Cybercrime and hybrid war: How does the EU react to new security challenges?

Despite 70 years of peace in the EU, our security is more fragile than ever. We live in the age of asymmetric threats and hybrid war. Cybercrime is a good example to demonstrate these principles. Cybercrime has a civilian and military dimension, both of which are potentially very dangerous. Our capacity to handle these challenges on the basis of national state is ever more limited. But lack of trust and political leadership prevent us to move to a genuine EU Defence and Security policy. Liberals have to deal with these issues; otherwise the populists will dominate with their false promise of total security. Ultimately, our freedom as at stake. Estonia is once again showing us that government can play a positive role. These are the main lessons from three Defence and Security Seminars organized by FNF in cooperation with ELF.


Your App is watching you

Apps for smart phones are great not only for playing games but also for some practical purpose. You can transform your cell phone camera light into a torch with a single click. You just need to download a certain application. No need to pay for it. At least with money. No wonder these apps are very popular. Top ten torch light apps score more than a billion of downloads.

Very few of the users, however, have a clue what is happening after they turn on the light. Most of these applications simultaneously activate your cell phone GPS, camera, microphone and Bluetooth. Why? All these technologies enable collection of your data that can be sold to any advertising company. In better case. In worse case, it is spying on you, i.e. gathering data from your calendar and your contact lists, and storing your geolocation. And guess what - you agreed with this when installing the app. This does not necessarily mean that your data is abused in all cases. But just the fact that most of the apps send data to countries such as USA, India, China and Russia should raise our eyebrow. While these examples may be worrying, it is actually nothing new: people are willing to give up their privacy for free stuff. People should understand that there is nothing such as free app. Your data is what you pay with.

Ever more connected, ever more vulnerable?

However, there are other examples of possible abuse of our ever increasing connectivity that might have an impact on a much larger scale. Thanks to WikiLeaks we now officially know that there are hundreds of thousands of hacking attacks on US public authorities’, banks’ and corporations’ networks from China alone, with thousands of them being successful, leading to theft of sensitive data. These may be passwords, credit card details or some highly confidential results of R&D of innovative companies.

These are just two examples of a relatively new phenomenon: cybercrime. In 2007, Russia launched a coordinated attack on Estonian government as part of their revenge for the anti-Russian protests in Tallinn. Stuxnet, on the other hand, is being quoted as the success story of US intelligence being able to sabotage Iran’s nuclear program.

Cybercrime has become not only a central element of diplomacy but also an important tool in what we call hybrid wars. Although trade and mutual cooperation prevails in globalized war, governments still spy on other states and try to exploit their information advantage.

Exploiting the vulnerabilities of your opponents is the basic principle of hybrid war. The vulnerability may be defined in a very broad sense: weak military capacity, political unrest, corruption, radicalized minorities and anything else that enables the opponent to increase your instability.

Traditional warfare always aimed at destroying the opponent´s critical infrastructure. This involved ports, roads and railways, electricity and gas grids, water supply, heating systems, food production chains. Currently, the critical infrastructure also contains healthcare, finance or information services.  Internet is the backbone of all these subsystems and its major breakdown can cause serious communication and coordination issues. This is why we have to care about our security standards in cyber space.

Importance for liberals?

Different forms of cybercrime are examples not only of hybrid warfare, but also of asymmetric threats. Hacking attacks were used by Russia before attacking Ukraine in a disguised way, but also by ISIS, a non-state actor (do not be confused by the word “state” in its name) when spreading their propaganda in Europe or in the US. Both individuals and governments can use the Internet for malicious goals.

Both the war in Eastern Ukraine and the Paris attacks should remind us that our security is very fragile. As soon as a threat becomes immediate, it is very easy to resort to the politics of fear. The shock and panic resulting from acts of terrorism increase public demand for all kinds of measures that can be used to curb civil liberties. Anne Brasseur, former Luxembourg minister and current president of Parliamentary Assembly of the Council of Europe, puts it very succinctly: “an absolute 100% security does not exist”. Yet this is exactly what populistic parties will promise. This may easily trigger a vicious circle. Out of fear, people easily become less tolerant, governments use protectionist policies, societies become more closed, foreign policy turns more aggressive. Fear creates a very hostile environment for freedom. This why we must not take our security for granted and deal with emerging challenges such as cybercrime.

Possible solutions

Cybercrime by definition disregards any physical borders and as such is a global challenge. You can launch an attack on any computer from any spot in the planet providing you are online. Cross-border cooperation is crucial when fighting these challenges. It is difficult to prosecute cybercrime coming from another state. But even the EU is too small to do so, as we face threats from Iran, India, China or Russia. In the absence of a global governance, at least a functional framework within the EU is needed. The current state, alas, is far from perfect. Many states created special domestic institutions monitoring attacks on critical infrastructure. There is, however, no duty of informing other states, although the threat may spread across borders very quickly.

Lack of cooperation is something the European Commission tries to address within the Digital Single Market Agenda. It applies stick and carrot principle. EC wants to oblige states to inform each other through legislation (stick) but also by giving money for public private partnerships in cyberspace (carrot). Concrete framework for PPP will be concretized in 2016. Both measures are not unproblematic: it is difficult if not plainly impossible to legislate mutual cooperation which require high level of trust. PPP as a tool often disappoints if not implemented carefully.

As so often in case of internet related issues, one should look at Estonia when searching for solutions. Their government defines cyber security as one the public goods. Toomas Hendrik Ilves, the Estonian President, calls for a change of the Orwell paradigm where the state is the ominous big brother. We are moving to the age of big data where states are not the most potent actors any more. Estonia is pioneering this change. Solid e-government architecture based on digital signature can make the whole state more transparent while also strong enough to be able to guarantee high level of internet security. It is a pity than that Estonia remains one of the few countries that implemented the principles of digital signature.

Double edged sword of interdependence

What is true for the cooperation in cybersecurity actually holds in the broader context for any military cooperation. The conundrum seems to be the combination of increased dependence in globalized world and the insistence on principles of national sovereignty.

Despite the need to cooperate closer, there is a reason why the first proposal for military union failed in the early 1950s. The ability to defend one´s own territory is the ultimate sign of national sovereignty. France was not willing to give up its national sovereignty back then and defence policy for a long time remained national and NATO prerogative.

Some 60 years after declining the first proposals for closer military cooperation within the European Community, the challenge remains surprisingly identical: Are individual member states willing to give up some of their abilities and previously highly guarded know-how and share it with other states? Do Dutch people trust Belgian jet fighters to make their sky safe? Do Czechs have enough trust in Polish military schools so that Czech defence elites may be trained there? Can Hungarian politicians be trusted not to pass some of the know-how outside NATO and the EU?  

As Hans Van Baalen, the newly elected ALDE president, argued during a FNF seminar: ISIS and Putin have brought Security and Defence policies back on the EU agenda. Further pooling of national security is inevitable in his opinion. At the same time, positive development cannot be taken for granted. The devil is in the detail. Enhanced cooperation leads to higher inter-dependence. In an environment of trust, inter-dependence seems to be a solution. Yet if we lack mutual trust, interdependence can easily turn into our weakness. It is not only up to the political elite, but also up to the civil society to create the environment of mutual trust. That is why the Prague office of the Friedrich Naumann Foundation for Freedom in cooperation with the European Liberal Forum will continue to explore this topic in 2016.


22. Jan 2016

Go back

Our members