"Trust is the currency of cyberspace" – The MSC Cyber Security Summit in Berlin

How does rising geopolitical competition affect security in cyberspace? How can we promote mutual trust and cooperation between governments and businesses, and ensure the freedom and security of users in cyberspace?

These were key questions posed by the Munich Security Conference (MSC) to the participants of its seventh Cyber Security Summit (CSS) on November 24 and 25, 2019 in Berlin. The CSS was organized in the run-up to the Internet Governance Forum of the United Nations and provided important impulses for the geopolitical, security policy and strategic debate in the cyber sector. The summit was co-hosted with the Deutsche Telekom and enjoyed the support of the German Federal Foreign Office and the Ministry of Economic Affairs and Energy. The CSS 2019 is the latest in a series of annual Summits which have taken place in Silicon Valley, Tel Aviv and Tallinn in previous years.

Cyberspace has long been regarded as a policy area in which states predominantly have common interests and which can therefore represent a starting point for international cooperation. However, the necessary trust at the international level seems at risk in the current climate. A recurring theme for the two-day event was therefore the need for confidence-building measures. As Wolfgang Ischinger, Chairman of the MSC, stated: Trust is not only indispensable for effective diplomacy, but also interaction in the cyber sphere – meaning not intergovernmental cooperation, but also relations between governments, companies and users.

The discussions made clear how multi-faceted the challenges in cyberspace are: In addition to technical, social and ethical issues, the focus was above all on geopolitical implications.

"Only as strong as your neighbor": Geopolitics and cooperation

Geopolitics also does not spare the Internet – originally conceived as an open space to be used freely by everyone. In times of increasing geopolitical tensions, the current controversies surrounding 5G infrastructure are only the tip of the iceberg. As Janka Oertel, Head of the Asia Programme at the European Council on Foreign Relations, among others, stressed, it confronts Europe with the fundamental question of a common digital policy strategy – especially with regard to China and potential European "technological sovereignty". In order to close existing competence and knowledge gaps on cyber issues, European tech industry and research need to be promoted. Bryan Ware, Assistant Secretary for Cyber Affairs in the US Department of Homeland Security, also emphasized that dealing with the 5G network rollout would set a precedent for future technological developments. The fact that the solution must lie in multilateral cooperation is already evident from challenges such as the deterrence and attribution of cyber attacks. Purely national efforts will not be successful. "In cyberspace, more than anywhere else, it is true that your own security is only as strong your neighbor’s," said Antje Leendertse, State Secretary at the Federal Foreign Office.

"It takes two to dance": multi-stakeholder cooperation

As a “great equalizer,” the Internet has also changed the role of the state as an actor. Unlike in other arenas of national security, it is not governments but private actors who possess the key technical infrastructure, capabilities, information and data. In addition, private technology firms are increasingly becoming relevant actors at the level of foreign policy. According to the Danish tech ambassador Casper Klynge, international rules for cyberspace must therefore seize upon companies’ central role and hold them to their responsibility. In fact, states and private actors should work together closely on norm setting in order to keep pace with the rapidly advancing technological developments. Therefore, in addition to the need for multilateral cooperation, the importance of multi-stakeholder cooperation is growing. Thomas Kremer, Member of the Board of Management of Deutsche Telekom, cited the identification and correction of software security vulnerabilities as a practical field of cooperation. At the summit, representatives of IT giants such as Microsoft and Oracle also underscored their willingness to cooperate with governments.

Ghanaian Communications Minister Ursula Owusu-Ekuful emphasized the special responsibility of the tech industry in countries with weaker digital infrastructures. Klynge agreed that economic profit cannot be the sole rationale of companies when their activities decisively influence the security and opportunities of present and future generations. Awareness of the importance of cyber security must therefore be anchored more firmly at the management level of companies.

Bot or Not: Democracy and Disinformation

The fight against political disinformation and extremism will also not be successful without the cooperation of technology companies. The exponential spreading of content on the Internet can have fatal consequences, as Paul Ash, Director of New Zealand's National Cyber Policy Office, made very clear as he presented a progress update on the "Christchurch Call". There was intensive discussion as to whether the mere prohibition of bots, fakes and other forms of "inauthentic" content is the right way to go, or whether it threatens the personal rights and freedoms that, in fact, should be defended. Excessive regulation could run the risk of shaping cyberspace in the interest of autocrats, warned Sandra Joyce, Vice President of the cyber security company FireEye. Julian King, EU Commissioner for the Security Union, pointed out how this dilemma could be solved from the EU's point of view: He underlined the importance of regulations that increase transparency for users on the Internet instead of blocking content. 

The Cyber Security Summit 2019 was part of the Munich Security Conference’s Cyber Security & Technology Series.