The advance of information technology is making the complexity of cybersecurity even harder and more expensive to navigate for governments in the years to come.
What’s needed is some shape and form in the growing spaghetti junction of relationships and vulnerabilities between states, businesses, organisations and alliances.
Kenneth Geers, longtime cyber strategist, has laid out a plan for a cybersecurity alliance among two large groupings of states and partners -the EU and NATO. It’s been published by The Atlantic Council.
Both groupings, the EU and NATO, already have a world-leading track record in cybersecurity derived not just from individual states, but from collaborating bodies and working groups that involve practical cooperation in the area.
Here are four recommendations by Geers designed to encourage collaboration among EU and NATO member states:
- Increase intelligence sharing and transparency between members. This “offers strategic force multiplication that can preempt many future cyberattacks.”
- Undertake joint investigations of incidents, which allow the pooling of precious resources in a domain where physical geography or population is not the same barrier it is in the real world.
- Make joint attributions. When a name-and-shame comes “from one nation (even a great power) [it] pales in comparison to attribution from an alliance, comprising dozens of nations, many more data points as evidence, and a greater potential for concrete response.”
- Limitation of cyber espionage within EU/NATO world, which “can kill two birds with one stone: 1) build trust, and 2) isolate real adversaries.”
Geers is articulating an idea that has long been championed by former Estonian President Toomas Hendrik Ilves, who has advocated a cyber alliance of like-minded democracies.
Ilves was in office as president when Russia conducted a series of cyber attacks aimed at punishing the Baltic nation in 2007.
Separately, joint attributions are becoming more common, as we recently saw when the UK, US, Australia and Canada blamed Russian hackers for attempting to steal coronavirus research.