On 24 April, Marietje Schaake submitted parliamentary written questions on cyber espionage threats to European travellers to Vice-President/High Representative of Foreign Affairs, Federica
Mogherini. Please find the questions below.
A Dutch trade mission is visiting China last week. To prevent data from covertly being obtained, through for example hacks and the installation of spyware, both government officials and business representatives on the delegation were advised by the Netherlands Ministry of Foreign Affairs to only bring ‘empty’ laptops and mobile phones. A similar warning was issued for travellers to Iran, Russia and Turkey.
1. Are the HR/VP and the EU delegations in these countries, aware of this updated advice for Dutch travellers?
2. How does the HR/VP assess the cyber policies of these four and possible other countries pose a threat to European travellers, both when it comes to business trips and holidays?
3. Does the HR/VP agree that concerns about cyber espionage also needs to be addressed at the highest political level with foreign governments.
Answer from the Commission given on 31/07/2018
The EU Hybrid Fusion Cell, established within the EU Intelligence and Situation Centre of the European External Action Service (EEAS), receives and analyses classified and open source information specifically relating to indicators and warnings concerning hybrid threats (including cyber threats) from different stakeholders (inter alia EU Delegations, the European Commission and EU Member States). The EU Hybrid Fusion Cell's analytical products are shared within the EU and amongst Member States to inform EU decision-making. The Cell had not been made aware of the updated advice to Dutch travellers.
As set out in the EU Global Strategy, hybrid and malicious cyber activities by State and non-state actors continue to pose a serious and acute threat to the EU and its Member States. Several EU initiatives have been launched in the recent years to increase resilience and bolster capabilities to address these security challenges. Notably, a Joint Framework on countering hybrid threats was adopted in April 2016. Many of its 22 actionable proposals relate specifically to cyber aspects. In response to the March 2018 European Council tasking following the Salisbury attack, a Joint Communication on Increasing resilience and bolstering capabilities to address hybrid threats was adopted in June 2018. It proposes measures to step up the EU's response to hybrid threats, including in the cybersecurity sector and in building resilience to hostile intelligence activity.
In order to strengthen cyber deterrence, the EU continues to step up its response to malicious cyber activities and to coercive cyber operations in the Framework for a Joint EU Diplomatic Response to Malicious Cyber Activities. The Framework sets out several EU measures to prevent and respond to cyber-attacks by State and non-state actors.
 The Framework contains 22 actionable proposals to help counter hybrid threats and foster the resilience of the EU and Member States: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A52016JC0018