The personal data of an estimated 21.5 million federal employees of the United States and their families was compromised by a cyberattack at the Office of Personnel Management (OPM).
This OPM breach is catastrophic to the US, both for national security and for the individuals whose information has been compromised. Director of National Intelligence James Clapper announced China is to blame, and this is not the first time the US is blaming China for ongoing cyber-espionage and cyberattacks.
For Europeans, it will be interesting to see how the US will react. Earlier in 2015, the US declared a strong cyber-sanction policy against foreign nation-state hackers and published cyber-deterrence guidelines in the Pentagon's new cyber-strategy. So, how will the US act now? It will show an example to the rest of the world for similar situations in the future.
But why do we as Europeans almost always follow the example set by the US in terms of cybersecurity? Why are European countries not openly discussing their own sanction policy against foreign hackers?
The US is at the forefront of cybersecurity – conceptually, politically and in terms of business. Having spent at least a decade integrating cyber into its security and societal thinking, it has also taken the lead in using cyberattacks as a tool of foreign and security policy, placing it far ahead of countries in Europe.
Looking good on paper
Most European countries have cyber strategies on paper but public discussion at policy and doctrinal levels and practical measures are not as mature as they are in the US.
The difference between the America and Europe is notable, and without serious efforts in Europe, the gap is only likely to widen.
This would increase the potential for Europe to become the focal point for more serious cybercrime, espionage and even debilitating attacks. It would be foolish not to learn from the US but it is time for Europe to take more proactive role in cybersecurity – for its own sake.
Cybersecurity has entered the domain of foreign and security policy due to ever globalising world and in this digital domain strategic advantage can be either lost or won.
The Cybersecurity Strategy for the European Union and the Commission proposal for a Directive on Network and Information Security put forward legal measures and give incentives aiming at making the EU's digital environment the most secure in the world.
But it is not easy to deal with 28 countries and despite these steps at EU level, European cybersecurity remains almost exclusively a national prerogative. There is still a long way to go before Europe becomes a real cyberpower like the US.
The reality is that Europe has a much smaller role in global cybersecurity than it should have. Europe possesses all the prerequisites to become a much more important player in global cyber-development but for some reason, it seems to be satisfied with its current role. This must change.
The most important driving force for creating a "cyber Europe" could be European industry. At the moment, US companies and other firms outside of Europe are dominating the rapidly growing cybersecurity market.
In the latest list of cybersecurity companies to watch in 2015, for example, there are just a few European companies ranked in the Top 100. Taking into consideration the high level of European education and expertise in digital solutions, it is hard to understand why these companies are not among the most successful cybersecurity companies globally.
There has never been a more opportune moment for European companies to make their mark, because there is a lot of suspicion in the market towards cybersecurity products from the US, China and Russia. European companies would be able to appear in the market as more trusted partner. If European companies appear as innovative and trustworthy in cybersecurity, Europe as a whole would also be taken more seriously as a cyberpower.
Europeans are also very dependent on foreign internet services, especially Google, Apple, Facebook and Amazon. Nine out of 10 internet searches in Europe use Google. Where are the European alternatives for these companies? Nowhere. This dominance should worry Europe, even if the current situation has been fairly achieved.
Central to political discussions
In the US, Google, Apple, Facebook and Amazon are generally praised as examples of innovation and same kind of innovativeness must be encouraged and supported in Europe. The question is not only how much those companies dominate every facet of our lives but also how important and precious the data they possess in today's world. This data should be understood as a part of cyberpower – and Europeans are losing it abroad.
Europe must stop being a secondary actor in the new digital world. If it wants be a credible cyberpower on the global scene and also increase the political interest in these issues, European cybersecurity companies and digital platform industries must transform themselves and become more competitive.
It is also the job of politicians and lawmakers to protect both European industries and digital rights. Cybersecurity issues should also be more central to political discussions in European governments. It must take a stronger role in global cybersecurity, which is becoming an increasingly more important strategic arena.
Jarno Limnéll is a professor of cybersecurity at Finland's Aalto University and vice president in Insta DefSec Plc.