The US-EU transatlantic cooperation has a new focus: tackle cyber threats and protect critical infrastructures
In the last decade, the world witnessed a somewhat inevitable shift towards the use of digital tools as means of international statecraft and political contestation. The current global landscape is characterized by the rise of personalist and authoritarian regimes such as Russia with Putin, Turkey with Erdoğan, Hungary with Orbán or China with Xi Jinping.
These authoritarian regimes embrace artificial intelligence, digital tools, disinformation, deepfake or shadowy cyber-criminal gangs to address attacks and in this way cement their power domestically while fracturing the international order. The pandemic not only further enhanced this fragmentation, but also rendered countries more digitally dependent and consequently more vulnerable to cyber threats.
In the XXI century United States’ foreign policy has evolved through the 3 administrations of Obama, Trump and Biden. Starting from Obama, its 2011 “International Strategy for Cyberspace” introduced the aim to promote democracy worldwide and guarantee a “open, free, interoperable, secure, and reliable” internet. The foreign policy adopted in the cyber space was relatively restrained, based on active deterrence, limited sanctions and diplomatic initiatives to establish international norms of state behaviour.
Afterwards, Trump administration’s strategy changed from the previous one by embracing the “defending forward” principle: a more aggressive approach of preemptively entering in adversaries’ networks before they could launch a cyber-attack.
Currently, Biden’s administration goal is to reestablish American leadership as a model of democracy abroad, and in this sense the focus is on protecting critical infrastructures, fundamental services and human rights in the cyber domain within the US and abroad. The strategy adopted is oriented both internally and externally: on one side, Biden is reinforcing internal cyber capabilities even if he has encountered an impasse in the US Congress where many legislative proposals are blocked, like the ones regarding data privacy, protection of consumer rights, data breach notification or regulation of competition among the Big Tech (Google, Amazon, Facebook, Microsoft).
Given this gridlock, the government promoted executive orders and directives to strengthen federal agencies and critical infrastructures’ cyber resilience, and also established new officials such as the National Cyber Director Chris Inglis and the Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger. On the other side, as stated in the “Interim national security strategic guidance” released in March 2021, US’ international contribution in the struggle against cyber threats will rely on partnerships with other countries that entail the commitment to respect international state behaviour norms.
The scope of building these partnerships is to bring more stability and reliability in the international system, and for the moment Washington’s strongest cooperation is with European allies. When in December 2020 the huge cyber espionage campaign of the Texas-based company SolarWinds has been discovered, it became evident the urgency to revitalize US-EU cooperation on cybersecurity.
Basically, the attack occurred through a malware hidden in an update to network management software made by SolarWinds, which infected and stole data from as many as 18.000 companies and government organizations, including 9 US federal agencies and 6 EU institutions and agencies. This event showed the weaknesses of European and American infrastructures, but also their interdependence.
US-EU cooperation is therefore underlaid by common interests and values, and its framework is the Working Group on Cybersecurity and Cybercrime which was established during the 2010 Lisbon US-EU Summit. The Working Group focus is on four areas which are valuable for both regions: cyber incident management, public-private partnership on critical infrastructure, cybersecurity awareness raising and cybercrime.
Furthermore, in 2014 it was presented the agenda of the first US-EU Cyber Dialogue: development of cyber capacities in other countries, multilateral discussions on international cybersecurity issues, Internet governance and online protection of human rights. This partnership has achieved some remarkable results notwithstanding the adoption of different diplomatic responses to malicious cyber activities: the US has embraced the strategy of persistent engagement, i.e. permanent competition with countries in cyberspace based on the use of offensive cyber capabilities; while the EU uses its Cyber Diplomacy Toolbox for conflict prevention.
Another level of cooperation to take in consideration is the normative one, since EU and US have both joined the Paris Call which commits them to respect some principles and norms of responsible state behavior. A recent remarkable achievement is represented by Biden administration’s announcement in July 2021 accusing China of the Microsoft hack, in which “an unprecedented group of allies and partners – including the European Union, the United Kingdom, and NATO – are joining the United States in exposing and criticizing the PRC’s malicious cyber activities.”
This joint callout to China came just 3 months after the UN reportsigned by 25 countries (including China, Russia, and the US) which emphasized the need to prevent cyber attacks on critical infrastructures. Some steps have been made in a joint effort to create international consensus on appropriate use of cyber means within foreign policy, with the hope that today’s cyber disorder may eventually abate.
These joint actions have been possible only due to the succession of highly visible cyber threat events during the pandemic, coupled with Biden’s administration which is prioritizing cyber issues within its foreign policy. These elements galvanized the international community which slowly started agreeing on tools to punish and respond to attacks in the cyber space. To further strengthen this joint response, it is necessary to improve the situational awareness by exchanging liaison officers between the European External Action Service and the US’ State Department. Liaison officers can provide top-quality advice, facilitate effective knowledge management, communicate, and coordinate their activities, create further partnerships, exchange information and recommendations.