Back in April 2011, the United States and the EU agreed to strengthen their cooperation by redefining the goals of the EU-US Working Group on Cyber-Security and Cyber-Crime. This group was established at the EU-US Summit in November 2010. A couple of weeks ago, the Committee on Foreign Affairs and Subcommittee on Security and Defense of the European Parliament published this study on cyberwarfare and cybersecurity pertaining to the EU Common Foreign and Security Policy. It is about time that the EU is addressing this important subject. Most countries are now pervasively connected to each other and the world by choice because of the many benefits that cyber connectivity offers. This connectivity brings profound interdependence that has far reaching impact on national security, economic stability and public welfare. Yet policy makers, especially in Europe, are playing a catch up game with technology. As the report notes, the EU – like many national governments – has approached the issue of cybersecurity in a fragmented manner, where parallel policies have sometimes been launched with different overlapping themes. The report concludes that:
The EU has made important contributions to helping to develop the ‘resilience’ of EU Member States to serious cyber-attack. However, these measures need better coordination, should be expanded upon, and most importantly need to be understood as not only an ‘internal’ or ‘economic’ issue, but also as a Common Foreign and Security Policy issue. More than perhaps any other subject in modern day government, the challenge of ‘cyber’ transcends traditional divisions such as ‘internal’ vs. ‘external’ affairs’ or ‘security’ vs. ‘economic’ domains, standard government departmental organizations, or even classifications such as ‘state’ and ‘non-state’.
Cybersecurity will be the hottest and most complex foreign policy topic in the decades to come. Yet, governments, especially those of liberal democracies, will face some challenges in wielding “cyber power”:
With the notable exception of Critical Infrastructure Protection (CIP) programs and security contractors, liberal democracies (as well as most EU Member States) have interacted relatively little with the non-state cybersecurity capabilities – a very wide, and absolutely vital, component of cybersecurity and cyberpower. Russia and China have in many ways progressed much further in seeking the cooperation of their non-state cyber-capabilities in national cyber policy, even if these capabilities are actually less important in these respective countries then the state capabilities are. The situation is probably reversed in liberal democracies – here the non-state sector is more important than the state sector in generating overall cybersecurity. A major challenge seems to be that while more restrictive forms of government can co-opt or coerce cooperation from their non-state sector, most liberal democracies can only aim to convince their non-state sector of the merits of cooperation. This requires, in effect, a new approach to government, a rethinking of the role of the non-state sector in security, and perhaps even a new appreciation of the implicit strengths of liberal democratic systems.
So which form of government will have the upper end in the age of cyber space?
