Transatlantic Solutions to Cyber Threats
From crippling shortages of medical supplies to a historic economic downturn, the covid-19 pandemic has had a disabling impact on our societies. But other threats abound too. Foreign cyberattacks have targeted critical infrastructure in Western countries, aiming to undermine efforts to cope with the crisis and erode democratic processes. On May 1, CEPA hosted a virtual discussion on the transatlantic response to cyber threats. Moderated by CEPA’s Milda Matačiūnaitė-Boyce, it featured Laura Galante, Founder & CEO of Galante Strategies, Edvinas Kerza, Lithuania’s Deputy Minister of National Defense for Cyber Security, and Merle Maigre, Executive Vice President for Government Relations, CybExer Technologies (Estonia).
Key takeaways (condensed and paraphrased for clarity):
Increased teleworking prompted by the pandemic creates opportunities for hackers and fraudsters. The most common social engineering ploys are spearfishing and ransomware attacks. Foreign adversaries such as Russia and China have been engaging in malicious cyber activities to create instability and fuel panic in the U.S. and Europe. Recent cyberattacks in Ukraine exposed Russia’s attempt to exploit political tensions and fear caused by uncertainty around the pandemic. China has been carrying out cyber operations to deflect the blame and sow confusion about the coronavirus’s origins. The crisis is not just a fight against covid-19, but also a battle between ideologies, the democratic West against the authoritarian empires in the East.
The common objective of both Russia and China was and is to portray NATO and EU members as weak and unable to cope with the crisis, while depicting the regimes in Moscow and Beijing as righteous and effective.
A greater danger lies in China’s ability to charm European countries, particularly in Central and Eastern Europe (CEE), with debt-trap diplomacy. History may repeat itself: during the 2008-2009 economic recession Chinese companies bought discounted assets in the CEE region. China may also advance its national interests with aid for CEE countries suffering economic hardships. Collective action to forestall China’s dominance of 5G telecommunications networks in the post-pandemic environment is vital. One of the main lessons from 2008-2009 should be the need for rigorous screening of foreign investment in critical infrastructure and information technologies to protect strategic assets and preserve the EU’s economic sovereignty.
At home, China and Russia have used public-health pretexts to deploy mandatory digital QR codes, violating personal privacy and setting the stage for future government intrusion. While health concerns may trump data privacy during the crisis, the protection of personal data is one of the key differences between democratic societies and authoritarian regimes. Contact tracing solutions, while useful, cannot become a tool for state surveillance.
One of the most innovative focuses on mobile applications for more targeted social distancing and prevention of the virus spread. These must be built in compliance with the EU data protection standards to ensure citizens’ privacy and security. European companies are creating these applications on the principle of decentralization, which means that when the mobile application becomes available, it will only be available on a voluntary basis.
One of the most successful EU cyber projects has been the Cyber Rapid Response Team under the PESCO framework, an initiative led by Lithuania with the goal of increasing cyber resilience and improving a collective response to cyber incidents. The key to the initiative’s success has been information, knowledge, tools, and budget sharing as well as trusted human networks amongst the member states. To combat cyberattacks amid the pandemic it is vital to share information between private and public sectors domestically, while integrating a diverse approach to cyber issues when cooperating on a regional level. This model should be adapted to include outside partners and countries such as the U.S., UK, Ukraine, Georgia, and other transatlantic allies.
When it comes to cyber resilience, volunteer initiatives (motives) can be stronger than any top-down approach. The phenomenon known as the “whole of society approach” has strong roots in Lithuania, Latvia, and Estonia, which combines private and public capabilities to increase deterrence and defense. The pandemic helped us realize that faster problem solving is only possible with joint efforts by government, business, and civil society.
Private and public sectors have different and in effect complementary approaches to the same issues, a marvel that has led to successful innovation such as “Hack the Crisis.” This virtual hackathon, launched by a group of Estonian technologists and a Lithuanian mastermind, is a joint effort by government, corporates, and the startup community. It has grown into a global phenomenon, battling the immediate problems of the pandemic as well as creating solutions for the post-crisis world.
The silver lining of the entire covid-19 experience has been infectious solidarity and better online connectivity. To enhance our joint cyber resilience efforts and bring the transatlantic community closer together in the time of crisis we need a better mechanism — an integrated community of public and private sector built on a shared sense of trust, shared perception of the threat and, an ability to perform in a collective manner to rapidly respond to digital threats. The crisis could be the beginning of this positive development in the cyber community.
Lukas Fabijonavičius is an intern at CEPA.
Common Crisis is a CEPA analytical series on the implications of COVID-19 for the transatlantic relationship. All opinions are those of the author and do not necessarily represent the position or views of the institutions they represent or the Center for European Policy Analysis.
Europe’s Edge is CEPA’s online journal covering critical topics on the foreign policy docket across Europe and North America. All opinions are those of the author and do not necessarily represent the position or views of the institutions they represent or the Center for European Policy Analysis.
