Defending Democracy in the Cybersphere

Strong Democracies Need Strong Partners: Lessons from a German-American Cyber Dialogue

Foreword by Jeff Rathke

President, AICGS


On the day that President Donald Trump met with Chancellor Angela Merkel in Washington in April 2018, this Cybersecurity Roundtable on Public-Private Partnerships met in Berlin to discuss one of the most pressing issues for the transatlantic relationship. Never has it been more important for old friends to work together to defend against new threats. New cyber intrusions affecting government networks or critical infrastructure highlight the urgency of this issue, but it is equally crucial for the U.S. and Germany to develop an effective, coordinated cyber strategy to keep our democracies strong and protect the integrity of our public discourse.

Over the course of eight months, this German-American working group met in Berlin, Washington, and Brussels to foster a dialogue on an expanding scope of cyber issues. The conversation varied from strengthening early warning and protection against malicious cyber intrusions, to strengthening cooperation and streamlining the methodology for more accurate attribution of cyberattacks. With the upcoming elections in the European Parliament this May, and the United States presidential cycle already beginning, talks on how to ensure election infrastructure is secure and how to make publics aware of misleading information operations were especially important for the working group.

Because the cybersphere cannot be divided along national boundaries, there is a growing awareness of the need to act in concert with partners as our countries create cyber regulations affecting trade, defense, and intellectual property. This cooperation is not only important between our legislative, military, and trade representatives. It is also imperative for the private sector to be a part of the cybersecurity policy discussion, because they must often both implement government regulations policies and create the innovation that keep our nations safe and economically secure.

Erecting a firewall between policymakers and leaders of social media platforms or tech companies does not streamline or purify the process of creating cyber norms. Rather, each sector has a crucial role to play in developing cyber standards that ensure protection of democratic processes, civilian populations, critical networks, citizens’ privacy, and fair access.

The future of our societies will depend on how we can resolve these challenges of the digital age. Will we counter them with our allies in concert, fostering a vital civil society while building a strong defense? Or will we counter them alone and uncoordinated?

This core group of participants from the Bundestag, the diplomatic and defense communities, industry, and academia were united that it is essential to address these challenges together. We are indebted to each of the members of the core working group for enriching that cooperation. Our special appreciation goes to Microsoft, for partnering with us on this endeavor, and to the U.S. Embassy in Berlin and Germany’s Coordinator of Transatlantic Cooperation, Peter Beyer, MdB, for their participation and support to this German-American dialogue. It is our hope that this is just the beginning of a longer conversation among old friends resolved to defend democracy in the cybersphere.


Essays





Deepening Our Commitment to Effective and Cooperative Initiatives

Foreword by John Frank

Vice President, EU Government Affairs, Microsoft


Last November, as world leaders gathered in Paris to commemorate the 100th anniversary of the end of World War I, I was reminded of the true significance of this milestone. Trailblazers from government, industry, and civil society filled the Paris Peace Forum with bright ideas and challenging questions.

German chancellor Angela Merkel gave an impassioned speech on the merits of international cooperation and warned against the dangers of misusing technology. As Chancellor Merkel said, when it comes to war, or any type of international conflict, we all lose.

This is especially the case with conflict in cyberspace. The attacks take place via the infrastructure we all rely on and the targets are us. For governments, the victims are their citizens; for industry, they are our customers. And they call on us first when they fall victim to a cyber-attack.

As the creators and operators of much of the world’s essential infrastructure, it is industry that is the first line of defense and that helps people recover from cyber-attacks. At the same time, industry has been unduly left out of important discussions around how to prevent and mitigate against conflict in cyberspace. Preventing cyber conflict will require re-thinking traditional models of governance. It will require ushering in a new era of multistakeholder collaboration. The Cybersecurity Roundtable on Public-Private Partnerships sought to do just that: Over eight months on both sides of the Atlantic, AICGS and Microsoft brought together government, industry, and civil society actors to discuss joint solutions to cybersecurity challenges. There was an urgent reason for doing this.

In previous years, governments developed and operated the most advanced technology. Now their adoption of technology is often slower than industry. The private sector is at the heart of driving global innovation. Closer partnerships would help policymakers communicate the key threats and policy challenges they face and work with industry to develop scalable solutions to address them.

From Microsoft’s perspective, we look at the threat and policy landscape to help shape our own strategies. We endeavor to develop partnerships to provide the tools and possibilities to support our partners in industry, civil society, academia, and policymaking.

These kinds of partnerships can only be possible when industry is integrated into the process of policy analysis, diagnosis, and solution development. Digital peace cannot succeed as a purely political project. Peace must be built by all whom it protects: citizens, governments, industry, civil society, academics, and more.

Transatlantic partnership on improving stability and security in cyberspace will also be essential in the years to come. As the many authors of this report detail, cyber-enabled threats will continue to increase and target democratic processes and the technological infrastructure underlying our society. Europe has demonstrated its leadership in responding to these threats and the U.S. has also taken tremendous strides to shore up its cyber defenses and build greater resilience. However, the distance between the two shores of the Atlantic seems to have grown further apart.

As Chancellor Merkel warned in her address at the inauguration of the Paris Peace Forum, “a lack of willingness and inability to engage in dialogue are exactly what fed mistrust and the logic of war that set in motion the violent juggernaut of 1914. Lack of communication. There is a book about the First World War that refers to ‘sleepwalkers’—this was the main reason behind the collective failure that led to crisis and catastrophe.”

We must not become the sleepwalkers of our time. Instead we must deepen our commitment to effective and cooperative initiatives, bring olive branches and open minds to our dialogues, find new ways to partner across our strengths and our differences. Only then can we realistically tackle the most pressing challenges of our day.

The views expressed are those of the author(s) alone. They do not necessarily reflect the views of the American Institute for Contemporary German Studies.

Alexander Szanto

Brandenburg Institute for Society and Security (BIGS)

Alexander Szanto is a Cybersecurity Junior Research Fellow at the Brandenburg Institute for Society and Security (BIGS). He contributes primarily to the research project HERMENEUT, which assesses various organizations’ vulnerabilities and their corresponding at-risk assets, focusing on economic issues of cybersecurity.

Alexander studied European Studies at the University of Maastricht and as part of his studies he spent a semester abroad at the Sciences Po in Paris with a focus on International Relations. He subsequently earned a master’s degree in Intelligence and International Security, concentrating in Cybersecurity and Political Developments in the Middle East post-1945 in the War Studies Department of King’s College in London.

Prior to joining BIGS, Alexander Szanto worked in the State Parliament of North Rhine-Westphalia in Düsseldorf, where he provided research and advice on digital politics and domestic security policy.

Camille Stewart

New America Cyber Policy Fellow

Camille Stewart is a cyber and technology attorney with substantial business, legal, and policy experience bringing specialized cross-cutting perspective to bear on complex technology, cyber, national security, and foreign policy issues. Camille served as the Senior Policy Advisor for Cyber Infrastructure & Resilience Policy at the Department of Homeland Security in the Obama administration focusing on a number of domestic and international cyber and technology law and policy issues. Ms. Stewart is a New America Cyber Policy Fellow, Truman National Security Fellow, and Council on Foreign Relations Term Member. Camille is leading a project with the Transformative Cyber Innovation Lab (TCIL) to explore technology leakage through the courts. She also sits on the Advisory Board for Women of Color Advancing Peace & Security where she leads a working group exploring the impact of cybersecurity and emerging technology on communities of color. Learn more about Camille's current projects at www.CamilleStewart.com.

Jeffrey Rathke

Jeff Rathke

President of AICGS

Jeffrey Rathke is the President of the American Institute for Contemporary German Studies at the Johns Hopkins University in Washington, DC.

Prior to joining AICGS, Jeff was a senior fellow and deputy director of the Europe Program at CSIS, where his work focused on transatlantic relations and U.S. security and defense policy. Jeff joined CSIS in 2015 from the State Department, after a 24-year career as a Foreign Service Officer, dedicated primarily to U.S. relations with Europe. He was director of the State Department Press Office from 2014 to 2015, briefing the State Department press corps and managing the Department's engagement with U.S. print and electronic media. Jeff led the political section of the U.S. Embassy in Kuala Lumpur from 2011 to 2014. Prior to that, he was deputy chief of staff to the NATO Secretary General in Brussels. He also served in Berlin as minister-counselor for political affairs (2006–2009), his second tour of duty in Germany. His Washington assignments have included deputy director of the Office of European Security and Political Affairs and duty officer in the White House Situation Room and State Department Operations Center.

Mr. Rathke was a Weinberg Fellow at Princeton University (2003–2004), winning the Master’s in Public Policy Prize. He also served at U.S. Embassies in Dublin, Moscow, and Riga, which he helped open after the collapse of the Soviet Union. Mr. Rathke has been awarded national honors by Estonia, Latvia, and Lithuania, as well as several State Department awards. He holds an M.P.P. degree from Princeton University and B.A. and B.S. degrees from Cornell University. He speaks German, Russian, and Latvian.

John Frank

Microsoft

John Frank is Microsoft's Vice President, EU Government Affairs. In this role, John leads Microsoft’s government affairs teams in Brussels and European national capitals on EU issues.

Mr. Frank was previously Vice President, Deputy General Counsel and Chief of Staff for Microsoft President and Chief Legal Officer Brad Smith based at Microsoft’s corporate headquarters in Redmond Washington. In this role, he managed several teams including the Law Enforcement and National Security team, the Industry Affairs group, Corporate, Competition Law, and Privacy Compliance teams and the department’s technology and business operations team.

For his first eight years at Microsoft, John was based at Microsoft’s European headquarters in Paris. Initially he was responsible for the legal and regulatory issues involved in the launch of the Microsoft Network (now MSN). From 1996 to 2002, Mr. Frank led Microsoft’s Legal and Corporate Affairs group for Europe, Middle East, and Africa focusing on issues including privacy, security, consumer protection, and antitrust. Mr. Frank began the company’s European Government Affairs program, which focused on advocacy on software and online policy issues.

Prior to joining Microsoft, John Frank practiced law in San Francisco with Skadden, Arps, Slate, Meagher & Flom. Mr. Frank received his A.B. degree from the Woodrow Wilson School of Public and International Affairs at Princeton University and his J.D. from Columbia Law School.

Nad'a Kovalcikova

Alliance for Securing Democracy

Nad’a Kovalcikova is a program manager at the Alliance for Securing Democracy in GMF's Brussels office. While working on ASD’s European outreach, she also focuses on transatlantic cooperation, NATO, EU-U.S. relations, and emerging security challenges. In addition, she analyzes information operations, efforts to counter disinformation, and threats to democracy. She has developed her expertise through working at NATO, the European Parliament, French and Canadian embassies, American Field Service, and several NGO and think thank projects in Belgium, Canada, France, and Slovakia. Nad’a Kovalcikova obtained her PhD in international relations with a focus on security threats, and master’s degrees in politics and government, European affairs, and international economic relations. In addition to being a native speaker of Slovak, she is fluent in English, French, and Czech, speaks Spanish, and has a basic knowledge of German.

Nemanja Malisevic

Microsoft

Nemanja Malisevic joined Microsoft in 2014. Until recently he led the work of the Digital Diplomacy Team in Germany. Since the launch of Microsoft’s Defending Democracy Program (DDP), he has shifted his focus to leading the international DDP engagements. He is also very actively involved in Microsoft efforts related to cybersecurity norms.

Prior to joining Microsoft, Mr. Malisevic worked more than 10 years for the Organization for Security and Co-operation in Europe (OSCE), where he was the Organization’s first Cyber Security Officer. In this capacity he was deeply involved in the negotiation of the first set of OSCE cyber/ICT security related confidence building measures (CBMs), adopted in December 2013. Before that, he led the Organization’s efforts dealing with combating terrorist use of the Internet.

Mr. Malisevic holds a bachelor’s degree (BA) from the University of Wales (Cardiff, UK) and a master’s degree (M.Litt.) from the University of St. Andrews (St. Andrews, UK).

Sarah Lohmann

Sarah Lohmann

AICGS Senior Cyber Fellow

Dr. Sarah Lohmann is currently the Senior Cyber Fellow with the American Institute for Contemporary German Studies at Johns Hopkins University. She manages projects which aim to increase agreement between Germany and the United States on improving cybersecurity and creating cybernorms. Since 2010, Dr. Lohmann has served as a university instructor at the Universität der Bundeswehr, where she is currently teaching cybersecurity policy. She achieved her doctorate in political science there in 2013, when she became a senior researcher working for the political science department.

Prior to her tenure at the Universität der Bundeswehr, Dr. Lohmann was a press spokesman for the U.S. Department of State for human rights as well as for the Bureau of Near Eastern Affairs (MEPI). Before her government service, she was a journalist. She has been published in multiple books and written over a thousand articles in international press outlets. Her current areas of research include cybersecurity as it relates to election security, national security, transatlantic relations, energy, international law, and big data. She is a public speaker in international forums on issues of cyber security, defense, and transatlantic relations.

Stefan Heumann

Stiftung Neue Verantwortung

Stefan Heumann is Co-Director of Stiftung Neue Verantwortung (SNV), a nonprofit think tank working on the intersection of technology and public policy based in Berlin. He has worked and published on a wide range of issues at the intersection of technology and public policy. His opinion pieces and commentary have appeared in German and international media outlets such as The New York Times, Financial Times, Politico, The Economist, Süddeutsche Zeitung, and Spiegel Online. Stefan Heumann is a member of the German Parliament’s Expert Commission on Artificial Intelligence. He is also a member of the advisory board of technology policy assessment of the German National Academy of Science and Engineering (acatech). Stefan holds a PhD in political science from the University of Pennsylvania.

Tim Stuchtey

Brandenburg Institute for Society and Security

Dr. Tim H. Stuchtey is the executive director of the Brandenburgisches Institut für Gesellschaft und Sicherheit (BIGS), a homeland security think-tank based in Potsdam, Germany. He is also a Non-Resident Fellow at AICGS and has served as Director of the Business & Economics Program. He works on various issues concerning economic policy, the economy of security, the classic German ‘Ordnungspolitik,’ and the economics of higher education.

Dr. Stuchtey studied economics with a major in international trade and international management and graduated in 1995 from the Westfälische Wilhelms-Universität in Münster. In 2001 he earned a Ph.D. from the Technische Universität Berlin in economics, which he obtained for his work in public finance and higher education policy. He worked as an economist for the German Employers Association and as a university administrator both at Technische and Humboldt-Universität Berlin. He was also the managing director for the Humboldt Institution on Transatlantic Issues, a Berlin-based think tank affiliated with Humboldt-Universität.

He has published a number of articles, working papers, and books on the security industry, homeland and cybersecurity issues, higher education governance and finance and on other questions of the so-called ‘Ordnungspolitik.’

Ulrik Trolle Smed

European Political Strategy Centre

Ulrik Trolle Smed is a Policy Analyst at the European Political Strategy Centre with focus on foreign, security, and defense affairs. He has a special interest in European sovereignty and advises on hybrid threats and interference in democracies as well as EU-NATO cooperation and European defense initiatives.

Prior to joining the EPSC, Ulrik was Head of Section for the Sahel region with the Africa Department at the Danish Ministry of Foreign Affairs. Earlier, he was Research Assistant at the Centre for Military Studies at the University of Copenhagen with a focus on maritime security and development in Africa. Ulrik is also an active member of the Youth Atlantic Treaty Association.

Mr. Smed graduated from University of Copenhagen with an MSc and BSc in Political Science with a focus on international security and studied intelligence and diplomacy as a Visiting Student at Boston University. During his studies, Ulrik also worked as think tank liaison and defense policy trainee at the Danish Embassy to the United States in Washington, DC.

Volkmar Lotz

SAP

Volkmar Lotz is Senior Manager and Chief Research Strategist at SAP. He has more than 25 years’ experience in industrial research on Security and Software Engineering. He is Strategy Lead for Product Security Research, specializing on Security Risk Management, Software Security, Threat Analysis, and IoT security. He defines and executes SAP's security research agenda in alignment with SAP's business strategy and global research trends.

Mr. Lotz has published numerous scientific papers in his area of interest and is regularly serving on Program Committees of internationally renowned conferences. He has supervised various European projects, including large-scale integrated projects. Volkmar holds a diploma in Computer Science from the University of Kaiserslautern.