actins are identified: T imprve the existing infrmatin systems T develp additinal infrmatin systems Address the interperability challenge 1 EES/cmmunicatin_n_strnger_and_smart_brders_ _en.pdf 9 E O S W h i t e P a p e r n E U S e c u r i t y

10 Accrding t the Bratislava Radmap (16 Sept. 2016) 2 there are 3 strategic cncrete initiatives in the Security / Brder Management field (which align perfectly ur prpsed apprach fr an integrated brder management utlined belw): Operatinalise the new EBCG (Frntex) Establish EES (Entry Exit System) fr recrding the mvements f nn-eu citizens at the EU external brders Create an ETIAS t determine wh will be allwed t travel t the EU Brder management is ne area where EU plicies are verlapping. The mst imprtant are the migratin and asylum plicy, the internal security plicy, the CFSP (Cmmn Freign and Security Plicy), and the develpment and humanitarian aid plicies, amngst thers. Brder management appraches have s far been reactive rather than practive, but significant imprvements in plicies and slutins are currently nging, such as the ETIAS (Eurpean Travel Infrmatin and Authrisatin System), the PNR (Passenger Name Recrd) and the tls these prvide. Hwever, the crdinatin between relevant stakehlders, bth inside and utside Eurpean brders, has nt been sufficient. Fr several years, the Eurpean Security Industry has requested a strnger and mre pen dialgue between all stakehlders t maximise results. When natinal security needs and requirements are nt sufficiently discussed in advance with industry, slutins cannt always address requirements effectively. Recent events have increased awareness at bth plitical and scietal levels f the need fr urgent cllective actin. T safeguard an area withut internal brder checks and a cmmn external brder, the implementatin f a cmprehensive cmmn plicy t integrate and mdernise all capabilities fr brder security management is needed. Such evlutin f peratinal needs shuld be supprted by cntinuus investment, yet investment in research and capacity building remains limited. Tday s pririties shuld therefre fcus upn intensifying peratinal cperatin while using the full ptential f technlgical innvatin, and ensuring the EU receives the best value fr mney. Only a Eurpean Integrated Brder Security apprach, leveraging innvative capabilities and with sufficient deplyed capacities, will prvide an adequate answer t tday s brder security challenges and threats. 1.1 Smart Brders The Smart Brders cncept is the crnerstne f an Integrated Brder Management Platfrm. It is lgical that if the EU wants t secure its external brders, it needs t take advantage f the ptential fr digital transfrmatin in this field. The apprpriate technlgy t address this issue already exists. Our members, wrld leaders in the bimetrics dmain, have successfully participated in Eurpean Cmmissin pilts, and slutins are ready fr deplyment. Technlgies in this dmain culd well cntribute t mitigate certain issues linked t the migratin crisis when used in htspts. Fr years ur industry has invested in these technlgies, but plitical and administrative delays are negatively affecting the implementatin. Initiatives frm the Eurpean Cmmissin aimed at develping new IT systems, like EUROSUR, EES, ETIAS, ECRIS, a centralised Single Search Interface, Bimetrics Matching Systems, Interperability, Centralised Intelligence Analysis Platfrms, etc are either in prgress r in the pipeline, and are setting the fundatins f an Integrated Brder Management System E O S W h i t e P a p e r n E U S e c u r i t y

11 In this cntext, the Eurpean Security Industrial Base must be cnsidered a relevant slutins prvider fr smart brders in the lng term. By creating a stable and cnsistent plicy envirnment, the EU can encurage stability fr investment in emerging brder security initiatives r the integratin f best practices. The Eurpean security sectr is a natural partner fr establishing technlgical autnmy fr Eurpe. Onging dialgue and the pprtunity t cntribute t threat mitigatin strategy develpment with plicymakers will nly enhance industry s ptential t deliver tailred and innvative technlgies that respnd t Eurpean brder security needs. The EU shuld energize this industrial base by investing in the design, develpment and deplyment f infrmatin systems based slutins (infra + equipment + skills), and in thse future capabilities that will enable and ensure the safety, security and resilience f the Eurpean Single Security Area. A crdinated public-private apprach t Smart Brder R&D investments is essential if duplicatin is t be avided acrss Member States. The EU High Level Expert Grup n Infrmatin Systems and Interperability shuld play a critical rle in streamlining such investments. Future prjects shuld be chsen strategically, ensuring that they are frce multipliers that nt nly address critical end-user needs but are als aligned with the investments f Eurpean R&D rganisatins and industry. 1.2 The Missing Public Private Dialgue / Cperatin The EUROSUR regulatin is hardly knwn by decisin makers in the Eurpean Security Industry and has nt ften been recgnised in EOS discussins with Member State authrities. This significantly reduces Eurpe s ability t reslve interperability issues, an imprtant technlgical challenge that shuld nt be tackled retractively. Indeed, brder cntrl and migratin is nt nly an issue fr public administratins and enfrcement bdies, but als ne that requires adequate technlgical supprt, with slutins assuring security and privacy by design. Over time, we have seen that the dialgue and cperatin between public administratins in charge f brder cntrl, and private cmpanies frm the supply sectr has nt imprved. In fact, ur dialgue with Frntex has significantly reduced ver the last few years, and nly limited bilateral discussins are nw pssible. We hpe fr an imprved industry dialgue and cperatin with the new Frntex structure. Dialgue with DG HOME has always been very pen, with gd mutual understanding at a high level. Hwever, recently, channels f cmmunicatin arund peratinal issues have becme mre f a challenge. Limiting discussins t Research and Innvatin funding is nt sufficient t assure interperable, efficient and cmpetitive slutins are effectively implemented at the Eurpean market level. A wider and crdinated dialgue / cperatin between Eurpean institutins, Member State authrities and the private sectr, which EOS has been calling fr ver many years, is nw urgent if industry is ging t be able t prvide adequate slutins. 2.0 A New Strategic Framewrk: An Integrated Brder Security / Management Flagship Initiative Fllwing discussins with M. Ruete in mid-2014, EOS prpsed creating an Integrated Brder Security / Management Flagship Initiative t the Eurpean Cmmissin at the end f (EOS develped a similar flagship apprach fr cybersecurity and this led t the creatin f the cppp and ECSO). This Flagship Initiative links internal security issues in EU Member States, with external brder security strategies, as well as with security challenges in Third Cuntries. Its structure is envisaged arund several cre tpics: 11 E O S W h i t e P a p e r n E U S e c u r i t y

12 Three Challenges / Threats Influx f Migratin, internally and frm third cuntries Terrrism Organised Crime Three Operatinal Envirnments ("dmains") Maritime Surveillance Land Surveillance Brder Crssing Pints One Integrated Brder Security Overarching layer fr surveillance, infrmatin sharing and intelligence-led systems, expliting and integrating cmplex data sets and real-time infrmatin acrss dmains at the EU level Tw Step Apprach Shrt term: immediate deplyment f mbile packaged systems and services in htspts with builtin cybersecurity capabilities (where necessary): Surveillance and Search & Rescue Identificatin, Screening & Registratin Capacity Building in Migratin Management Medium / Lng term: develpment and deplyment f an EU Integrated Brder Security Tw Radmaps fr the next 5 t 10 years Capacity Implementatin Radmap Capability / Technlgy Innvatin Radmap One Gvernance Initial Stakehlders Platfrm evlving int a cperative instrument with fcussed investments One Investment Objective Increase and ptimize use f budgets, harmnising R&I and prcurement f EU certified slutins in a crdinated EU strategy, targeting 10 bn ver the next 10 years Such an apprach, based n effective infrmatin-sharing and fcusing n pririties with an immediate and sustainable impact n Eurpean security, will imprve the use f its verall capabilities, and encurage investment in a wide set f technlgies and services. Its specific bjectives are: Deplyment f capacities and services fr the different brder security dmains: maritime, land and brder crssing pints and develpment f additinal capabilities (where necessary) Develpment and implementatin f a Eurpean Integrated Brder Security verarching framewrk (capabilities and capacities) fr surveillance, infrmatin sharing and intelligence-led systems at the EU level, respecting human rights and legal requirements. T achieve these bjectives, EOS prpses creating a Flagship initiative fr an EU Integrated Brder Security Investment Prgramme supprted by adequate funding (updated estimate f apprximately 10 billin ver 10 years) 3, which wuld be cmpsed f: 3 The latest market reprt drafted by Visingain estimated the glbal brder security market in 2016 t amunt t 18 billin USD. Since Eurpe is cnsidered t represent 20% f the glbal market, ne can estimate that the Eurpean Brder Security market amunts t 3,5 billin EUR. If the Flagship Initiative were t incrprate apprximately 30% f this annual market ver a perid f 10 years, investment during that time wuld amunt t 10 billin EUR. 12 E O S W h i t e P a p e r n E U S e c u r i t y

13 The definitin and implementatin f a Capacity Implementatin Radmap fr capacity deplyment acrss Eurpe and if / when needed in Third Cuntries, including shrt term fcus n emergencies and lnger term capacity building; The definitin and implementatin f a Capability / Technlgy Innvatin Radmap based upn a clearer strategy t supprt implementatin f EU and Member State security plicies and a Brder Security Research and Innvatin Strategic Agenda. EU Member States shuld identify specific capacity and service needs and flag them in their pririties fr EU funding as part f this investment plan. The Eurpean Cmmissin has initially shwn interest in this Flagship Initiative, but n decisin has been taken t mve it frward. In parallel, EOS has initiated discussins with Ministers f the Interir (MI) in sme Member States t establish a dialgue and cnsider the pssible implementatin f such a prgramme, beginning with key EU cuntries and key security cmpanies. Such strategic dialgue, especially between Frnt-Line States, the private sectr and EU Agencies aims t put in place a Private-Public Stakehlder dialgue that wuld fster an integrated brder security dialgue at three different levels: Eurpean, reginal, and natinal nes. The idea t develp this dialgue, and subsequent platfrm, at different levels is t assure that ur bjectives are mre likely t be achieved. 3.0 A New Implementing Instrument: A Public Private Platfrm n Brder Security / Management The Eurpean Security Industry shuld nt be cnfined t the trivial rle f ff the shelf supplier, as the necessary innvative technlgies shuld be develped in partnership with a clear visin n the evlutin f needs t allw fr effective investment planning bth in the public and the private sectr. The present bilateral apprach between FRONTEX and the different technlgy suppliers, taken ne by ne, is nt helping the grwth f cmmn and cmpetitive Eurpean slutins. We have seen that the typical PPP mdel n R&I adpted in ther areas by the Eurpean Cmmissin is barely applicable in this sectr, as the market is mainly driven by public administratins. A mre specific EU instrument is necessary fr effective crdinatin f strategy, resurces and funds assuring a cnsistent and pen public-private dialgue / cperatin with effective use and fcus f funds fr R&I as well as capacity investments. A first step t ensuring the prper implementatin f the prpsed Flagship Initiative wuld be the creatin f a Public Private Platfrm. This culd serve as a structure fr initial dialgue and culd be set up immediately in a vluntary mde. Such a Platfrm wuld braden the current dialgue between public administratins t include the Eurpean Security Industry in a multilateral dialgue. This wuld be needed bth fr the definitin f realistic bjectives f the different phases f the Radmaps, and fr strengthening the cmmitment f the private sectr t the implementatin f this strategy. This apprach wuld prgressively imprve the definitin and harmnisatin f needs fr R&I and prcurement acrss Member States in Brder Security technlgies by By creating a better view f technlgies and deplyment by the public administratins, the Platfrm wuld establish trust between stakehlders, and allw the Eurpean security industry t vercme its present fragmentatin, and better respnd t needs thrugh an effective architecture fr integrated Eurpean brder security. The Platfrm shuld develp the apprpriate prcurement prcesses fr Eurpean certified slutins. With such a highly sensitive security challenges, public stakehlders, shuld priritise the prcurement f Eurpean certified slutins t guarantee the required security level. 13 E O S W h i t e P a p e r n E U S e c u r i t y

14 The lngstanding fragmentatin f the Eurpean security market is ne f the rt causes f its inefficiency. This is hampering the develpment f a cmpetitive and innvative security industry. Fr this reasn, the endrsed Platfrm wuld cmbine different surces f funding in a mre cherent and integrated way. The idea t build a frum wherein different stakehlders (public authrities, agencies respnsible fr brder, and private entities) are engaged shuld als prmte the crucial link between external and internal dimensin f security by fstering a better crdinatin f funding thrugh different mechanisms (like the prvisins available als in IPA, EDI, EDF, as well as in the verall EU external actin service like CFSP). The activity f the Platfrm shuld nt be limited t research issues r it will have a negligible impact n prviding practical respnses t urgent needs. The Platfrm wuld actually prepare all the necessary cnditins fr better implementatin f research results, fr instance via test and validatin, certificatin, best practices and demnstratin etc. f research results. Wider bjectives, linking H2020 with ther funding, facilitating the prtectin f EU external brders, als with a view t cperatin with Third Cuntries shuld als be pursued, further stimulating the grwth f the EU security industry. This Platfrm culd eventually evlve int a Jint Undertaking-like initiative n Integrated Brder Security, which wuld prvide the mst apprpriate slutin fr the full implementatin f the flagship recmmendatins by 2027, due t the challenges f an EU wide initiative leading t a deplyable cmplex system and relevant services. EOS PROPOSALS Adpt a Public Private Flagship Initiative fr Integrated Brder Security/Management t prvide a strategic framewrk fr Eurpe s apprach t Brder management. Create an Investment Prgramme t prvide the Flagship initiative fr an EU Integrated Brder Security with adequate funding. Establish a Public Private Platfrm fr an Integrated Brder Security / Management t implement the Flagship Initiative bjectives. Mbilise Ready-t-G Smart Brders / Entry-Exit Technlgies. Implement the decisins f the EU High Level Expert Grup n Infrmatin Systems and Interperability in streamlining and crdinating investment in R&D prjects fr Smart Brder technlgies. B. Cybersecurity 1.0 Sectr analysis Digital transfrmatin wuld be useless withut Cybersecurity. Cybersecurity is recgnized as a new glbal challenge / playing field with plitical, scial and business implicatins. It invlves serius ecnmic, scial, financial and reputatinal cnsequences. The Digital Transfrmatin f ur scieties, businesses and Single Market cannt be fully implemented withut a Digital Unin; and Cybersecurity is a precnditin f a smthly functining digital unin. It culd nt take plain effect if we d nt adapt ur capabilities t the nature and evlutin f the threat. T cpe with persistent threats, we need cntinuus investment and the scale f the threat will nly be cunterbalanced by delivering frce multiplying slutins. 14 E O S W h i t e P a p e r n E U S e c u r i t y

15 Within the EU single market, peratrs, utilities, businesses including SMEs and administratins must cpe with increasing and evlving cyber security attacks & threats. T guarantee the nrmal functining f ur critical infrastructures and essential services we need technlgical supprt frm trusted surces and an infrmed ecsystem. Eurpe cannt lag behind in develping and retaining the cre technlgies and skills t feed its wn strategic autnmy in this field. The Eurpean Industrial Base shuld be energized, and strategic cllabratin with innvative cmpanies shuld be strengthened by means f jint technlgical radmaps, frm research t prcurement fr deplyment and use. 1.1 Cybersecurity cppp The cntractual Public Private Partnership, has reinvigrated cperatin between interested stakehlders (mre than 200 members are currently participating in this initiative), strengthening Eurpean industrial ptential n cybersecurity. The Eurpean Cyber Security Organisatin (ECSO), supprting the cppp, is a platfrm where Eurpean Member States public administratins, industry, practitiners and ther stakehlder discuss and identify strategic pririties fr Eurpe. The cybersecurity cppp was set up in recrd time, in part thanks t the extensive preparatry wrk and supprt frm EOS (wh runs tday the Secretariat). The cppp is fcused upn develping R&I activities, as is usual in such Eurpean Cmmissin initiatives. Hwever, ECSO was created nt nly t supprt the cppp and the definitin f R&I pririties, but als t fster effective cybersecurity industrial plicy activities in publicprivate cperatin t increase security and cmpetitiveness. A lt has been learned n effective Public-Private cperatin in ECSO. These best practices in such a sensitive sectr culd be successfully applied in the creatin and develpment f a similar Public-Private Platfrm fr Eurpean Security. The cppp n Cybersecurity was the first mve twards a mre cmplex Public Private apprach (a Jint Undertaking style initiative culd fllw) and higher investments in the next MFF. Frm an industry perspective, the cppp shuld ultimately help EU plicy bdies t fster and incentivize a leading industrial cybersecurity sectr in ur cntinent. We remain cmmitted t prmting the cppp and investing in ur shared visin fr the future. As such, we supprt nging public-private dialgue t define thse cybersecurity dmains in which Eurpean industry can becme glbally cmpetitive leaders, a crdinated industry appraches t maximising current skills/cmpetences, and the prmtin f Eurpean cybersecurity industry s strngest assets. 1.2 Digital Autnmy & Svereignty issues In parallel t the wrk f the cppp, the EOS Cybersecurity Wrking Grup (WG) has the capacity t initiate dialgue and develp recmmendatins n sensitive issues such as cybercrime, intelligence, cyber-defence, digital autnmy and ther svereignty-related issues. The aim f the WG is t fster public-private dialgue t address digital autnmy in terms f technlgy, plicy slutins and intelligence surces. It fcuses n delivering a Eurpean dimensin fr cyber-security related issues that are f strategic cncern t the Eurpean security industry, and t the Eurpean ecnmy as a wh As an example f a sensitive plitical and technical tpic, the EU industry (within the EOS Cybersecurity WG) culd wrk n a cmmn technical / plitical paper n encryptin t assess the issue and prvide suggestins fr a Eurpean psitin that takes int accunt natinal svereignty issues. 15 E O S W h i t e P a p e r n E U S e c u r i t y

16 1.3 Digital Intelligence Digital Intelligence shuld cme nt nly frm a public-public dialgue, but als frm a strnger link with the EU Security Industry. At natinal level, ur industry belngs t thse trusted partners supprting lcal gvernments in intelligence issues. Yet, at Eurpean level, infrmatin is drawn frm industries that have nn-eurpean rigins, even if largely present in Eurpe: this raises questins n the influence f external agendas in EU psitins. The mment is ripe fr a mre frmal dialgue n the questin f Eurpean digital intelligence and EOS wuld welcme the pprtunity t cntribute t this plitic-technical debate with Eurpean plicymakers. This dialgue shuld strive t define answer t sme f the cre questins arund Eurpe s ambitins fr its digital intelligence capabilities and gvernance, including: Hw EU industry cmpetences at natinal level (sensitive) can be f use at EU level? Hw t build a Eurpean infrmatin sharing system and what structure this culd have? Hw prgressively increase a trusted sharing f threat intelligence? Can we create a big-data at EU level fr security use? What kind f EU digital autnmy is pssible in this sectr? EOS PROPOSALS Develp an effective instrument t widen the dialgue and cperatin beynd the present cppp apprach, t better supprt cmpetitiveness f the Eurpean cybersecurity industry. Identify and develp technlgies that wuld increase a strategic Eurpean Digital Autnmy. Establish mre frmal public-private channels f cmmunicatin t address questins arund Eurpean Digital Intelligence. C. Research & Innvatin 1.0 Sectr Analysis Since its inceptin, EOS has been supprting Eurpean Cmmissin funding prgrammes aimed at fstering innvatin as well as the uptake f technlgies. H2020 and its predecessrs have imprved Eurpean ptential fr innvatin in many respects, especially by building synergies with Natinal and Reginal research prgrams. This has nt nly imprved the efficiency f public spending, but has als created a wider netwrk f stakehlders, ideas and prjects. Future research culd better target terrrism issues, but the apprach shuld be different (tp dwn) with a cmprehensive, lng-term strategy and defined implementatin measures (which is difficult under the H2020 Secure Scieties prgramme) in rder t incentivise an effective cmmitment frm industry. The strng shift frm FP7 t H2020 twards scietal issues has resulted in R&I prjects increasingly lacking a cmpetitiveness cmpnent, which is s imprtant fr ur industry in this sensitive market. The simplificatins intrduced in H2020 (e.g. in the Participant Prtal and in the reduced time t grant) shuld be recgnized as a psitive step fr industry funding. Evidently, SMEs in the security sectr have faced mre challenging cnditins fr prject financing. In fact, the clser t the market, the less funding they receive, and fr SME s and micr SME s that is a sustainability factr. Befre the simplificatin f the ne rate scheme, SME s culd receive all the funding (100%) they had applied fr. Nwadays, under H2020, the maximum funding fr Innvatin Actin s is 95%, that 5% is a cnsiderable change. Cnsequently, we have bserved 16 E O S W h i t e P a p e r n E U S e c u r i t y

17 reduced interest in dedicating resurces int EC prjects by SME s as well as large industry, fr reasns linked t sustainability but frm anther perspective. The intrductin f stricter quality management by the Eurpean Cmmissin has facilitated an increase in the quality f prpsals. Hwever, industry interest in participating in such cllabrative prjects has evidently decreased because f this new apprach. The evaluatin mechanism fr prject prpsals is nt clarified, and in mst cases the descriptin f calls des nt match the evaluatin results. Higher TRL initiatives demand a mre fcused cncept in rder t create a marketable slutin; thus, higher quality is welcme. But higher quality and increased imprtance assigned t scietal impacts have meant less innvatin. Fr these reasns, H2020 rules and regulatins have been received by industry with tw very distinct pinins. With reduced interest frm large cmpanies in cllabrative research, less innvatin is being brught t market, as large cmpanies remain the main vehicle driving the market inside and utside Eurpe. While POV s and PCP s have prven mre successful in bringing innvatin clser t the market, prblems still remain. Even if prcurers are in the cnsrtium, the uptake f the tl r technlgy slutin is still undetermined and slw. This was als ne f the main gaps presented in the security industrial plicy. Industry, thrugh specific plicies aiming t bst their prductivity, shuld be reassured that a market will exist and that their investments in innvatin are wrth. Security is a very different sectr frm ther Eurpean Cmmissin R&I areas. If in FP9 preference will be given t lans rather than t grants, this lack f Eurpean incentives wuld reduce Eurpe s attractiveness as a place t invest in innvatin, especially frm the side f SME s. Adding this ptential challenge t a weak apprach t industrial cmpetitiveness culd lead t a ttal disaffectin f the Eurpean industry fr EC prjects. This culd have significant negative cnsequences, cnsidering the sensitivity f security fr Member States and Eurpe, where strnger strategic industrial autnmy wuld be essential. 2.0 EU financed security research: Tpics fr future research prgrammes We reaffirm ur interest in the tpics f Critical Infrastructure Prtectin, Brder Security, Disaster Resilient Scieties, Fight against Crime and Terrrism and Digital Security. And fr the future Secure Scieties calls, we wuld envisage including the fllwing: Cyber/Physical prtectin f critical infrastructures, especially regarding sft targets (link t wrk f the Task Frce in DG HOME) as well as fr urban security, energy, transprt and innvative telecmmunicatin netwrks (e.g. 5G); Intelligence / autmated cmmand and cntrl centres including cyber-intelligence (analytics); Prtectin f strategic manufacturing areas (digitalisatin f EU industry / Industry 4.0) and f imprtant innvatins fr the sciety (e.g. autnmus vehicle); Develpment f test prcedures fr security devices; Analysis f scial media cntent and autmated exchange f data between law enfrcement authrities; Netwrk f standardisatin and certificatin agencies thrughut Eurpe and beynd. Current and nging EU-financed security research prgrammes have been prving very successful in prviding a springbard fr industry nt nly t research new technlgies but als mve clser t deplyment and implementatin. A snapsht f these research prgramme success stries can be fund in Annex I & II. 3.0 Technlgy Autnmy The present Eurpean Cmmissin research apprach des nt fcus n technlgy autnmy fr strategic sensitivity, security r cmpetitiveness reasns. It is still very fragmented and dispersed, lacking a clear verall strategy. Despite the existing EC mechanisms, R&I still suffers frm stvepipe appraches. Structured cperatin between industry and regulatrs culd help t defragment the system and develp a 17 E O S W h i t e P a p e r n E U S e c u r i t y

18 cmprehensive apprach. Yet, at present there is still n adequate EC instrument t accmplish this. The EC PPP mdel linked t a leverage factr is nt applicable t "public markets" like the security. Withut R&I carrt funds r the crdinatin f ther implementatin funds, there is little hpe f establishing a cmprehensive and strategic apprach invlving different kinds f stakehlders. 4.0 Streamlining Security Screening and Detectin Technlgies Certificatin Infrmatin n existing security screening and detectin technlgies slutins is nt riginating frm EU research in this area, as it remains t sensitive t be shared. The EU Certificatin f Civil Aviatin Security Equipment tk fur years t be prpsed. We supprt the gals that the Cmmissin s Prpsal fr a Regulatin aims t achieve. Yet, the current prpsal is verly cmplex and ptentially bureaucratic. Additinal csts will inevitably be incurred by the additin f cmplexity and bureaucracy, adding new barriers t entry int the security market and reducing the funding available t invest int research and develpment. In general, t supprt Eurpe s security industry, the Regulatin must be significantly leaner, with fewer administrative and financial burdens placed n manufacturers. On land transprt security, EU pilts t adapt existing technlgies culd be established immediately. EOS PROPOSALS Maintain and pssible increase, within future FP9 research funding calls, tpics including cyber/physical prtectin f critical infrastructure as well as the use f scial media as a crsscutting tpic. Cnsider frm the beginning f future PCPs with cmmercializatin aspects in mind. Incentivize EU technlgy autnmy thrugh targeted funding fr develpment r implementatin f Eurpean security technlgies. Further simplify the bureaucratic burden fr SMEs and end-users. Establish EU pilts t adapt existing security screening and detectin technlgies t brader transprt security mdes (e.g. land transprt) and encurage Eurpean industry participatin. D. Hybrid Threats 1.0 Sectr Analysis The past decade has seen the increased deplyment f hybrid threats frm bth State and nn-state actrs aimed at harming and destabilising EU scieties. The mixture f cnventinal and uncnventinal methds that define hybrid threats have further blurred the line between Eurpean defence and security strategies, requiring an ever mre crdinatin and multilateral respnse. The EU s Jint Framewrk t cunter hybrid threats and fster the resilience f the EU ges smeway t enhancing Eurpean capabilities, thrugh cperatin between EU Member States, partner cuntries and NATO. Hwever, the Framewrk s hlistic apprach fails t acknwledge the rle that the Eurpean security and defence industries might play in such threat mitigatin initiatives, r prvide a platfrm fr integrating industry int the develpment prcess f Eurpean slutins t new hybrid threats. 2.0 Dual Use Slutins 18 E O S W h i t e P a p e r n E U S e c u r i t y