Cybersecurity in the European Defense Industry: The Demand for High Security Standards in Cloud Services


Staff member
May 18, 2022
Cybersecurity in the European Defense Industry: The Demand for High Security Standards in Cloud Services

By Emanuele Bonini

Harmonization and Competitiveness: The Need for High Security Standards

Giorgio Mosca of Leonardo/ASD emphasizes that harmonization and certainty are crucial for the competitiveness of the European defense industry. He highlights the urgent need for the new European Commission to address certification systems, focusing on the implementation of the European cybersecurity certification scheme for cloud services (EUCS).

The Importance of a Unified Approach

Brussels faces a challenge in establishing a unified approach to data storage, processing, and sharing within the defense, security, and aerospace sectors. The EU’s current efforts are seen as insufficient and untimely by industry leaders. The proposal for a cybersecurity certification scheme by ENISA and ECCG falls short of industry demands for certainty and uniform standards.

ASD’s Call for Higher Security Standards

The ASD, representing European security, defense, and aerospace companies, is pushing for the EU to adopt higher security standards—referred to as high+—to foster investment and ensure security. Mosca points out that without these higher standards, the industry faces increased exposure to cyber-attacks and economic disadvantages due to fragmented security regulations across member states.

“We believe that if we want to talk about the security of supply, we have to talk about the security of supply chains and the secure ways of connecting these chains,” said Giorgio Mosca.

Economic and Security Impacts

According to Mosca, the lack of high security standards in the EUCS system has at least two major impacts:

1. **Increased Vulnerability to Cyber-Attacks**: Data stored outside the EU and managed through channels outside of European control increases the risk of cyber-attacks and potential disruptions.
2. **Economic Burden**: The current approach adds administrative burdens and costs to businesses, countering the Commission's goal to reduce these barriers.

The Path Forward: A Single European Model

The discussions on the proposed European cybersecurity certification system for cloud services (EUCS) have been ongoing since December 2019. Industry leaders advocate for the reintroduction of the highest assurance level (high+ criteria) to protect sensitive European industrial data.

“Clarity is needed for the industry in the sector, which is crucial for competitiveness,” said the executive of Leonardo, urging the new Commission to take the dossier back in its hand.

The industry hopes that within the European Cybersecurity Certification Group, representatives of EU member states will be willing to reconsider the decision and see what the new European legislature proposes.


The push for higher security standards in cloud services is essential for the competitiveness and security of the European defense industry. A unified approach and harmonized standards will mitigate vulnerabilities and promote a secure and thriving digital market in Europe.


- European Cybersecurity Certification Group
- Leonardo