Cyber Defense Working Group Outcomes

Building a Smarter German-American Partnership
Bringing together leading cyber experts from Germany and the United States, the Transatlantic Cybersecurity Partnership discusses policies to address threats posed by cyber war and digital propaganda.

Information-sharing—for example on attribution for a cyber intrusion, potential cyber threats, or indicators of compromise—can happen between Germany and the United States best if it stays on the operational and technical level, working group participants agreed. Information sharing between and across countries is easiest when it happens, for example, between military branches, and stays separate from intelligence.

At the same time, participants agreed that the aim should be closer cooperation on information-sharing across agencies in order to defeat stove-pipe mentalities. In addition, there should be closer cooperation across the corporate sector and government. Information-sharing involving the vulnerability equities process will remain a topic for future discussion.

The working group proposed a “Cyber Defense Center Plus” as a forum to serve as a conduit for information on cybersecurity internationally, since it is already mandated to act as a hub to bundle data on cyber threats from police, military, and the intelligence community within Germany.

To strengthen confidence building measures (CBMs), participants agreed that joint exercises on operational cybersecurity should be undertaken between Germany’s Foreign Office and the U.S. Department of State in the near future.

Participants suggested that Germany and the United States undertake a division of labor on attribution and threats using Open Source information and Early Warning tools available in both countries.

In terms of labeling intrusions as offensive or defensive, the group agreed on several categories that aid in categorizing the two. Location of the attributed server, as well as the server or network suffering the intrusion, the modus operandi used for the intrusion, and the effects of the intrusion on the intended target (military, state, or civilian) all help provide clues. In addition, the perception of the victim as to whether the intrusion was offensive and causes lasting damage plays a role in making this assessment.

For five months, 10 experts from Germany and 10 from the United States met in Munich, Berlin, and Washington to discuss the most pressing cybersecurity issues for transatlantic cooperation. Participants from the German Federal Foreign Office, the German Defense and Interior ministries, the U.S. Departments of State and Homeland Security, the United States European Command Joint Cyberspace Center, the Bundestag, academics, and tech companies discussed common threats to both countries in two working groups. The cyber defense working group made concrete progress in proposals for improved information sharing on cybersecurity threats between the two countries, while the digital propaganda working group made proposals for the governments of both countries to use everything from a “Bot-Labeling-System” to “Fact-checking Gateways” to deal with disinformation campaigns. These are the final outcomes of each working group, which will be expanded upon in greater length in our upcoming publication.