Director’s Letter

Welcome to the 18th issue of per Concordiam. This issue covers the complex problem of cyber security, from the legal framework required to prosecute cyber criminals to the whole-of-government approach necessary to protect critical public and private infrastructure from cyber threats. As societies become increasingly reliant upon information technology systems and networks to provide essential daily services , the need for policy, strategy and enforcement agencies to protect networks, capabilities and services also increases. In addition, the cyber dimension is not geographically delineated, nor is participation in the cyber arena limited to identifiable state actors, which makes policing, investigation and prosecution more difficult. Governments and societies should strive to create comprehensive cyber security policies that consider the public and private nature of cyber, and the balance between privacy and protection.

In recent years, we have seen improvements in cyber security throughout Europe and Central Asia. Both Estonia and Georgia have implemented tailored cyber security programs and policies, after experiencing significant cyber attacks in 2007 and 2008. Georgia developed a comprehensive cyber strategy that included the public and private sectors, and Estonia continued to improve the NATO Cooperative Cyber Defence Centre of Excellence based there. In 2014, United States European Command celebrated the 20th anniversary of Combined Endeavor, a longstanding human and systems interoperability exercise among NATO and Partnership for Peace nations. Cyber Endeavor was created in 2009 to increase partner capacity in cyber defense, and improve the skills of several nations participating in Combined Endeavor. Combined Endeavor included 40 nations sharing information at the human and system level. In 2013, the NATO Cooperative Cyber Defence Centre of Excellence published the Tallinn Manual, a legal framework that applied established international laws to both hostile offensive cyber operations and legitimate cyber self-defense measures. The Czech Republic recently created the National Cyber Security Centre to coordinate a whole-of-government approach to cyber security, and consolidate all cyber-related efforts. Several nations have created computer emergency response Teams (CERTs), and have begun designing legal and policy frameworks to establish cyber defense and responses. These are great examples of nations understanding the cyber threat and implementing policies, creating capabilities and adopting procedures to mitigate threats and improve security in the cyber domain.

As nations continue to address the growing reliance on the cyber domain, it is important that decision makers understand these threats and develop policy and strategy to implement robust cyber security programs. It requires leadership involvement in establishing priorities, policy, legal frameworks and international agreements. It also requires whole-of-government and whole-of-society approaches, including cooperation between public and private sectors. As states improve their capabilities to combat cyber crime, they will face the task of balancing security with privacy and establishing partnerships with the private sector.

At the George C. Marshall European Center for Security Studies, we are proud to inaugurate the Program in Cyber Security Studies (PCSS) to meet the needs of senior government officials aiming to improve their knowledge and understanding of transnational cyber security challenges. Our program is a nontechnical course that can help legislators, diplomats, ministerial staff, law enforcement and military leaders gain familiarity with cyber security best practices. This program is taught by world leaders and experts from government, industry and academia. Our program will include a two-week resident course, non-resident events throughout Europe and Central Asia and cyber-specific alumni events. The PCSS will focus on whole-of-government approaches to cyber challenges and developing cyber strategy and policy. It will help leaders understand the cyber environment, and build a framework for international collaboration.

We welcome your comments and perspective on these topics and will include your responses in future editions. Please feel free to contact us at [email protected]