William & Mary
Close menu Resources for... William & Mary
Popular Topics
Suggested Results
News Events
Apply Visit Request Info
W&M menu close William & Mary
Whole of Government Center of Excellence

Break-Out Group #1: "Cyber Resilience and Cyber Defence"

Break-Out Group #1: "Cyber Resilience and Cyber Defence" featured:

  • Ms Sally Daultrey, Intelligence Analyst, Seven Signals Ltd
  • Mr Nigel Inkster, Senior Adviser for Cyber Security and China, The International Institute for Strategic Studies
  • Ms Piret Pernik, Cybersecurity Researcher, NATO Cooperative Cyber Defence Centre of Excellence [Moderator]
  • Mr Kaan Sahin, Cyber and Hybrid Policy Officer, NATO
  • Dr Max Smeets, Senior Researcher, Center for Security Studies (CSS), ETH Zurich; Director of the European Cyber Conflict Research Initiative

break-out-youtube.png

Watch the Report Out from the Break-Out Groups

This rich discussion centred on the development of military cyber capabilities by different European Union and NATO states, with a question of how to understand the implications of that development. One paradigm presented was: to what extent does this reflect the militarization of cyberspace or are there better ways of thinking about it? Participants had varying thoughts about how much progress had been made in developing military cyber capabilities in member states, and the limits of that developmental process over the last ten to twenty years. The group then discussed the concept of military cyber from China’s perspective, with a reflection on the limits of what is known, the development of those capabilities, and how those would be used. This was situated in the urgent strategic context of Taiwan in the shorter or medium term. China, and also Russia, are investing in military cyber capabilities, and have offensive cyber programs across the board.

Rather than exclusively focusing on offensive cyber capabilities, operational activities in the theater, or information and intelligence sharing, Break-Out Group #1 went deep on non-military activities including shaping the space through other means, such as regulations, international law, cyber norms, and standards. As an alliance of democratic nations, NATO is more limited in terms of the mandate, decision making speed, and authority, as well as willingness to escalate. Building on this, the group aimed to develop a shared understanding and clarify what is meant when the concepts or categories of cyber resilience and defence are mentioned. While a literal shared language is not needed, progress in these areas will be eased if experts have a shared set of concepts and an understanding, so they are not talking across each other in policy or academic circles. One idea was to think through more thoroughly what shaping means and how that can be achieved in cooperation with the private sector. A big challenge is to get the private sector on board with collective cyber security efforts, understand what their exact roles and responsibilities are in this area, and to incentivize them to take actions for their own resilience, while also protecting democratic values and freedoms. When discussing the private sector, nations need to evaluate the different response options to malicious cyber activities, and the imposition of costs so that they are meaningful, as technical attribution and the releasing of intelligence inherently entails vulnerabilities for cooperative corporations in addition to the vulnerabilities being opened for adversaries. They analysed different ways of conceiving what the private sector could and should be doing and what the relationship should and should not be between government and the private sector in cyberspace. 

The group discussed the pros and cons of being a big and small nation when developing a robust cybersecurity knowledge ecosystem. Being a small country can make building and accessing those pockets of knowledge easier, whereas larger or hierarchical nations can have difficulties finding and using such information. 

Participants transitioned to strategic competition and thinking about strategic competition in cyberspace, including with overlap: 

  1. How to embed values in technologies, and the competition to embed different sets of values
  2. Stratum of economic competition
  3. Political-military competition

They addressed the extent to which cyberspace is seen as a zone of strategic competition, considering it is a rich and varied global system with lots of interaction, to include social and economic interaction. The group largely agreed that the processes to discuss and deliberate about the future of cyberspace should not just be multilateral in nature, but multistakeholder with states, civil society, and the private sector each having different roles to play. To tackle how difficult it is to coordinate among various stakeholders, participants emphasized a need to focus on different relationships between technologies, politics, and the role of the military as an institutional actor, balancing these three to optimal effect. Toward the end, a nature bridge emerged as this group also touched up on emerging technologies and cyberspace, and the extent to which these conversations are traditionally siloed and they should not be, as there is important overlap. The idea was presented that nations need a way to assess the net effect, a robust totality judgment, of Artificial Intelligence on competition in cyberspace. 

In closing, Break-Out Group #1 stood on three pillars: what are the requirements for NATO strategic effects, what are the solutions, and what are the tools and political will to implement.