Transatlantic cybersecurity : Identifying the path to enhanced cyber resilience

GLOBSEC held a session on transatlantic cybersecurity on May 30, 2023, during the annual GLOBSEC Bratislava Forum. The event was attended by representatives from the private sector, government, academia, and including the members of the core committee of the GLOBSEC Initiative on the Future of Cyberspace Cooperation Michael Chertoff (Chairman, The Chertoff Group), Melissa Hathaway (President, Hathaway Global Strategies LLC), and Andrew Lee (Vice President, Government Affairs, ESET) who provided opening remarks along with Dr. Matthias Sachs (Cybersecurity Policy Lead for Google).

In the discussion led by Anushka Kaushik, Senior Research Fellow and Cyber Lead at GLOBSEC, interventions by experts were targeted at prioritising actions such as exchanging best practices and cyber threat intelligence, the need to clarify the role of the private sector in cyber conflict, and addressing aspects of how NATO Allies can improve their cyber defences. Additionally, the participants also addressed the various upcoming regulations around cybersecurity on both sides of the Atlantic and emphasised that they should be viewed as enablers rather than a hindrance to cybersecurity. There was a recognition by participants that amidst changing geopolitical circumstances, the Transatlantic community was facing a multitude of threats to the security of cyberspace but while some tools like exchanging best practices and cyber threat intelligence would be easier to implement, achieving consensus on other solutions such as joint planning with the private sector and cyber defence including deterrence strategies might be more difficult to achieve.

Some participants also emphasised the importance of not losing sight of malicious activity in cyberspace originating from other nation-states like China, North Korea, and Iran even as Russia continues to present a persistent threat. Participants agreed that from a strategic perspective, Transatlantic partners could not afford to be complacent in monitoring and responding to threats from other actors.

On the issues of strategic response and defence in cyberspace, participants highlighted the need for more clarity on the threshold within cyber-attacks that would necessitate a response by NATO under Article 5. The examples of devastating cyber-attacks suffered by Albania and Montenegro recently – both NATO members – were briefly discussed in this context. Further, some participants underlined that deliberations on a more robust response to ‘below-the-threshold’ attacks in cyberspace were needed and tools such as the EU Cyber Diplomacy Toolbox should be strengthened. Public attribution of cyber-attacks, where there has been strong coordination between the EU and the US, was also highlighted as an important tool.

A considerable part of the roundtable focused on the public-private partnership on cybersecurity and given the contributions of the private sector to Ukraine’s cyber defence, the discussion also touched upon the role of the private sector in cyber conflict. Participants emphasised that there was a lack of clarity regarding the extent of the private sector’s involvement in the geopolitical domain, despite its crucial role in defending against hostile actors. It was highlighted that this was compounded by growing threats to companies from hostile nation-states. Questions around the legal status of companies when engaged in cyber conflict and whether they would be classified as combatants were also brought up. The differing incentives between the public and private sectors to respond during cyber conflicts were also underlined as a fundamental aspect to factor in when addressing these questions.

Outcomes of the focused discussion will also be incorporated in a policy brief under the GLOBSEC Future of Cyberspace Cooperation Initiative – Transatlantic Chapter to be published soon.