Wednesday

26th Jul 2017

Opinion

EU cyber diplomacy requires more commitment

  • Europe needs to join together in "cyber solidarity" to deter cyberattacks. (Photo: European Commission)

The awareness of the damaging impact of cyber-attacks is growing globally, due to a quickly expanding list of actual examples – from cyberattacks on the Ukrainian electricity grid and the digital manipulation of the presidential elections in the US, to the global ransomware attacks in the past few months.

The recently published European Commission reflection paper – on the future of European defence – summaries the current challenge very well: Europe must have a stronger deterrent against cyberattacks.

How to prevent fast-evolving and ever more damaging cyberattacks is, as yet, an unanswered question.

Of course, prevention starts with basic "cyber-hygiene", such as by updating software and installing appropriate security tools in ICT networks, but that is not enough. Hackers will always find ways to exploit computer codes, circumventing security measures.

It is important to take into account that cyber security is not only a matter of technical measures, but also of high politics – closely linked to the international political and strategic context.

The current “political cyber playbook” is still a slim volume, but it expands daily as parts of the world move towards greater strategic use of cyber weapons to persuade their adversaries to change their behaviour.

Recent history shows that cyber criminals are a big global problem, but that states are responsible for developing the most powerful cyber weapons (or exploiting bugs in computer codes).

Recent failures

Only state actors (or state-supported ones) have enough financial and human capacity to invest in developing the most powerful cyber weapons. Unfortunately, however, efforts to contain aggressive behaviour of states in cyberspace, by developing international norm-setting through the United Nations, have recently failed.

Without any common rules of behaviour, states can also rely on the deterrence of cyber-attacks. This can be done by promising military retaliation, like the United Kingdom threatened with air strikes against cyber-attackers, or by more peaceful diplomatic instruments.

Resilience is also emphasised when strengthening cyber deterrence.

The EU launched an interesting initiative in this context on 19 June. It announced that it would start developing what is called a "Cyber Diplomatic Toolbox" – a framework for joint EU diplomatic responses to malicious cyber activities.

Although it is not specified what exactly the instruments in this diplomatic toolbox will be, the decision refers to "measures within the Common Foreign and Security Policy" (CFSP) and the wording "restrictive measures" being used.

Next to the common diplomatic tools, such as making statements of condemnation, summoning ambassadors, or declaring diplomats persona-non-grata, this means that there can be serious a consideration of political and economic sanctions against any adversary attacking EU member states in cyberspace.

These kinds of diplomatic retaliation tools may function as a deterrent, making malicious cyber operations less anonymous and risk-free, while also bringing with them little danger of immediate escalation.

Five questions

The initiative is a valuable development and it should be supported in EU member states. But it also raises five questions which have to considered.

First, a big problem is that EU countries differ in their level of cyber-readiness. This makes it difficult to carry out the principle of operational solidarity – that the member states would really be willing to support each other and, in particular, be able to execute a joint EU diplomatic response.

Stronger political commitment on improving the level of cyber-readiness is needed in several EU member states. Otherwise, “the cyber solidarity” is weakened and the joint response is harder to carry out – and the deterrent effect does not work.

Second, diplomatic means to respond are important, but it should not be forgotten that there are many other options to respond too.

It is said that a state can respond using at least four instruments: diplomatic, informational, military, and economic. Policymakers need to consider the full range of responses at their disposal: from a quiet, diplomatic rebuke, to a full military strike.

Sometimes the diplomatic response is not enough, especially if the impacts of cyberattacks are severe. An EU comprehensive framework, with different ways to respond (more than just diplomatic tools), is needed.

Third, even if the EU member states agree with the content of the “Cyber Diplomatic Toolbox”, there have to be political processes and decisiveness to implement it concretely when a member state is hit by a cyber-attack. Joint political will to respond needs to be discussed thoroughly in advance and it is good to exercise it too.

Fourth, countering hybrid threats is a European priority, and the role of cyber operations in hybrid warfare is increasing.

However, there usually are no “cyber-only” operations and hybrid warfare is characterised by the tailored use of all instruments of power (including cyber) against the vulnerabilities of the opponent’s systems. Therefore, only creating diplomatic response tools against cyber-attacks is not enough.

Most probably, there will be other influencing instruments used simultaneously, and they must be taken into consideration when deciding on the response as well. Cyber hostilities should not be separated from the hybrid warfare context.

Fifth, in order to succeed in using the Cyber Diplomatic Toolbox, the EU must strengthen its capabilities to be able to attribute the attacker better, improve the European cybersecurity industry and increase the multidisciplinary cybersecurity research in Europe.

If the EU does not possess strong cyber capabilities and understanding, then the diplomatic toolbox is likely to be relatively useless.

The cyber threats that Europe faces can only be tackled by working together.

The initiative of the Cyber Diplomatic Toolbox may open a new and important page in European cyber deterrence, but only if it is supported by a strong political commitment, and if the broader context is understood.

Jarno Limnéll is a professor of cybersecurity at the Aalto University, Finland. Sico van der Meer is a Research Fellow at the Netherlands Institute of International Relations ‘Clingendael’.

Investigation

French election faces high cyber threat

French president Francois Hollande has called for "all necessary means" to be used to fend off cyber attacks ahead of the presidential election in April and May. But political parties are still vulnerable.

Stronger EU-Egypt ties must not disregard human rights

The EU’s apparent willingness to water down its stance on human rights in Egypt could seriously compromise its credibility and have far-reaching consequences for its relations with other countries in the region.

Winter is here for Spitzenkandidat, but he'll survive

Candidates from all political families should be presenting their vision on where the Union should be headed. European socialists want to keep the Spitzenkandidat procedure for future elections.

Stronger EU-Egypt ties must not disregard human rights

The EU’s apparent willingness to water down its stance on human rights in Egypt could seriously compromise its credibility and have far-reaching consequences for its relations with other countries in the region.

Stakeholders' Highlights

  1. EU2017EELocal Leaders Push for Local and Regional Targets to Address Climate Change
  2. European Healthy Lifestyle AllianceMore Women Than Men Have Died From Heart Disease in Past 30 Years
  3. European Jewish CongressJean-Marie Le Pen Faces Trial for Oven Comments About Jewish Singer
  4. ACCAAnnounces Belt & Road Research at Shanghai Conference
  5. ECPAFood waste in the field can double without crop protection. #WithOrWithout #pesticides
  6. EU2017EEEstonia Allocates €1 Million to Alleviate Migratory Pressure From Libya in Italy
  7. Dialogue PlatformFethullah Gulen's Message on the Anniversary of the Coup Attempt in Turkey
  8. Martens CentreWeeding out Fake News: An Approach to Social Media Regulation
  9. European Jewish CongressEJC Concerned by Normalisation of Antisemitic Tropes in Hungary
  10. Counter BalanceOut for Summer Episode 1: How the EIB Sweeps a Development Fiasco Under the Rug
  11. CESICESI to Participate in Sectoral Social Dialogue Committee on Postal Services
  12. ILGA-EuropeMalta Keeps on Rocking: Marriage Equality on Its Way

Stakeholders' Highlights

  1. European Friends of ArmeniaEuFoA Director and MEPs Comment on the Recent Conflict Escalation in Nagorno-Karabakh
  2. EU2017EEEstonian Presidency Kicks off Youth Programme With Coding Summer School
  3. EPSUEP Support for Corporate Tax Transparency Principle Unlikely to Pass Reality Check
  4. Counter BalanceEuropean Parliament Improves the External Investment Plan but Significant Challenges Ahead
  5. EU2017EEPM Ratas: EU Is Not Only an Idea for the 500mn People in the Bloc, It Is Their Daily Reality
  6. Nordic Council of MinistersCloser Energy Co-Operation Keeps Nordic Region on Top in Green Energy
  7. ILGA-EuropeGermany Finally Says Ja - Bundestag Votes for Marriage Equality!
  8. EPSUJapanese and European Public Sector Unions Slam JEFTA
  9. World VisionEU, Young Leaders and Civil Society Join Forces to End Violence Against Girls
  10. UNICEFNarrowing the Gaps: The Power of Investing in the Health of the Poorest Children
  11. EU2017EEEstonia to Surprise Europe With Unique Cultural Programme
  12. International Partnership for Human RightsEU-Kyrgyzstan Human Rights Talks Should Insist on Ending Reprisals Vs. Critical Voices