Third Transatlantic Cyber Dialogue Stresses Value of New Information Sharing Venues
Dr. Sarah Lohmann is Non-Resident Fellow with the American Institute for Contemporary German Studies at Johns Hopkins University. Dr. Lohmann is an Acting Assistant Professor in the Henry M. Jackson School for International Studies and a Visiting Professor at the U.S. Army War College. Her current teaching and research focus is on cyber and energy security and NATO policy, and she is currently a co-lead for a NATO project on “Energy Security in an Era of Hybrid Warfare”. She joins the Jackson School from UW’s Communications Leadership faculty, where she teaches on emerging technology, big data and disinformation. Previously, she served as the Senior Cyber Fellow with the American Institute for Contemporary German Studies at Johns Hopkins University, where she managed projects which aimed to increase agreement between Germany and the United States on improving cybersecurity and creating cybernorms.
Starting in 2010, Dr. Lohmann served as a university instructor at the Universität der Bundeswehr in Munich, where she taught cybersecurity policy, international human rights, and political science. She achieved her doctorate in political science there in 2013, when she became a senior researcher working for the political science department.
Prior to her tenure at the Universität der Bundeswehr, Dr. Lohmann was a press spokeswoman for the U.S. Department of State for human rights as well as for the Bureau of Near Eastern Affairs (MEPI). Before her government service, she was a journalist and Fulbright scholar. She has been published in multiple books, including a handbook on digital transformation, Redesigning Organizations: Concepts for the Connected Society (Springer, 2020), and has written over a thousand articles in international press outlets.
Ten German and ten American policymakers met at the American-German Institute in Washington, DC, on May 24 to continue work on cybersecurity proposals to strengthen the transatlantic relationship. The third Transatlantic Cyber Dialogue, co-hosted by the Hanns Seidel Foundation, focused on the legislative debate on cybersecurity in both countries, how this affects homeland security, and what cyber norms are needed to safeguard that security.
Just a week earlier, Senators Burr and Warner of the U.S. Senate Select Committee on Intelligence had made statements that the American election system remains at risk due to Putin-coordinated efforts. At the workshop’s public panel, Brett Freedman, the Minority Counsel for the Committee, stressed that getting over philosophical divides was key to tightening accountability on actors who seek to interfere in democratic processes through disinformation campaigns and compromise government systems through espionage intrusions.
Member of Parliament Reinhard Brandl (Christian Social Union of Bavaria) talked about Germany’s National Cyber Response Center as a way to coordinate cyber defense and information sharing on cyber vulnerabilities and profiles of perpetrators among the Interior, Defense, and intelligence actors. There was discussion of whether such a model could be used to also coordinate with allied agencies for the purposes of strengthened attribution of bad actors.
Karsten Geier, the head of the Cyber Policy Coordination Staff in Germany’s Federal Foreign Office, talked about the most urgent priorities for the cyber norms debate, including how to respond to cybersecurity attacks as an element of hybrid warfare, and the challenges posed to international law when states use cyber retaliation as a deterrence tool.
Teddy Nemeroff, Senior Advisor in the State Department’s Office of the Coordinator for Cyber Issues, said said that while there is broad consensus that existing international law applies to state behavior in cyberspace, there is still much work to be done in building consensus on how it applies. The United Nations’ Group of Governmental Experts for Cybersecurity has been an important venue for building consensus regarding the applicability of international law to cyberspace, promoting adherence to additional non-binding peacetime norms of state behavior, and recommending practical confidence building measures to reduce the risk of conflict stemming from cyber activities. He said that regional security venues, like the Organization for Security and Cooperation in Europe (OSCE), had been helpful in actually developing and implementing confidence building measures. In the future, he said it would be important for likeminded governments to work together to ensure there are consequences for states that act contrary to the growing consensus regarding what constitutes responsible behavior in cyberspace.
In the future, he said it would be important for there to be international cooperation between governments and the private sector to protect critical infrastructure, and recommended improved information sharing between foreign partners and allies on critical infrastructure disruption, including through Computer Security Incident Response Teams (CSIRTs). The panel was unified that transatlantic cooperation remains important for a stronger cyber defense. In addition, there was agreement among the workshop participants on new fora for information sharing and confidence building measures.