The EU and US recently launched a Working Group on Cyber-security and Cyber-crime to increase transatlantic cooperation in this area. Improving EU & US Cyber-security will require defining political priorities and an important collaboration between the public and private sectors. An EIF debate on this topic was hosted on 13 April.
The growing sophistication of cyber threats and the interconnected nature of the Internet put cyber-security beyond the reach of any single government or organization. A successful transatlantic strategy therefore needs synergies but the parties involved need to speak with one voice. Something that is not (yet) the case according to Mr. Bell, Secretary of Defense Representative, Europe & Defense Advisor, at the U.S. Mission to NATO.
In November 2010 there were two summits in Lisbon (out of 4) that talked about cyber security. There was a US-EU Summit and a NATO summit. The US-EU summit agreed amongst other things to set up a cyber security and cyber crime working-group to coordinate regional exercises on cyber attacks and disruptions in both the US and the EU. The press release of that summit mentioned the adoption of principles to agree a stable Internet and to develop further global outreach by 2013. However, that release did not (as the US had hoped) refer to NATO cooperation on cyber security.
On the same day, NATO published a press release stating a new mission statement with significant emphasis placed on cyber security and defense, and speeding up the implementation of getting its own command structure in order. The NATO command structure however is dependent on critical infrastructure in host nations (if you have a NATO base in Italy you do not want it to be possible for that base to be shut down via a cyber attack). As such, the NATO declaration specifically mentions that it is "imperative" that NATO co-operates as closely as possible with the EU.
Mr. Bell highlighted this contradiction between the two declarations from the EU and the one from NATO. He strongly recommends to bridge this gap before working group meetings between the US and the EU start in June of this year, and with good reason.
Reaching out to NATO has important advantages for a coordinated approach to cyber security. NATO has been in the security standards business from the beginning (think cold war days). Now that modern warfare has become network enabled and even network centric, the focus of NATO's interoperability has shifted to commercially available technologies that allow NATO to work much more effectively and efficiently. Working together with NATO as such would therefore create economies of scale and of interoperable security networks between all partners.
For instance, the cooperation in Afghanistan between NATO and the US includes the participation of 4 EU Member States that are not a member of NATO (Sweden, Finland, Ireland, Austria). These Member States do participate in the information sharing via networks used for intelligence sharing that are protected against cyber attacks. As such there are common interests at the heart of protecting critical infrastructure of which all partners would benefit.
In addition, it is important to highlight that public-private sector cooperation has become a critical element of a successful cyber security approach, as highlighted by Eric Loeb, Vice President International, External and Regulatory Affairs at AT&T. Collaboration is no longer an option but a clear necessity because of the global nature of the challenges we face. Modern cyber security therefore must bridge the gaps between all strategic partners involved to be successful.