Cybersecurity: all-against-all or some against others?

The advance of information technology is making the complexity of cybersecurity even harder and more expensive to navigate for governments in the years to come.

What’s needed is some shape and form in the growing spaghetti junction of relationships and vulnerabilities between states, businesses, organisations and alliances.

Kenneth Geers, longtime cyber strategist, has laid out a plan for a cybersecurity alliance among two large groupings of states and partners -the EU and NATO. It’s been published by The Atlantic Council.

Both groupings, the EU and NATO, already have a world-leading track record in cybersecurity derived not just from individual states, but from collaborating bodies and working groups that involve practical cooperation in the area.

Here are four recommendations by Geers designed to encourage collaboration among EU and NATO member states:

  • Increase intelligence sharing and transparency between members. This “offers strategic force multiplication that can preempt many future cyberattacks.”
  • Undertake joint investigations of incidents, which allow the pooling of precious resources in a domain where physical geography or population is not the same barrier it is in the real world.
  • Make joint attributions. When a name-and-shame comes “from one nation (even a great power) [it] pales in comparison to attribution from an alliance, comprising dozens of nations, many more data points as evidence, and a greater potential for concrete response.”
  • Limitation of cyber espionage within EU/NATO world, which “can kill two birds with one stone: 1) build trust, and 2) isolate real adversaries.”

Geers is articulating an idea that has long been championed by former Estonian President Toomas Hendrik Ilves, who has advocated a cyber alliance of like-minded democracies.

Ilves was in office as president when Russia conducted a series of cyber attacks aimed at punishing the Baltic nation in 2007.

Separately, joint attributions are becoming more common, as we recently saw when the UK, US, Australia and Canada blamed Russian hackers for attempting to steal coronavirus research.

Germans to beef up counterintelligence – resolution to Snowden spying revelations

(German spy: Marina Lee)

This action may mark the effective conclusion to the US-German dispute over spying, all declarations and agreements aside.

Basically, Germany will begin spying on the US and stepping up its defence from US spying. Or as the Reuters story puts it:

Germany’s domestic intelligence agency has until now only systematically observed countries of concern, while allies in the European Union and NATO were observed only if there was a concrete suspicion, such as that they were spying on Germany or recruiting spies in the country, the official said.

But given the NSA revelations, the agency will in future need to have a 360-degree view which will include friendly countries, the official said.

The US won’t be able to complain. They wouldn’t have much right to complain. The Germans, since the end of WWII (back then-the West Germans, of course) have been under a protective bubble of the US and one of these elements of the bubble was the freedom from making huge expenditures on their own security, either through the military or elsewhere.

Now Germany will have to increasingly have to bear those cost. Possibly the bigger toll may be on the slightly innocent, slightly priggish worldview many Germans have somehow maintained since reunification. Now it looks like they’re going to have to shoulder more of the costs and responsibility. But with the freedom will come a fuller self-sufficiency they haven’t had since before WWII.