Defending Democracy in the Cybersphere
Strong Democracies Need Strong Partners: Lessons from a German-American Cyber Dialogue
Foreword by Jeff Rathke
On the day that President Donald Trump met with Chancellor Angela Merkel in Washington in April 2018, this Cybersecurity Roundtable on Public-Private Partnerships met in Berlin to discuss one of the most pressing issues for the transatlantic relationship. Never has it been more important for old friends to work together to defend against new threats. New cyber intrusions affecting government networks or critical infrastructure highlight the urgency of this issue, but it is equally crucial for the U.S. and Germany to develop an effective, coordinated cyber strategy to keep our democracies strong and protect the integrity of our public discourse.
Over the course of eight months, this German-American working group met in Berlin, Washington, and Brussels to foster a dialogue on an expanding scope of cyber issues. The conversation varied from strengthening early warning and protection against malicious cyber intrusions, to strengthening cooperation and streamlining the methodology for more accurate attribution of cyberattacks. With the upcoming elections in the European Parliament this May, and the United States presidential cycle already beginning, talks on how to ensure election infrastructure is secure and how to make publics aware of misleading information operations were especially important for the working group.
Because the cybersphere cannot be divided along national boundaries, there is a growing awareness of the need to act in concert with partners as our countries create cyber regulations affecting trade, defense, and intellectual property. This cooperation is not only important between our legislative, military, and trade representatives. It is also imperative for the private sector to be a part of the cybersecurity policy discussion, because they must often both implement government regulations policies and create the innovation that keep our nations safe and economically secure.
Erecting a firewall between policymakers and leaders of social media platforms or tech companies does not streamline or purify the process of creating cyber norms. Rather, each sector has a crucial role to play in developing cyber standards that ensure protection of democratic processes, civilian populations, critical networks, citizens’ privacy, and fair access.
The future of our societies will depend on how we can resolve these challenges of the digital age. Will we counter them with our allies in concert, fostering a vital civil society while building a strong defense? Or will we counter them alone and uncoordinated?
This core group of participants from the Bundestag, the diplomatic and defense communities, industry, and academia were united that it is essential to address these challenges together. We are indebted to each of the members of the core working group for enriching that cooperation. Our special appreciation goes to Microsoft, for partnering with us on this endeavor, and to the U.S. Embassy in Berlin and Germany’s Coordinator of Transatlantic Cooperation, Peter Beyer, MdB, for their participation and support to this German-American dialogue. It is our hope that this is just the beginning of a longer conversation among old friends resolved to defend democracy in the cybersphere.
Deepening Our Commitment to Effective and Cooperative Initiatives
Foreword by John Frank
Vice President, EU Government Affairs, Microsoft
Last November, as world leaders gathered in Paris to commemorate the 100th anniversary of the end of World War I, I was reminded of the true significance of this milestone. Trailblazers from government, industry, and civil society filled the Paris Peace Forum with bright ideas and challenging questions.
German chancellor Angela Merkel gave an impassioned speech on the merits of international cooperation and warned against the dangers of misusing technology. As Chancellor Merkel said, when it comes to war, or any type of international conflict, we all lose.
This is especially the case with conflict in cyberspace. The attacks take place via the infrastructure we all rely on and the targets are us. For governments, the victims are their citizens; for industry, they are our customers. And they call on us first when they fall victim to a cyber-attack.
As the creators and operators of much of the world’s essential infrastructure, it is industry that is the first line of defense and that helps people recover from cyber-attacks. At the same time, industry has been unduly left out of important discussions around how to prevent and mitigate against conflict in cyberspace. Preventing cyber conflict will require re-thinking traditional models of governance. It will require ushering in a new era of multistakeholder collaboration. The Cybersecurity Roundtable on Public-Private Partnerships sought to do just that: Over eight months on both sides of the Atlantic, AICGS and Microsoft brought together government, industry, and civil society actors to discuss joint solutions to cybersecurity challenges. There was an urgent reason for doing this.
In previous years, governments developed and operated the most advanced technology. Now their adoption of technology is often slower than industry. The private sector is at the heart of driving global innovation. Closer partnerships would help policymakers communicate the key threats and policy challenges they face and work with industry to develop scalable solutions to address them.
From Microsoft’s perspective, we look at the threat and policy landscape to help shape our own strategies. We endeavor to develop partnerships to provide the tools and possibilities to support our partners in industry, civil society, academia, and policymaking.
These kinds of partnerships can only be possible when industry is integrated into the process of policy analysis, diagnosis, and solution development. Digital peace cannot succeed as a purely political project. Peace must be built by all whom it protects: citizens, governments, industry, civil society, academics, and more.
Transatlantic partnership on improving stability and security in cyberspace will also be essential in the years to come. As the many authors of this report detail, cyber-enabled threats will continue to increase and target democratic processes and the technological infrastructure underlying our society. Europe has demonstrated its leadership in responding to these threats and the U.S. has also taken tremendous strides to shore up its cyber defenses and build greater resilience. However, the distance between the two shores of the Atlantic seems to have grown further apart.
As Chancellor Merkel warned in her address at the inauguration of the Paris Peace Forum, “a lack of willingness and inability to engage in dialogue are exactly what fed mistrust and the logic of war that set in motion the violent juggernaut of 1914. Lack of communication. There is a book about the First World War that refers to ‘sleepwalkers’—this was the main reason behind the collective failure that led to crisis and catastrophe.”
We must not become the sleepwalkers of our time. Instead we must deepen our commitment to effective and cooperative initiatives, bring olive branches and open minds to our dialogues, find new ways to partner across our strengths and our differences. Only then can we realistically tackle the most pressing challenges of our day.