The European Union today faces some serious challenges including growing levels of populism and the threat of foreign intervention through cyber-attacks. Last year’s alleged Russian-led cyberattacks on US Democratic Party servers as well as Chinese government cyber espionage against other governments and companies have provided worrying precedents. Although it is hard to measure the actual impact these attacks had on the election results in the US, concerns are growing amongst European leaders that their electoral procedures are vulnerable to manipulation.
With elections rapidly approaching in three EU Member States (The Netherlands on 15 March, France on 23 April, and Germany in late September), these vulnerabilities are of immediate concern. Populist parties such as the Dutch Party of Freedom (Partij voor de Vrijheid), the French Front National, and the Alternative for Germany (Alternative für Deutschland) are already unsettling the political system, this new cyber threat presents an additional element of uncertainty and creates further risk of political instability.
The European Agency for Network and Information Security has urged politicians to take cybersecurity seriously, starting by encrypting their communications. National governments have started to respond. In February, the Dutch government decided to count all votes cast in the national election manually to avoid manipulation. French President Hollande, meanwhile, recently acknowledged that hacking was a major threat in light of the upcoming elections and organized a Defense Council on 23 February to discuss possible ways forward. Likewise, Germany is preparing for hacks throughout the election year, and put the issue forward for discussions between interior and defense ministers from a range of nations at the Munich Security Council 2017.
At this same Council, Andrus Ansip, the European Commission’s Vice-President responsible for the Digital Single Market, emphasised the global threat of cybercrime and the risks it poses for democratic processes. In his opinion, close coordination between governments, law enforcement, industry and NGOs, and a solid commitment to research and investment in cybersecurity are key to heading off this threat. Julian King, the EU’s Commissioner for Security, has likewise urged the EU and its Member States to shore up their defenses in the face of the mounting danger. It has become clear that the Commission sees cybersecurity as a political priority.
At European level, the launch of a cybersecurity public-private partnership as well as the implementation of the NIS Directive are concrete measures being taken. However, a more systematic approach is needed, which motivated the Commission’s plan to review the EU’s cybersecurity strategy this year. The early indications are that this strategy will include a focus on tackling cybercrime and working with partners around the globe.
While these are important elements of a response to the cyber threat, including in the political realm, we hope to also see a recognition of the fact that, as we have argued before, cybersecurity is a shared responsibility.
Ensuring that any cybersecurity framework starts with an understanding of the fundamental properties of the Internet and an appreciation of the complexity of the cybersecurity landscape is the critical part of an effective response – and a multistakeholder cross-border collaboration is an essential component of it. We must all work with policy makers in our region to make sure this happens.