Report Summary: A Language of Power? Cyber defence in the European Union

A Language of Power? Cyber defence in the European Union
Edited by Patryk Pawlak and François Delerue With contributions from Hans Boddens Hosang, Ralica Csernatoni, Paul A.L. Ducheine, Aude Géry, Laurent Gisel, Mika Kerttunen, Kubo Mačák, Antonio Missiroli, Peter B.M.J Pijpers, Matthias Schulze, Eneken Tikk

As the age of technology has rapidly advanced, so too have unwarranted international cyber operations in global cyberspace. During peacetime, such cyber operations aim to disrupt the smooth functioning of democratic societies, undermine legitimate governments, collect intelligence, and steal trade secrets or money. During times of conflict, malicious actors conduct cyber operations against adversaries to lessen their military advantage. As such operations increase in intensity and frequency, it is critical for the EU to evaluate its cyber defence policy so that it contributes to learning the ‘language of power’.

This paper analyses what it means to speak the ‘language of power’ in cyberspace. Using the format of a quasi-linguistic project, it examines the history and functions of cyber defence as well as the norms and principles that shape modern cyberspace. It begins by considering the abilities of various powerful states to defend against cyber attacks and identifies non-state groups that play pivotal roles in cyber operations, such as terrorist and criminal organisations. As the likelihood of the use of unwarranted cybertechnology in military conflicts by such organisations increases, the EU must create a collective policy on cyber defence, a feat that has been difficult to achieve thus far. In this regard, the paper compares the different national defence strategies pursued by the US and EU countries, examining in particular how the United States’ policy of persistent engagement contrasts with the EU’s policy of deterrence and how this may create tensions moving forward.

The paper maps different types of attribution of responsibility in the context of cyber operations, distinguishing between technical, political, and legal attribution, while also analysing attribution in a military context. It delves into the ways the scope for espionage has been broadened by developments in information and communications technology, and distinguishes between the definitions and goals of political versus economic cyber espionage. It discusses the rules that limit cyberspace operations and the human costs of such operations including whether international humanitarian law applies to cyberspace operations. It also discusses what collective cyber defence between the EU and NATO could look like.

The paper concludes by examining the evolving role of technologies in cyberspace and how the EU’s ‘language of power’ must reflect these evolving considerations, providing suggestions for policymakers on how to shape cyber defence policy moving forward.

Read more here.