Summary
Disruptive cyberattacks cost the world €235bn in 2017 and increasingly threaten our lives and societies at every level. Malicious software attacks regularly make headlines, bringing chaos and financial calamity to states, business and society. This was the conclusion of Friends of Europe’s Policy Insight debate ‘Building cyber resilience: aligning strategies and increasing cooperation’ on 6 November, the third and final in a series of events on resilience. Indeed, the collateral damage from a cyberattack “can be massively greater than the impact on those who were directly targeted,” underscored Jamie Shea, Senior Fellow at Friends of Europe and Former Deputy Assistant Secretary General for Emerging Security Challenges at NATO (2010-2018).
With a litany of cyber hacks affecting the EU and NATO, the two organisations are developing their toolboxes to respond to malicious actors including through active cyber measures. But can such responses truly secure Europe’s cyber-domain, given the new threats emerging with technologies like 5G?
Some states such as Estonia, one of the most connected and digitally advanced in Europe, dodged the NotPetya ransomware attack “because Estonian organisations were so resilient that the prevention work was so good,” explained Heli Tiirmaa-Klaar, Estonian Ambassador for Cyber Security.
International organisations like NATO and the EU are strengthening their cyber defence operations and capabilities. In 2016, NATO signed a Technical Arrangement on cyber-defence cooperation with the EU, while NATO Allies made a Cyber Defence Pledge to enhance their cyber-defences and putting “cyber into the operational domain,” said Sorin Ducaru, Chairman of the NATO Secretary-General’s Senior Advisory Board for the Functional Review of the NATO Headquarters & Trustee of Friends of Europe.
The EU boasts a playbook of cyber-defence measures. They include the €13bn European Defence Fund, a network of computer security incident response teams and the EU Cyber Rapid Response Force teams launched under PESCO. There is also new EU-wide legislation on cyber-security, plus a commitment to better educate and train Europeans to fend off cyber-threats. Vivian Loonela, Member of Cabinet of Commissioner Andrus Ansip added that the EU “should put in place the right and good software and hardware to have the technological capabilities”.
Businesses like British Telecoms (BT), are also more focused on securing networks. For the wider good, they happily share information on cyberattacks with competitors and intelligence agencies. Many companies pin their hopes on “security-by-design” products which are becoming mandatory soon. The key thing, explained Ruth Davis, Head of Commercial Strategy and Public Policy at BT Security, “for getting secure by design is creating a market for it … and to achieve that is through educating the consumer market better”. Cloud services, artificial intelligence and quantum computing are here today, or at least right around the corner. These technologies can be vectors for further cyberattacks, and they also constitute a promise welcome in the array of cyber solutions, such as stronger encryption.
The event further elaborated on the recommendation to build a more effective and credible cyber-deterrence framework, which resulted from Friends of Europe’s global online brainstorm, Debating Security Plus.
About
Disruptive cyberattacks are increasingly frequent and threaten all levels of states and societies. The WannaCry and the NotPetya attacks which cost hundreds of millions of dollars in corporate losses are just two recent examples of the havoc caused by such malicious assaults. Deterrence and resilience are the key to being able to withstand, recover and respond to such practices. Whilst cyber defence remains a core competence of EU and NATO members, the transnational nature of cyber-threats demands strategic, coordinated and complementary responses by both organisations.
Part of Friends of Europe’s Peace, Security and Defence Programme, this event builds on our series of debates on resilience, which aims to develop, foster and promote building resilience into systems, policies and approaches that enables states and societies to withstand, adapt, recover and respond to shocks and crises. Our work is firmly anchored in our expertise in a range of fields, including energy and climate change, geopolitics, international development, migration and health. We seek a holistic approach to European, transatlantic and global security policies. Security considerations are, in turn, mainstreamed into these areas of expertise, enriching the debate by encouraging experts to think outside their comfort zones.
IMAGE CREDIT: Bigstock
Schedule
Disruptive cyberattacks are increasingly frequent and threaten all levels of states and societies. The WannaCry ransomware attack which affected 300,000 computers across 150 countries and caused chaos in the UK’s National Health Service hospitals and the NotPetya attack which cost hundreds of millions of dollars in corporate losses are just two recent examples of the havoc caused by such malicious assaults. Deterrence and resilience are the key to being able to withstand, recover and respond to such practices.
Whilst cyber defence remains a core competence of EU and NATO members, as recognised in the 2016 Warsaw Joint Declaration, the transnational nature of cyber-threats demand strategic, coordinated and complementary responses by both organisations. The EU’s playbook—a compilation of measures the EU can take in response to a cyberattack— could provide NATO with inspiration to develop its own blueprint but questions remains over how NATO should respond when the attack does not meet criteria set by Article 5 of the Alliance. The EU and NATO already run coordinated exercises ranging from prevention, crisis management and recovery. However, is this cooperation now mature enough to enable both organisations to make a comprehensive contribution to cybersecurity and are international norms required to govern conduct in cyberspace?
- What type of responses have thus far been useful in deterring future cyber attacks? Has the EU reached any initial conclusions as to the effectiveness of its playbook?
- How can governments, in partnership with the private sector, speed up work on the technical developments needed to attribute cyber-attacks faster and more accurately?
- What impact have EU and NATO cyber defence initiatives, including the NATO cyber defence pledge and the EU NIS Directive, had on building up the resilience of national systems?
Speakers
Ruth Davis
Head of Commercial Strategy and Public Policy at BT Security
Sorin Ducaru
Director of the European Union Satellite Centre (SatCen), former assistant secretary-general for emerging security challenges at NATO and Trustee of Friends of Europe
Vivian Loonela
Member of Cabinet of Andrus Ansip, Vice-President for the Digital Single Market at the European Commission
Heli Tiirmaa-Klaar
Ambassador at Large for Cyber Diplomacy at the Estonian Ministry of Foreign Affairs
Moderator
Jamie Shea
Senior Fellow for Peace, Security and Defence at Friends of Europe, and former Deputy Assistant Secretary General for Emerging Security Challenges at the North Atlantic Treaty Organization (NATO)
Speakers
Ruth Davis
Show more information on Ruth Davis
Head of Commercial Strategy and Public Policy at BT Security
As head of cyber security at BT Security, Ruth Davis leads on commercial strategy and public policy where she specialises in developing BT’s public-private partnerships especially with the UK Government. Her career spans both business and politics, where she has previously worked for Deloitte, techUK and the Home Affairs Select Committee. She is a regular speaker and panelist and has participated in events at the World Economic Forum, OECD and the UN. She is recognised by the industry as one of the Top 20 influential women in cyber security in the UK and has recently won the 2018 ISG Paragon ‘Woman in Technology’ award for the EMEA region.
Sorin Ducaru
Show more information on Sorin Ducaru
Director of the European Union Satellite Centre (SatCen), former assistant secretary-general for emerging security challenges at NATO and Trustee of Friends of Europe
Sorin Ducaru is a Romanian diplomat with longstanding experience in transatlantic and international relations. His expertise lies in emerging security challenges and the impact of new technologies on security. He previously served as NATO’s assistant secretary-general for emerging security challenges and chaired the cyber defence committee, leading the alliance’s work on cyber policy development and implementation. Ducaru now chairs the Secretary-General’s Senior Advisory Board for the review of the NATO Headquarters. He is also a Senior Fellow at the Hudson Institute and a Special Advisor to the Global Commission on the Stability of Cyberspace, which works to develop norms and policies for the security and stability of cyberspace.
Vivian Loonela
Show more information on Vivian Loonela
Member of Cabinet of Andrus Ansip, Vice-President for the Digital Single Market at the European Commission
As a member of Commissioner Ansip’s cabinet, Vivian Loonela is responsible for cybersecurity, digital for development, and the Digital Single Market’s global outreach. She has previously led the sector for international data protection issues at DG Justice and Home Affairs, focusing on the negotiations with the United States on the Privacy Shield/Safe Harbour and the Umbrella agreement. During her time at DG Justice, she also covered transatlantic relations and counter-terrorism. She has previously worked at the Estonian Ministry of Foreign Affairs and the Permanent Representation of Estonia to NATO.
Jamie Shea
Show more information on Jamie Shea
Senior Fellow for Peace, Security and Defence at Friends of Europe, and former Deputy Assistant Secretary General for Emerging Security Challenges at the North Atlantic Treaty Organization (NATO)
Retiring from NATO in September 2018 after 38 years at the organisation, Jamie Shea has occupied a number of senior positions at NATO across a wide range of areas, including external relations, press and media, and policy planning. As NATO’s spokesperson, he was the face of the alliance during the Bosnia and Kosovo conflicts. He later worked as the director of policy planning in the private office of former secretary general Rasmussen during the preparation of NATO’s 2010 Strategic Concept. Shea is also a regular lecturer and conference speaker on NATO and European security affairs.
Heli Tiirmaa-Klaar
Show more information on Heli Tiirmaa-Klaar
Ambassador at Large for Cyber Diplomacy at the Estonian Ministry of Foreign Affairs
In her current position, Heli Tiirmaa-Klaar is responsible for developing Estonia’s foreign policy on cyber security, ensuring its coordinated implementation, representing Estonia in international organisations and contributing to international cooperation in the field. Tiirmaa-Klaar has worked on cyber security in Estonia, the EU and NATO for more than a decade, having previously coordinated the implementation of Estonia’s cyber security strategy; served as a NATO cyber security policy advisor to develop the NATO cyber defence policy and action plan; and coordinated external cyber relations at the European External Action Service.
Partners
Coorganized with
Activities
Ukraine's future: a discussion on a just and lasting peace
Past event In person
- Area of Expertise
- Peace, Security & Defence
Three years of courage: navigating Ukraine’s future and the road to peace
Past event Online
- Area of Expertise
- Peace, Security & Defence
Discussion on the EU priorities for Ukraine's support
Past event In person
- Area of Expertise
- Peace, Security & Defence
EU-Western Balkans Summit: a renewed approach to the region
Past event In Person & Livestreamed
- Area of Expertise
- Peace, Security & Defence
The US-Russia bromance: the triumph of hope over experience?
- Category
- #CriticalThinking
- Author
- By Jamie Shea
Trump hasn't left NATO, instead he's trashed it
- Category
- Frankly Speaking
- Author
- By Giles Merritt
Ukraine: the art of the deal – Is Europe in?
- Category
- #CriticalThinking
- Author
- By Michael Ryan & Valbona Zeneli
Do not normalise the war: commemorating three years of Ukrainian courage
- Category
- News
- Area of Expertise
- Peace, Security & Defence
- Area of Expertise
- Peace, Security & Defence
- Area of Expertise
- Peace, Security & Defence
- Area of Expertise
- Peace, Security & Defence
- Area of Expertise
- Peace, Security & Defence
Continue
the debate on
- Debating Europe
