A rapid-response Joint Cyber Unit will pool European cybersecurity powers to launch operations against cyber-attacks on member states.
The task force will be based at the EU Agency for Cybersecurity in Brussels, Belgium, and is scheduled to be fully operating by early 2023.
It is being set up after a number of high-profile ransomware attacks across the continent, in which data was stolen and encrypted and ransom payments demanded.
Last month, Ireland’s Health Services Executive was forced offline after hackers compromised its servers and stole sensitive patient information. The hackers then demanded $20 million in Bitcoin in exchange for the release of the data, which the Irish government refused to pay.
Recent incidents include malicious attacks on the IT systems of French public hospitals and the tampering of vaccine data at the European Medicines Agency.
Speaking from Brussels, Margaritis Schinas of the European Commission said defence policy was once seen as “something linear, something simple” but this was “no longer the case”.
He said a co-ordinated response was required to curtail the expected sharp rise in cyber criminality.
“This is not an industrial consideration any more,” he said. “This is an issue of national security. It threatens our values, or way of life, society, principles, and this is why we need to tackle it together,” he said.
EU foreign affairs chief Josep Borrell said the unit was “a very important step for Europe to protect its governments, citizens and businesses from global cyber threats”.
“When it comes to cyber attacks, we are all vulnerable and that is why co-operation at all levels is crucial,” he said. “There is no big or small. We need to defend ourselves but we also need to serve as a beacon for others in promoting a global, open, stable and secure cyber space.”