In this era of cyber security, when nation-state digital attacks and cyber crime quickly cut across country borders and create global crises, international cooperation has become an urgent priority.
The need for global collaboration to cope with various pressing threats, from electronic espionage to ransomware attacks on critical infrastructure, is imperative to prevent economic and social disasters, top cyber security professionals and government officials say.
At this year’s Billington Cybersecurity Summit, leaders from across the globe gathered to discuss the importance of international partnerships in managing the persistent threats governments must address.
The near-total digitalisation of every aspect of society that exposes virtually all public and private sector services to escalating cyber threats dictates a more robust, collective defence. Moreover, as cyber risks intensify and multiply, governments worldwide are stepping up their own independent efforts to protect against the rising tide of digital threats.
Intelligence community spearheads international cooperation
Many international cyber security partnerships have their origins in the intelligence community.
“We have wonderful, deep partnerships with many sister nations across the world, and those partnerships continue to intensify in new and different ways,” George Barnes, deputy director, US National Security Agency (NSA), told conference attendees.
“Many of our partnerships started in intelligence and others started within cyber security. Now we're at this point where those two are inextricably linked. When you can bring them together for a nation, it's a powerful combination.”
Barnes spoke of more than just the well-known “Five Eyes” intelligence alliance among the English-speaking nations of the US, the UK, Canada, Australia, and New Zealand.
“Those of us in the Five Eyes partnership, we are making partnerships with others,” he said. “We have long-term partnerships, of course, in Europe, but we're spending a lot of time focusing on the Far East because we need them, they need us. And that creates an opportunity for us to help them up their game, sharpen their trade, and increase our ability as a nation to leverage the insights that they have that we don't have.”
Barnes said these international alliances make US partnerships a more vital route for dealing with cyber threats because US adversaries lack anything comparable. China and Russia, for example, focus on transactional relationships with other countries based on quid pro quos, while the US partners with other countries without forcing anything.
“That is very different from the equation that China, Russia, and some of the other countries we face have in their systems,” Barnes said.
Lt. Gen Timothy Haugh, deputy commander at US Cyber Command, said that each of Cybercom’s components has a partnership engagement branch, “allowing us to extend our reach to nations that want to be teammates, or perhaps they're just trying to get their feet on the ground.
"There's no reason that we shouldn't rapidly train them and then make specific actions that would make them less vulnerable to a determined adversary, but also then grow capacity that allows them to do whatever their nation needs them to be able to do.”
Other government agencies intensifying their efforts
Cyber security efforts are also underway outside the intelligence community, fuelled most recently by Russia’s invasion of Ukraine.
“We've tried to stay on top of everything we've learned from the Ukraine theatre, everything that we've seen the Russians do over there, and contextualise it and promote some Canadian messages,” Samy Khoury, head of the Canadian Centre for Cyber Security (CCCS), said.
“When they did DDoS, we pushed DDoS messages on the Canadian side. When they did the wiper malware, we promoted domestic messages to people to say, ‘Here are the signatures, here are the IOCs. Pay attention to that.’ So, it's been a constant learning and communicating what we are seeing.”
One cyber security lesson that Lindy Cameron, CEO of the National Cyber Security Centre in the UK, has learned from the war in Ukraine is the importance of resilience. “The Ukrainians have demonstrated what you can do if you are well prepared. The message we're doubling down on is, ‘Look what's possible even against quite a sophisticated adversary,’” she said.
Under Secretary for Policy at the US Department of Homeland Security (DHS) Rob Silvers said that one thing the US plans to do is work with international partners to seek a common incident reporting mechanism.
“One of the things we're going to be doing is engaging with international partners that have similar reporting mandates to see if we can find some common ground at that level, too, because we have multinational companies that are hit,” Silvers said.
“They may very likely have to report to multiple national authorities. There's no reason we shouldn't be able to find some opportunities to lessen the burden and have streamlined ways to do it.”
Silvers also wants the US to continue to break down the barriers to international cooperation. Cyber security is “so cross-sector, you just have to dissolve every barrier you can dissolve with people who are capable and whom you trust, whether they're companies or whether they're countries,” he said.
Countries learn cyber lessons from other countries
Gabby Portnoy, director general of Israel’s National Cyber Directorate, said, “Cyber crime, especially ransomware, is a global problem. We have to deliver, of course, internally on the state level but also internationally. And the interesting thing about it is the better we become, the worse situation goes” because it’s becoming more sophisticated every day.
“We are learning from the best, from the US, Australia, UK, Canada, Germany, and more countries,” Portnoy said. “And if we find good things, we even copy them, not try to invent the wheel. We are trying to gather all the relevant agencies to talk together. We call it the blue orchestra because we have the red one that talks with enemies, but now we need the blue one.”
Arne Schönbohm, president of the Federal Office for Information Security (BSI) in Germany, said he also borrows the experience of other countries to fashion how Germany responds to cyber threats.
“If we can learn from someone else who has had a successful initiative, we like to copy and paste,” he said. “We don't always have to invent the wheel twice or three or four times. We can learn from each other.”