The personal data of an estimated 18 million federal employees of the United States were recently affected by a cyber breach at the Office of Personnel Management (OPM).

This OPM breach is catastrophic for the US, both for national security and for the individuals whose information has been compromised.

Student or retired? Then this plan is for you.

Director of national intelligence, James Clapper announced that China is to blame, and this is not the first time the US is blaming China for severe cyber espionage and cyber attacks.

For Europeans it is most interesting to see how US will now react.

The United States earlier this year declared a strong cyber sanction policy against foreign nation-state hackers and published cyber deterrence guidelines in the Pentagon's new strategy.

Europeans are almost always following the US example in cyber security. But why are European countries not openly discussing their own sanctions policy against foreign hackers?

Washington is currently at the forefront of conceptual and political discussions, as well as practical actions, in cybersecurity.

Having spent at least a decade integrating the cyber domain into its security and social thinking, it has also taken the lead in using cyber attacks as a tool of foreign and security policy, thereby placing it far ahead of Europe.

Most European countries have cyber strategies on paper, but public discussion at policy and doctrinal levels and practical measures are not as mature as they are in the United States.

Without serious efforts in Europe the gap is only likely to widen.

This would increase the potential for Europe to become the focal point for more serious cybercrime, espionage and even debilitating attacks.

Cyber security policy

Cyber security has entered the domain of foreign and security policy due to the ever-globalising world. In this digital domain, strategic advantage can be either lost or won.

The Cybersecurity Strategy for the European Union and the Eurpean Commission proposal for a Directive on Network and Information Security put forward legal measures and give incentives aiming at making the EU's digital environment the most secure in the world.

But it is not easy to deal with 28 countries and despite these steps at EU level, European cyber security remains almost exclusively a national prerogative.

This must change.

The most important driving force for a new “cyber Europe” could be European industry. At the moment US companies and other companies outside of Europe are dominating the rapidly growing cyber security market.

For example, in the latest list of “cybersecurity companies to watch in 2015” there are few European companies in Top 100.

At the moment there is a special opportunity to European companies because there is a lot of suspicion in the market towards cyber security products from the US, China, and Russia.

European companies would be able to enter the market as a more trusted partner.

US dominance

Europeans are very dependent on foreign internet services, especially GAFA, which stands for Google-Apple-Facebook-Amazon. Nine out of 10 Internet searches in Europe use Google.

Where are European alternatives for these companies? Nowhere. This dominance should worry Europe, even if the current situation works fairly well.

In the US, Google, Apple, Facebook, and Amazon are generally praised as examples of innovation and the same kind of innovativeness must be encouraged and supported in Europe.

The question is not only how much Google, Apple, Facebook, and Amazon dominate every facet of our lives, but also how important and precious the data they possess is in today's world.

This data should be understood as a part of cyber power - and Europeans are letting it go abroad.

European cyber security companies and digital platform industries must transform themselves and become more competitive.

It is also the job of politicians and lawmakers to protect both European industries and European digital rights.

Cyber security issues should be brought more actively into the political discussions in European governments and Europe must clearly outline its own policy on topical cyber security questions. This is the only way to securing its cyber future.

Jarno Limnell is a professor of cybersecurity at Finland’s Aalto University and vice-president of Insta DefSec, a private firm