Research directions in cybersecurity to support a digital strategic autonomy

Resilience, technological sovereignty and leadership are essential for the EU and as such, they are addressed by the EU Cybersecurity Strategy. In an effort to support this cybersecurity strategy, ENISA releases a report intended to look into digital strategic autonomy in the EU and suggests future research directions.

What is digital strategic autonomy?

Digital strategic autonomy can be defined as the ability of Europe to source products and services designed to meet the EU’s specific needs and values, while avoiding being subject to the influence of the outside world.

In the digital world, such needs may encompass hardware, software or algorithms, manufactured as products and/or services, which should comply with the EU values, and thus preserve a fair digital ecosystem while respecting privacy and digital rights.

To ensure the sourcing of such products and/or services complies with the EU’s needs and values, the EU has the option to self-produce them autonomously, or in the case where products and services are acquired from third countries, to certify them and validate their compliance.

However, in cases where there is a high dependence on sourcing, the EU should still be capable of operating its digital infrastructures without giving rise to any possible detrimental influence. Hence, Europe needs to maintain the capability to produce its critical products and services independently.

In short, digital strategic autonomy means the capacity for the EU to remain autonomous in specific areas of society where digital technologies are used.

Why such a move?

The new challenges brought about by the digitalization of its environment raise questions on its capacity to retain ownership and control of its personal data, of its technological assets and of its political stand. Such are the main dimensions to be considered under the idea of digital strategic autonomy.

Furthermore, the COVID-19 pandemic highlighted the importance of cybersecurity and the need for the EU to continue to invest in research and development in the digital sector. Within this context, the report sets and prioritises the key research and innovation directions in cybersecurity.

Key research directions: Which are they?

The report identifies the following seven key research areas:

• Data security
• Trustworthy software platforms
• Cyber threat management and response
• Trustworthy hardware platforms
• Cryptography
• User-centric security practices and tools
• Digital communication security.