In Second Cybersecurity Dialogue, Accountability and Capabilities Highlighted
Sarah Lohmann
Dr. Sarah Lohmann is Non-Resident Fellow with the American Institute for Contemporary German Studies at Johns Hopkins University. Dr. Lohmann is an Acting Assistant Professor in the Henry M. Jackson School for International Studies and a Visiting Professor at the U.S. Army War College. Her current teaching and research focus is on cyber and energy security and NATO policy, and she is currently a co-lead for a NATO project on “Energy Security in an Era of Hybrid Warfare”. She joins the Jackson School from UW’s Communications Leadership faculty, where she teaches on emerging technology, big data and disinformation. Previously, she served as the Senior Cyber Fellow with the American Institute for Contemporary German Studies at Johns Hopkins University, where she managed projects which aimed to increase agreement between Germany and the United States on improving cybersecurity and creating cybernorms.
Starting in 2010, Dr. Lohmann served as a university instructor at the Universität der Bundeswehr in Munich, where she taught cybersecurity policy, international human rights, and political science. She achieved her doctorate in political science there in 2013, when she became a senior researcher working for the political science department.
Prior to her tenure at the Universität der Bundeswehr, Dr. Lohmann was a press spokeswoman for the U.S. Department of State for human rights as well as for the Bureau of Near Eastern Affairs (MEPI). Before her government service, she was a journalist and Fulbright scholar. She has been published in multiple books, including a handbook on digital transformation, Redesigning Organizations: Concepts for the Connected Society (Springer, 2020), and has written over a thousand articles in international press outlets.
“The United States is not afraid to call out countries and hold governments accountable,” U.S. Embassy Berlin’s Charge d’Affairs Kent Logsdon emphasized to the policymakers gathered in the Bavarian Representation in Berlin at AGI’s second round of its Transatlantic Cybersecurity Dialogue with the Hanns Seidel Stiftung. “The United States will use the tools of diplomacy and statesmanship. This includes sanctions as a response to cyber incidents,” he said.
Hours earlier, while the working groups of 10 Americans and 10 Germans from the Transatlantic Cybersecurity Dialogue were meeting, Treasury secretary Steven Mnuchin had announced that the U.S. government would be imposing sanctions against the Russians—five entities and nineteen individuals—for election interference and the NotPetya attack. The FBI and the Department of Homeland Security had simultaneously warned that the Russians were continuing cyber activities aimed at the U.S. power grid, where they had gained access after planting malware, and then conducting spear phishing to gain remote access to energy networks, and critical information on how the Industrial Control Systems are run. Germany was likewise feeling vulnerable, shortly after the malware and espionage activities attributed to Russia’s “Snake” hacker group on its internal government “Informationsverbund Berlin-Bonn” (IVBB) network was made public.
The cyber espionage campaigns and cyberattacks conducted against both countries gave added relevance to the Cybersecurity Transatlantic Partnership and its accompanying dialogue, which was launched in January. The dialogue, which includes a standing core of 10 American and 10 German policymakers from the government, academia, the military, and tech sectors, aims to improve information-sharing between the two countries for the purpose of coordinating analysis of and solutions to cyber threats in both the area of cyber defense and digital propaganda.
In the working group’s public discussion that evening, discussion of theoretical cyber norms—definitions, and rules of the road to be used when attacked—stood in contrast to current capabilities of both countries to use offensive cyber weapons. The urgent need for both countries to protect their national security from cyberattacks from state actors and their conduits made the question of when to use cyber weapons no easier to answer.
“I am of the opinion, that the Bundeswehr, as in every other domain, should have defensive as well as offensive instruments available,” German Parliamentarian Reinhard Brandl, CSU, stated. “Of course, our focus is on the defense against cyberattacks and the protection of our infrastructure against attacks. But it must be said: The Bundeswehr must have offensive capabilities in the cybersphere.”
Mr. Logsdon agreed that defending our systems and networks was vital: “One of the best tools we have to understand and get to the attribution of cyberattacks is our ability to hack back …” he said. At the same time, he cautioned that the solution lies in a layered approach. Governments should be able to “discover, attribute, and disrupt” the actions of criminal, non-state, state, and rogue actors and hold them accountable.
American and German participants were unified that increased transatlantic cooperation and improved cyber capabilities in both countries will help improve deterrence and accountability of those bad actors.