Key Takeaways: Cybersecurity: a Public-Private Partnership

Monday, 4 April 2022

2:00 PM – 3:00 PM

This was an online webinar through ZOOM Platform

Context and questions 

In wake of the Russian war against Ukraine, GLOBSEC Brussels, supported by Google, hosted an online debate focusing on public-private partnerships in cybersecurity.

In a world that is more digitizing every day, cyberattacks become part of the daily lives of cybersecurity officers. Going all the way back to the 2007 denial-of-service attacks directed at Estonian infrastructure, Russia’s cyber activities have been more high-profile and deliberately publicly visible than those attributed to any other country. When security, digitalization and legislation meet, a transatlantic approach is an evident part of the solution.

Therefore, the debate revolved around the following three central questions:

• What should be necessary to include in the US-EU cybersecurity toolbox?
• How can legislators and corporations work together to better react upon cyberattacks?
• Are the cyber threats that companies and states face, the same?

Speakers:

• Artis Pabriks, Minister of Defence and Deputy Prime Minister, Latvia
• Victoria Baines, Speaker and author on cyber security, former Europol official
• Nico Lange, Special Projects, German Federal Ministry of Defence

 

Key Takeaways

• The European Union must develop its defensive capabilities in cybersecurity. However, the intricate relationship between defensive and offensive capabilities and elements of deterrence in cyber warfare and cybersecurity is changing, as the distinction between the two concepts is getting blurred.
• We must develop our defensive capabilities, which will imply a possible counterattack. This capability will simultaneously serve as a deterrence mechanism in order to prevent an attack.
• Cybersecurity in modern warfare goes hand in hand with strategic communication. Those governments that can influence the strategic communication, have an advantage in a possible conflict.
• We must not forget the importance of the contribution of the corporate sector to our domestic cybersecurity. But corporates should not become allies of autocrats – instead, they should actively support countries that are under attack.
• The relationship between private and public actors in terms of cybersecurity on a national level currently takes the form of a trust network, where private actors help to protect critical infrastructure.
• But the public-private cooperation in cybersecurity is getting more complex because of the role of global tech platforms in it. The complexity stems from their interaction with national law enforcement where they are based.  Global tech platforms are not only partners of governments but also subjected to cybersecurity regulations.
• An important role of the government in a public-private relationship on cybersecurity is education, awareness building and assistance to private actors who don’t have knowledge or resources to secure their cyberspace.
• It is furthermore clear that the transatlantic component is becoming more decisive in the regulation of the public-private relationship in cybersecurity. But we also have to work on the NATO-EU and EU-US relationship. The EU-US Trade and Technology Council is an excellent forum for this.
• To cooperate on cybersecurity in the Transatlantic framework, the role of citizens’ self-organization and NGOs becomes increasingly important.
• Private sector actors are gradually becoming supranational, as global tech platforms start playing a bigger role in the Convection on Cybercrime, going beyond national legislations.
• In terms of a common legal space for cybersecurity, one might think in concentric circles: At the centre, an enhanced EU regulatory space, then a sphere closely coordinated with the US in the transatlantic framework, and finally a global level of agreed cybersecurity rules.