European Union members convened a ministerial discussion Monday in an effort to take stock of the 2020 U.S. presidential election and plan how to best jumpstart cooperation with the incoming Biden administration on a whole host of issues, including cybersecurity matters.
The agenda was focused on a proposal from the European Commission and the office of the EU High Representative that suggests that the EU and the U.S. increase cybersecurity-related information-sharing and coordinate repercussions for bad actors in cyberspace. The commission and high representative — essentially the EU’s foreign minister — also proposed an increase in cybersecurity capacity-building efforts, discussions about 5G, and a meeting in early 2021 to discuss security and military operations.
Europe and the U.S. have a long history of partnering on cybersecurity issues, and in the last year the U.S. and some members of the EU have taken steps meant to increase their ability to jointly respond to hacking by adversaries. The U.S. and a smattering of EU members have each offered to lend offensive cyber-operations, in theory, to any joint responses coordinated through the North Atlantic Treaty Organization alliance, for instance, including the Netherlands, Estonia, Norway, Germany, France, Denmark and Lithuania.
The EU’s overtures to President-Elect Joe Biden — who has a track record of transatlantic collaboration — touch on a whole host of other issues asides from just cybersecurity, of course, including trade, health and climate change. The effort comes after years of fraying EU-U.S. relations under the Trump administration. President Donald Trump repeatedly retreated from multilateralism and traditional European partnerships, at times resorting to outright hostility in exchanges with European counterparts.
On the cybersecurity front, a mountain of work remains ahead for a Biden administration if the new president wants to boost collaboration and beat back adversaries in coordination with the EU, former European and American cyber diplomats tell CyberScoop.
Writ large, European nations and the U.S. tend to have different approaches to countering adversaries in cyberspace — a gap that potentially creates disagreements over how to best collaborate, NATO’s former director of defense policy, Timo Koster, told CyberScoop. While both the U.S. and the EU use sanctions against shared adversaries — and the EU recently used its cyber sanctions regime for the first time in June — the U.S. Department of Defense has also been running cyber-operations outside of DOD networks in an effort to try blocking adversaries in cyberspace before they target U.S. assets.
“The way the U.S. has declared this strategy — I’m not going to say it’s giving up on deterrence — but it’s a clear statement that deterrence on its own will not do it, and we have to position ourselves in the systems of our potential adversaries and make moves much earlier than we were doing it in the past,” said Koster, who earlier this month stepped down from his role as The Netherlands’ cyber ambassador. “European nations in general are much more cautious in that respect.”
Need for cooperation ‘only continues to grow’
Because so many countries are continuing to develop offensive cyber-capabilities, the EU and U.S. have no choice but to coordinate efforts in response, said Steve Luczynski, a former deputy director for cyber plans and operations at DOD.
“I … saw the direct benefits of [DoD’s efforts to improve international cybersecurity cooperation] as I worked with the geographic Combatant Commands and how those well-formed partnerships enabled more effective operations,” Luczynski said. “In light of the increasing capabilities and willingness of state and non-state actors to create significant effects via cyber activities, the need for greater cooperation only continues to grow.”
The EU and the U.S. should also turn their attention to how they can jointly counter disinformation, according to Chris Painter, the former top cyber diplomat in the Obama administration. Information operations by nation-states aren’t always directly linked to hacking campaigns, but the assumption is that in many cases, foreign governments intend them to be complementary.
“Russian disinformation was something that caught us off guard in 2016,” Painter told CyberScoop. “The cyber community wasn’t really focused on it and there’s a lot of work to do in that area.”
The council concluded Monday that the EU needs to work with the U.S. to counter disinformation, as well as hybrid threats involving cyberspace and physical targets, and attacks on critical infrastructure.
Painter and Koster both said they think that charting the transatlantic relationship on cybersecurity will likely be more straightforward under a Biden administration, making it easier to cooperate against shared threats like Russia and China.
A spokesperson for Biden’s transition team declined to share specifics on its plans for cybersecurity collaboration with the EU. But the president-elect has discussed reinvigorating U.S. ties with the EU during conversations with multiple European leaders in recent phone calls, including with French President Emmanuel Macron and German Chancellor Angela Merkel, according to readouts. NATO declined to comment for this story.