Second Roundtable Looks at Role of Private Sector and Civil Society in Attribution

Defense and tech experts from the United States and Germany gathered in the conference room of the American Institute for Contemporary German Studies in Washington, DC, on May 23 to discuss the greatest hurdles for cybersecurity for the transatlantic community. The second German-American Cyber Roundtable co-hosted by Microsoft examined what actors should work together to identify those responsible for malicious cyber incidents.

Setting the tone for the meeting, Prof. John Davis, a senior information scientist at RAND and professor of the Pardee RAND Graduate School, discussed the challenges of attribution and the motivations and methods of actors who conduct illegal cyber intrusions. His study Stateless Attribution: Toward International Accountability in Cyberspace proposes an attribution organization independent from the state, similar to the International Atomic Energy Agency, which would be made up of companies from the private sector and civil society. This independent organization would not be concerned with punitive mechanisms, he said, but should focus on synergy of methodology and confidence from the participants to correctly identify actors conducting illegal intrusions.

Laura Rosenberger, who founded the Alliance for Securing Democracy, talked about the challenges for governments when making attribution public, and the role the private sector and civil society can play to galvanize government action and provide public transparency.

Michael Ngo, the new CSO of ORock Technologies, provided an operational perspective, and the value of connecting intelligence, sensor data, and operational reporting to mitigate against cyber-attacks and illegal intrusions. There was a diversity of opinion among the participants about the degree to which governments, the military, and intelligence agencies should be left out of an attribution coalition altogether, and who should provide accountability for bad actors.

A second panel, which included Professor Tom Wingfield of the National Defense University, Steve Bucci of Heritage, Kaja Ciglic of Microsoft, and Todd Oja of U.S. Cyber Command, discussed the layers of authorities needed to identify malicious cybersecurity actors and the motivators that can be used for compelling lawful behavior. Here, access, authorities, and resources all play a role, especially in terms of coordinating with partners in Europe.

Ms. Ciglic discussed the Cybersecurity Tech Accord as a solution to increased malicious cybersecurity threats to users from both cybercriminals and nation states. The Accord, which was launched in April, has been signed by over forty companies, and the signatories agree to share threat information, protect users from cyber-attacks, to not help governments launch offensive attacks which are harmful to “innocent” citizens, and to report publicly on their progress.

While the role of the government in interacting with an attribution coalition or in responding to the private sector’s desire to protect their users’ privacy was hotly debated, all agreed that civil society had a greater role to play in identifying bad cyber actors, assisting in technical cooperation, and sharing threat information. The next Cyber Roundtable will take place in Brussels in the fall.

The views expressed are those of the author(s) alone. They do not necessarily reflect the views of the American Institute for Contemporary German Studies.
Sarah Lohmann

Sarah Lohmann

AICGS Senior Cyber Fellow

Dr. Sarah Lohmann is AICGS' Senior Cyber Fellow based in Germany. She coordinates the Institute's cyber projects, including the Transatlantic Cyber Partnership--which brings together U.S. and German policymakers from government, the military, the tech sector, and academia--to cooperate on cyber policy. Dr. Lohmann is an expert in the field of international relations, human rights, and security policy. With over a decade of experience in government and in the classroom, she offers a unique perspective as a well-traveled practitioner and policymaker who also delights in academia.

Dr. Lohmann has served as a university instructor at the Universität der Bundeswehr since 2010. She achieved her doctorate in political science in 2013, when she became a senior researcher for the political science department. Prior to her tenure at the Universität der Bundeswehr, she was a press spokesman for the U.S. Department of State for the Bureau of Democracy, Human Rights and Labor, as well as for the Bureau of Near Eastern Affairs (MEPI). Before her government service, she was a journalist, and has traveled in over 30 countries worldwide. She has published one book and over a thousand articles in international press outlets, including The New York Times, The Wall Street Journal, and The Financial Times in Germany. She is a public speaker in international forums on issues of human rights, cyber security, and transatlantic relations.