The Cybersecurity community of the Digital Society Initiative organized a workshop on cybersecurity cooperation looking at its current state and potential improvements. The discussion among experts and practitioners showed the importance of trust as an essential factor in cooperation.
Decades after the advent of the Internet, cybersecurity remains a difficult and complex issue and with the ever-growing number of connected devices, this complexity is increasing. From an international relations standpoint, there are also more actors of different types that need to be considered compared to other policy areas. In cybersecurity, not only states or other formal actors matter but also private companies, academic and technical experts as well as non-state actors such as cybercriminals and hacktivists need to be considered.
Given the growing awareness of the vulnerability of modern societies through cyberattacks, ways of increasing cybersecurity are needed. One way to bolster resilience against cyberattacks is better cooperation between various actors, especially between the private and the public sector. The Cybersecurity community of the University of Zurich’s Digital Society Initiative organized a workshop inviting leading academics as well as practitioners to discuss the current environment and practical implications of cyber cooperation with the Swiss Digital Initiative moderating the discussion.
Cybersecurity as “wicked problem”
The first panel of experts from various fields reflected the necessity of debating cybersecurity in an interdisciplinary way as legal, technical and political aspects come into play. While successful examples of increasing cybersecurity through successful cooperation were mentioned, e.g. in the case of information sharing of attack vectors between intelligence agencies or conventions to facilitate cross-border cooperation in case of cybercrime, the experts stated that the question of cooperation in turn raises a number of difficult questions, from state sovereignty to the role of various actors.
While cooperation is already possible and happening in the current environment, adjustments to legal frameworks, e.g. more clarity on the process of data-sharing after incidents, is advisable. In addition, the debate could benefit from taking several steps back and starting with the basic questions such as, what is the goal that stakeholders are trying to achieve through cooperation: is it increasing resilience against attacks, is it augmenting the success rate of criminal proceedings etc. Furthermore, there is not one way of cooperating to address all issues of cybersecurity. Rather, different threats demand different ways of cooperating.
Trust as a crucial component
Cooperation is not only linked to incentives, e.g. perceiving a clear value of sharing data about cyberincidents, but also to trust among the involved parties. This was not only stated by the first panel but supported by the second panel of practitioners from CERTs to law enforcement. On the day of the workshop it was revealed that the FBI was hacked leading to a flood of spam e-mails. This is just one example of how important trust can be but also that it needs to be earned so that it cannot be abused by malicious actors.
While cooperation among the private sector, the technical community and the public sector seems to be working reasonably well, especially as interests are often aligned, the experts nevertheless identified several potential improvements. What is needed to improve cooperation in cybersecurity is