Speakers:
- Chase Carter (political officer, US Mission to the European Union)
- Christiane Kirketerp de Viron (head of unit, Cybersecurity and Digital Privacy Policy, European Commission)
- Jakob Bund (associate, German Institute for International and Security Affairs – SWP)
Moderators:
- Andrea García Rodríguez, Lead Digital Policy Analyst, European Policy Centre
Cybercrime – as highlighted by the panel – is a grave threat to both the EU and the US. Yet, this modern battle is chronically overlooked and sidelined by other contemporaneous challenges faced by both interlocutors. By 2025, it is estimated to cost both economies to the tune of $10 trillion.
As noted by the panel, the establishment of the US-EU Transatlantic Cybersecurity Dialogue was a bold and interesting step forward by both parties. It was established to foster cooperation, information sharing, and coordination between the United States and the European Union on matters related to cybersecurity; promoting a secure and resilient cyberspace while safeguarding critical infrastructure, protecting citizens, and countering cyber threats.
The panel noted that this was and is important because the US is the leader in cybersecurity matters. For example, as noted by Mr Carter and other panellists, the US in 2022 passed the Quantum Cybersecurity Preparedness Act which would better encrypt government information. The panellists noted that by 2026, there is a 1 in 7 chance that quantum computers owned by a variety of non-state actors around the world will be able to break the most used cryptographic systems, which will go as high as 50% by 2031.
Ms. Kirketerp de Viron and others noted that despite the US-EU Dialogue, there is still a dire lack of substantive and concrete common policies and approaches.
Both the United States and the European Union face an array of common cybersecurity threats. These include state-sponsored cyber espionage, ransomware attacks, data breaches, intellectual property theft, disinformation campaigns, and the exploitation of vulnerabilities in critical infrastructure. Threat actors often transcend national boundaries, necessitating a unified approach in tackling these challenges.
The panel moved to the shortcomings of the EU’s approach. Notably, the EU has so far not focussed on future technologies in the cadre of cybercrime, and also largely focussed on short-term attacks. This is hindering the EU’s ability to spearhead any future standards or approaches. The irony of this as the panel noted is that the US is benefitting from research that comes from European sources. This is despite the EU’s 2020 Cybersecurity Strategy.
The panel commented on the effect of cybercrime to make both actors, and their economies turn inward and become more protectionist. There is also an air that each party knows how to tackle this issue better.
However, the panel noted subject areas where there has been notable success in the dialogue between the transatlantic parties:
- Exchange of Threat Intelligence.
- Joint Cyber Exercises.
- Policy Coordination.
- Cybersecurity Cooperation Frameworks.
Despite the collaborative efforts, challenges persist in developing effective policies or approaches to cybersecurity. These challenges include:
- Regulatory Differences.
- Fragmented Coordination.
- New Emerging Technologies.
The panel finally noted that the EU and the US should use the parties’ announced and upcoming Trade and Technology Council (TTC) ministerial forum to enhance collaboration on these matters.
Moreover, the members noted that the US can help the EU’s focus on key areas of the future cybersecurity. By investing in and promoting the research coming from European sources, the US and the EU clearly have a lot to gain from each other on these matters. Finally, the US needs the EU’s harmonisation and coordination abilities to bring together all member states of the EU as many do not have sufficient action plans regarding cybersecurity. It is noted that while the US’ Federal Government can legislate US-wide, but the EU is only as strong as the sum total of its member states’ collective action towards cybersecurity. This could also be a factor in why the progression and output of the US-EU’s cybersecurity approach could be described as not in lock step.