Third Transatlantic Cyber Dialogue Stresses Value of New Information Sharing Venues
Ten German and ten American policymakers met at the American Institute for Contemporary German Studies in Washington, DC, on May 24 to continue work on cybersecurity proposals to strengthen the transatlantic relationship. The third Transatlantic Cyber Dialogue, co-hosted by the Hanns Seidel Foundation, focused on the legislative debate on cybersecurity in both countries, how this affects homeland security, and what cyber norms are needed to safeguard that security.
Just a week earlier, Senators Burr and Warner of the U.S. Senate Select Committee on Intelligence had made statements that the American election system remains at risk due to Putin-coordinated efforts. At the workshop’s public panel, Brett Freedman, the Minority Counsel for the Committee, stressed that getting over philosophical divides was key to tightening accountability on actors who seek to interfere in democratic processes through disinformation campaigns and compromise government systems through espionage intrusions.
Member of Parliament Reinhard Brandl (Christian Social Union of Bavaria) talked about Germany’s National Cyber Response Center as a way to coordinate cyber defense and information sharing on cyber vulnerabilities and profiles of perpetrators among the Interior, Defense, and intelligence actors. There was discussion of whether such a model could be used to also coordinate with allied agencies for the purposes of strengthened attribution of bad actors.
Karsten Geier, the head of the Cyber Policy Coordination Staff in Germany’s Federal Foreign Office, talked about the most urgent priorities for the cyber norms debate, including how to respond to cybersecurity attacks as an element of hybrid warfare, and the challenges posed to international law when states use cyber retaliation as a deterrence tool.
Teddy Nemeroff, Senior Advisor in the State Department’s Office of the Coordinator for Cyber Issues, said said that while there is broad consensus that existing international law applies to state behavior in cyberspace, there is still much work to be done in building consensus on how it applies. The United Nations’ Group of Governmental Experts for Cybersecurity has been an important venue for building consensus regarding the applicability of international law to cyberspace, promoting adherence to additional non-binding peacetime norms of state behavior, and recommending practical confidence building measures to reduce the risk of conflict stemming from cyber activities. He said that regional security venues, like the Organization for Security and Cooperation in Europe (OSCE), had been helpful in actually developing and implementing confidence building measures. In the future, he said it would be important for likeminded governments to work together to ensure there are consequences for states that act contrary to the growing consensus regarding what constitutes responsible behavior in cyberspace.
In the future, he said it would be important for there to be international cooperation between governments and the private sector to protect critical infrastructure, and recommended improved information sharing between foreign partners and allies on critical infrastructure disruption, including through Computer Security Incident Response Teams (CSIRTs). The panel was unified that transatlantic cooperation remains important for a stronger cyber defense. In addition, there was agreement among the workshop participants on new fora for information sharing and confidence building measures.