International Cyber Capacity Building: future scenarios and an EU redux

As the EU unfolds its vision for a “digital decade”, the implementation of its 2020 Cybersecurity Strategy is a timely opportunity to reaffirm and refresh the EU’s approach to international cyber capacity building. This session will explore: how this young field of global cooperation is evolving; the directions it might take in the future; and how the EU could respond to the opportunities and challenges these scenarios present. In a world shaped by digitalisation and competing visions over digital governance, the EU’s approach to cyber capacity building must evolve if it is to keep pace with global cyber threats and shifts in the capacity building ecosystem.

Facilitators:

Speakers:

European perspectives on the protection of the health care sector from cyber attacks

The Covid-19 pandemic has brought the importance of healthcare sharply into focus. It has also demonstrated that healthcare and medical facilities around the world are vulnerable to a new threat – that from malicious actors online. This workshop forms one of the series of webinars focused on protecting critical infrastructure, and will investigate what threats hospitals and medical practitioners face, discuss what policies and practices we have at the European level to increase the resilience of online systems, and discuss what Europe can do to protect this precious area internationally.

13:00 - 13:10 Introductory remarks:

13:10 - 13:55 From hospitals, to vaccine manufacturers, to ministries and international institutions – cyberthreats are real. What can we do about it?

13:55 - 14:40 Resilience and regulation: What are the opportunities and challenges for an EU framework for healthcare cybersecurity guidelines?

14:40 - 15:20 Attacks on healthcare are banned under the laws of war. Is it time to ensure the same is true for peace time?

15:20 - 15:30 Conclusions:

Preventive and positive cybersecurity: contributing where it matters most

The EU has entered the Digital Decade acknowledging that cybersecurity efforts must be allocated meaningfully between various stakeholders – users, data subjects, controllers, critical infrastructure operators, electronic services providers, academia and governments. As geopolitical tensions complicate addressing the causes of increasing cyber threats, especially between main political contestants, this workshop will zoom into global cybersecurity contributions that can made at national, organizational, corporate and individual level.

This workshop will design and develop a framework of preventability. Focusing on factors and circumstances that make cyber operations more likely and more successful, participants will recommend ways for engaging various groups and entities in preventive and positive cybersecurity: putting the effort and contribution to where it matters most.

Speakers:

Global efforts on cybercrime: European perspectives on harmonization and complementarity of approaches

A new UN process aimed at developing a cybercrime treaty is underway. This comes at a time where 65 countries have already ratified the 2001 Council of Europe Convention on Cybercrime. As with the other UN track on cyber governance, there is a divergence of views on the appropriate course of action. Whereby Russia and its allies are pushing for a binding UN treaty, like-minded states fervently disagree with this approach. This session will look at the different efforts that aim at fighting cybercrime exploring whether a harmonization between them is possible. It will further investigate ways in which non-state actors can help overcoming inevitable deadlocks in a highly politicised and fragmented context.

Chair of the session:

Speakers:

Digital sovereignty and strategic autonomy: what room for a democratic narrative?

Although liberal states see the principle of sovereignty as foundational to the international order, they have not engaged with the notion of digital sovereignty in the international debate about cyberspace, given their emphasis on the merits of the internet as a global and open network. However, they have now come to the point where they have to engage with the issue of digital sovereignty and the notion of strategic autonomy at the EU level. Considerations of economic security, the role of disinformation and geopolitical tensions lead liberal states into debates about ‘information security’ and ‘digital sovereignty’, traditionally championed by Russia and China. How can the EU and its member states construct a democratic narrative on digital sovereignty that marries the anchor of freedom with the need to protect national interests?

Moderator:

Speakers:

Effectively countering anti-vaccination disinformation

Join Quirks, part of Dutch award-winning counter-disinformation platform DROG, for an interactive workshop focused on anti-vaccination disinformation. In this workshop, with a multi-stakeholder approach, Quirks will present the key threats, developments and effective solutions regarding disinformation on anti-vaccination. Our public-private partnerships approach provides a unique ecosystem that forms the base for this particular workshop, which in part will focus on our findings in the Dutch context with an EU touch.

Quirks focuses on CIB simulations and works closely with DROG’s other monitoring and analysis programmes to provide cutting edge insights to ultimately: Replay, Research, Resolve and Rebuild.

Moderator:

Speakers:

The role of the 5G toolbox in the EU’s foreign and security policy

This workshop will bring together policymakers and academics working on trust, resilience and technology regulation to explore the role played by the 5G toolbox in the EU’s foreign and security policy. The workshop will assess progress towards implementation of the 5G toolbox, whether it can be a model for the EU’s digital partnerships outside of Europe, and how technological trends such as the adoption of Open RAN will affect EU security and diplomacy. The workshop will be based around a briefing/discussion paper and will result in a series of recommendations for EU policymakers.

Keynote:

Roundtable speakers:

Moderators:

Building the CyberPeace Index

Cyberpeace exists when the world’s digital ecosystems ensure the protection of human security, dignity and equity. But how to achieve such a state if we can not measure the current state of affairs, or the steps needed to achieve this goal? Achieving peace in cyberspace is notably hampered by the fact that, to date, there is no mechanism to track its evolution. To address this gap, the CyberPeace Institute will develop the CyberPeace Index as a public facing platform that allows its users to understand and compare states' and non-states responsibilities and actions within the ecosystem of domestic and international laws and norms. The aim is to document commitments towards responsible behaviour in cyberspace and to track adherence to these commitments. The workshop will discuss a practical approach to map malicious activity of states and non-states against responsible behaviour, inviting expert input.

Moderator:

Bolstering the protection of human rights online through the EU’s cyber diplomacy efforts

The EU is adamantly standing up for the protection and promotion of human rights across the globe. A human-centric vision of technology is at the core of the EU’s and its Member States cyber diplomacy efforts multilaterally and in dialogue with third countries. However, human rights violations online continue to grow. This includes restrictions placed on the exercise of the freedom of opinion, expression, assembly and association as well as the right to privacy online through discriminatory or politically motivated Internet censorship or Internet shutdowns and unlawful or arbitrary monitoring. Many autocratic states are misusing cyber security laws and policies in order to restrict human rights and silence human rights defenders online.

As countries continue to become more digitised, the EU can play an important role to help stop such practices from proliferating – such as through supporting cyber capacity building efforts that ensure the protection of fundamental freedoms and human rights. The EU should firmly protect and promote the principles that human rights and cybersecurity are complementary, interdependent and mutually reinforcing, and that cybersecurity policies and practices should respect rights by design. These principles, among others, are laid down in the Freedom Online Coalition’s 2020 joint statement on Human Rights Impact of Cybersecurity Laws, Practices and Policies.

This workshop will consider the role of human rights in the EU’s cyber diplomacy efforts. It will consider ways to further link up the various human rights, digital technology and cyber diplomacy communities, and explore how the EU could play an even greater role in ensuring the protection of human rights online.

Moderators:

Speakers:

Geopolitics and Disruption: Is the EU Making the Most of Emerging Technologies?

The European Union’s 2020 Cybersecurity Strategy identifies emerging and disruptive technologies such as artificial intelligence, quantum computing, and future generation networks as critical to European resilience, technological sovereignty, and leadership. Such key technological areas are now deeply impacting the EU’s foreign policy, security, defense, and regulatory ambitions, as well as its innovation and industrial policies in strategic sectors. This ECA workshop aims to facilitate a constructive and lively debate on how the EU should make the most of this potentially disruptive technological wave in an era of evolving geopolitical competition. Special attention is given to short-terms and long-term opportunities and risks associated with pursuing a European technological sovereignty agenda in both civil and military domains.

Moderator:

Speakers:

European Cybersecurity research and analysis: best practices for information sharing and collaboration with policy-makers

This session will focus on how researchers in social sciences and public cybersecurity organisations across Europe can best collaborate. First, we will present innovative examples of collaborative structures at the national levels. Then, through several breakout sessions each focusing on an area of cyber policy, participants will dive deeper into the challenges involved in such collaborations and identify best practices for such collaborations.

Moderators:

Speakers:

Cyber norms and critical infrastructure protection – good practices and key challenges in implementing Paris Call principle 1

Based on a survey and interviews conducted by Microsoft with the support of KPMG, this workshop highlights observations around the shaping and impact of international cyber norms, with a particular focus on critical infrastructure protection (Paris Call principle 1). The aim of the workshop is to carve out good practices and key challenges in implementing measures for critical infrastructure protection, ranging from operational to normative and political measures and future policy implementation. The results from the workshop will serve as input for further discussions on the subject, including for example the recently established Paris Call working groups.

Speakers:

The UN Programme of Action: can the EU drive regionalised multilateralism?

The European Union Cybersecurity Strategy makes a clear commitment to the idea of a UN-led Programme of Action for advancing responsible State behaviour in cyberspace (PoA). Its sponsors acknowledge the need for a regular institutional dialogue that provides the adequate conditions for inclusive and transparent exchange among states while at the same time building a strong political commitment. However, the support for this idea is not universal and many questions are still open concerning the organizational aspects and concrete goals for the PoA. With its focus on strengthening multilateralism and rules-based international order, what role can the EU play in steering the PoA process, in particular regarding the contribution by regional organisations?

Moderator:

Speakers:

Understanding attribution in cyberspace: The who, the why, and the how

When should cyber attacks be publicly attributed? Is more public attribution always better? And what are the potential unintended consequences of public attribution? This workshop will be centered around a presentation by Florian Egloff and Max Smeets, who have developed the Public Attribution Framework, designed to guide and explain disciplined and high-level decisions by governments regarding the public attribution of cyber operations. In discussing the framework, this workshop will explore the various tradeoffs that states have to consider when deciding whether publicly call out an attacker. It becomes evident that effective public attribution by governments not only necessitates a clear understanding of the attributed cyber operation and the cyber threat actor, but also the broader geopolitical environment, allied positions and activities, and the legal context. This also implies that more public attribution is not always better.

This workshop will also touch upon the differences between government, private sector, and civil society attribution, and reflect on ways to encourage greater accountability for state actors for the effects of their cyber operations. We will investigate this space from a European perspective, also trying to understand what the EU’s role is in public attribution. Lastly, the workshop will consider barriers to attribution by states and reflect on the likelihood of states holding each other accountable for state originated cyber operations.

Moderator:

Speakers: