Reports & Papers

In an interconnected world, cyberattacks are becoming more frequent and sophisticated. Building resilience against this asymmetric threat is critical for countries to protect their economies, critical infrastructure, and democratic institutions. However, cyberattacks do not respect borders, and no country can address this threat alone. The strength and longevity of the transatlantic partnership between the EU and the U.S. presents a unique opportunity to address this strategic threat through international cooperation. Through an analysis of cyberwarfare in the ongoing war in Ukraine, this paper proposes policy recommendations to enhance transatlantic coordination and cooperation against current and future adversaries in a new era of strategic competition. Ultimately, a stronger transatlantic partnership is critical for protecting international democratic norms, building resilience against cyber threats, and strengthening global security and stability.

Establishing norms for state behavior in cyberspace is critical to building a more stable, secure, and safe cyberspace. Norms are defined as “a collective expectation for the proper behavior of actors with a given identity,” and declare what behavior is considered appropriate and when lines have been crossed. Cyberspace is in dire need of such collective expectations. However, despite efforts by the international community and individual states to set boundaries and craft agreements, clear and established cyber norms for state behavior remain elusive. As early as 2005, the UN Group of Governmental Experts (GGE) and UN Open-Ended Working Group (OEWG) both aimed to create shared “rules of the road,” but fundamental disagreements between states and a lack of accountability and enforcement mechanisms have prevented these initiatives from substantively implementing cyber norms. As a result, the international community and individual states are left with no accountability mechanisms or safeguards to protect civilians and critical infrastructure from bad actors in cyberspace.

The overarching question imparting urgency to this exploration is: Can U.S.-Russian contention in cyberspace cause the two nuclear superpowers to stumble into war? In considering this question we were constantly reminded of recent comments by a prominent U.S. arms control expert: At least as dangerous as the risk of an actual cyberattack, he observed, is cyber operations’ “blurring of the line between peace and war.” Or, as Nye wrote, “in the cyber realm, the difference between a weapon and a non-weapon may come down to a single line of code, or simply the intent of a computer program’s user.”

This policy brief emphasizes that the European Green Deal's effectiveness in a post Covid-19 world will require the involvement of strategic partners, especially the US. In the context of a potential US withdrawal from the Paris Agreement and the consequential vacuum, it will be even more important to engage the US in implementing the GD. In light of divergence between the US and the EU during past climate negotiations (e.g. Kyoto, Copenhagen, and Paris), we suggest a gradual approach to US engagement with GD initiatives and objectives.

"When government agencies discover or purchase zero day vulnerabilities, they confront a dilemma: should the government disclose such vulnerabilities, and thus allow them to be fixed, or should the government retain them for national security purposes?"