The strength of our society rests on the strength of our IT. In a world where everything is connected—phones, cars, houses, electric grids, supermarkets, hospitals, financial systems and satellites—everything can be disrupted, if not destroyed. For several years, cyber threats have featured at the top of the risk assessments of government ministers, diplomats, intelligence officials and military leaders. What is missing in these debates is a grand strategic vision. Cyber diplomacy and cyber defense should become the bread and butter of our foreign and security policy debates.
The article is taken from a talk given to EU Foreign Ministers. It is geared toward the political and legal. The overuse of “cyber-” to an extent I haven’t seen in a long time removes much of the import at first glance. As it is, the presentation doesn’t say much particularly new.
However, the presentation restates some excellent points:
- How do and which legal frameworks apply?
- How do sovereign and international laws apply?
- What is the role of attribution?
- How do political and military organizations work together?
None are addressed particularly well. Far from a criticism, I like this talk because it brings these points up again without prescription.
The oddball bit, in a good way, is the section titled “Cyber Security Exercises”.
Let me be plain: I STRONGLY agree with this. I think the talk provides an excellent prescription:
What is important here is that cyber exercises should not be the playground of only the ministers of defence. Cyber security and cyber defence go beyond the military community boundaries. Thus, cyber security should also be exercised by other ministers, including the ministers of foreign affairs, as most real world crisis in the future will have cyber components, to which political and diplomatic response will be required in addition to technical response.
Yes! Ministers and Departments and every other governmental organization needs to take responsibility for their own security and not passively wait for law enforcement, military, or intelligence agencies to do it for them.
As digital is the new normal, there are boundaries of acceptable state behaviour in cyberspace, just as there are everywhere else. States have to be clear about how international law obligations bind us. Each of our like-minded nations individually should be open and clear in setting out the rules it feels bound by. Staying silent means accepting that cyberspace is a grey area and a dangerous place. We must not allow that to happen – we should work together and take united steps to ensure that future generations do not question why nothing was done when so much was at stake.
As skeptical as I am about governments’ ability to do much of anything, I am open to being surprised by something that balances security, privacy, civil liberties & freedoms, and business needs.