It’s unclear at this point whether the document was published prematurely and an announcement is still to follow, or whether the Commission is intentionally keeping the strategy out of the spotlight.
As one cybersecurity measure, the EU commits itself to “encouraging the uptake of [the communications protocol] IPv6” since “the allocation of a single user per IP address” makes it easier “to investigate malicious online behavior” — a reasoning that’s at best oversimplified, as this ten-year-old report from the US Department of Commerce explains, and at worst betrays a dangerous form of thinking in which the complete surveillance of each individual’s online activities is the implied goal of cybersecurity policy.
That it lauds strong encryption for its ability to “keep people’s intellectual property secure” is another odd choice of security priorities.
All things considered, the communication is most remarkable for what it does not contain: a whole host of measures that would actually make Europeans safer online, but on which EU action is lacking, if not actively counter-productive.
That’s why my colleague Jan Philipp Albrecht and I have gathered alternative proposals.
Updates are the most important tool to ensure the sustained security and integrity of systems and networks we use.