International law firm Allen & Overy offers extensive insights in cyber security, as it sits at the cross road of many areas of expertise and operates in over 30 countries around the world. Based in Allen & Overy’s Brussels office, Thomas Declerck deals with both the preventive and incident response aspects of cyber security, with a specific focus on investigating and litigating cybercrime.
Members in the picture
Séverine De Potter
Belgium’s Federal Public Service (FPS) of Foreign Affairs
Cyber diplomacy comes into its own in a world with increasingly severe cross-border state sponsored – as well as criminal - cyberattacks. At Belgium’s Federal Public Service (FPS) of Foreign Affairs, Séverine De Potter focuses on this new extension of the age old art of diplomatic response to skirmishes.
When did cyber diplomacy appear on the radar of foreign affairs in Belgium?
Cyber diplomacy is relatively new in the world of international relations. In Belgium, the first diplomat was assigned to cyber issues in 2017, when this topic grew in the department of multilateral relations. It became ever more important with e.g. the EU diplomatic toolbox and EU cyber sanctions, and this will continue. It is a rapidly evolving work stream and Belgium wants to have its voice heard in this debate.
The most important characteristic of cyber diplomacy at the national level is how it crosses boundaries between different departments and ministries. Input from the Centre for Cyber Security Belgium, experts in international relations and defence, private industry and regulators, regional authorities and defenders of fundamental rights is synthesized by diplomats to make sure that Belgium’s position is well reflected and heard. The FPS Foreign Affairs has several tools for this, as e.g. several consultation forums and the digital task force, a group of experts.
Can you give an example how this works?
Take for instance the difference between the ‘international peace and security’ work stream and the ‘Digital economy’ work stream. This last one handles the EU internal market, including the transition to a digital economy and all its ramifications.
An example in the ‘international peace and security’ work stream are the ‘confidence building measures’ (CBMs) in the Organization for Security and Co-operation in Europe – a group of 57 states covering security in Europe in all its aspects, from arms control to cyber issues. CBMs reduce conflicts between states and represent political commitments by states to enhance stability and transparency, and to reduce the risk of misperception and escalation.
There are 16 CBMs, with different purposes as the exchange of national terminology or reporting cyber vulnerabilities. CBM 14 is one of them, for the promotion of public/private partnerships (PPP). PPPs are key to ensure security and resilience, as public authorities cannot do this on their own. In Belgium there is already co-operation in PPPs at the level of the Cyber Security Centre Belgium (CCB), for instance through its early warning system, or projects such as a botnet eradication project . Belgium adopted CBM 14 a year ago, and yet more can be expected from two other committers, Austria and Estonia. CBMs offer also an interesting approach to enable technical agreement on a regional level, if a topic is too polarized at a higher and more political level. Examples are discussions on a severity scale of cyber attacks, and national definitions of incidents.
What about the digital transformation of the economy in the EU?
There is a lot at stake in the ‘digital economy’ work stream. Maintaining a front regarding innovation, and regulating the single market through acts, as the Data Governance Act requires solving many questions. Can we regulate the big tech companies? Should a digital platform pay taxes? What about the protection of private data? Technical standards? They involve also politics, as in the use of them, and their impact on fundamental rights. The European values must be heard! Non-state actors, too, must have a seat at the table for a free and stable cyber space, and hence a role to play in cyber diplomacy. Overall, at the national level, there are five elements that require the attention of cyber diplomacy: economy; international norms of state behaviour; development and capacity building; fighting cybercrime; and defence and security.
Is there need for a national defence?
The number of attacks mounts and diplomatic response to them becomes common. For Belgium, the close collaboration between Europe and NATO is essential, with those multilateral organizations complementing each other, with each having its own range of tools. The Cyber Defence Pledge requires NATO members to reinforce their cyber defence capacity, and Belgium has committed resources to this, opening the door for a future cyber component within the Belgian defence.
As digital technologies become more present in our daily work and private lives, cyber diplomacy will become more mainstream and diplomats will be more acquainted with the challenges that cyber space pose to international relations!