Dozens of NATO and EU diplomats who focus on cybersecurity issues descended upon Estonia last week for their first-ever “summer school” training on cyber diplomacy.
The sessions focused on lessons learned from previous international negotiations on cybersecurity issues, technical developments on the latest cyberthreats, and international norms and laws in cyberspace. For five days the 80 diplomats participated with cybersecurity experts and academics in conversations and a simulation of a real-world international cybersecurity crisis, Britta Tarvis, media adviser for the Estonian Ministry of Foreign Affairs, told CyberScoop.
The objective was to help diplomats from EU and NATO countries get “a more in-depth understanding” of cybersecurity strategies and technological developments, and how those topics affect the implementation of norms and international law, Tarvis said. Twenty-six countries were represented. The development of what is accepted nation-state behavior in cyberspace is still in its nascent stages. It was only five years ago that NATO incorporated cyberattacks into its collective defense agreement, for instance, meaning a hack against one NATO member could trigger a response by the alliance. At the United Nations, broader cybersecurity laws are up for debate.
The U.S. State Department’s former top cyber diplomat, Chris Painter, who now serves as a commissioner for the Global Commission on the Stability of Cyberspace, was among the participants in Estonia. One of the key functions of the event, he said, was to help participants understand some of the technical details of different kinds of attacks.
“They don’t have to be programmers to be cyber diplomats, to be sure,” Painter said. “But they got a basic idea of what the threats are on the internet, drill down a little bit on what a botnet attack is, what an attack is, what an intrusion is.”
High demand for training
Painter expects this to be just the first of many cyber diplomat summer school sessions, in part because it was completely booked up.
“I think that many more wanted to come that couldn’t come due to space limitations,” Painter said. “At some point they had to say OK, registration’s closed it was oversubscribed.”
The interest in the summer school is an encouraging sign for the future of global cybersecurity in that it shows how nations’ leadership are increasingly seeing the importance of lacing cybersecurity conversations into diplomacy, Painter said.
“This is an entirely new area of foreign policy that’s literally been created in the last several years,” Painter said. “But it’s caught hold and you see a lot of dedication and international recognition of how important it is; there are technical issues that are important. The DHSes of the world, the law enforcement of the world, and the militaries of the world are important — but the diplomatic component is one that is just as important and it’s one that these countries recognize they have to grow and support.”
It was only six years ago that the U.S. had its first bilateral cyber dialogue with Japan to discuss sharing information on cyberthreats. Last month the U.S. only held its third-ever cyber dialogue with Estonia. In May, the U.S. had its inaugural cyber dialogue with the Dutch.
Estonia’s Ambassador at Large for Cyber Diplomacy Heli Tiirmaa-Klaar said diplomats will continue to be prompted to negotiate on issues related to cyberattacks.
“What is happening in cyberspace is increasingly affecting international relations,” Tiirmaa-Klaar said, according to Estonian Public Broadcasting. “Politicians and diplomats will have to face more and more complicated discussions on how to ensure an open and secure internet for people and ensure the sustainable development of technology. The summer school will allow Estonia and like-minded countries to look for answers to these questions together with experts.”
Negotiations loom this fall
Top of mind at the summit were the ongoing efforts at the United Nations to establish international norms in cyberspace, Painter said. The U.N.-based conversations, which have been taking place through a Group of Government Experts (GGE) for years, are set to continue this fall.
But there’s an added layer this year — China and Russia got a request approved to run an alternative conversation on cyber norms through a channel known as an “open-ended working group” that allows more countries to participate and potentially push off deadlines. China and Russia pushed back on the GGE construct over concerns that norms established through the GGE would interfere with their right to self-defense in cyberspace.
The newer cyber diplomats that attended the summer school in Estonia are still figuring out all the angles in these negotiations, Painter said.
“A lot of people were the new and upcoming diplomats in their services. So they’re beginning to grapple with and understand their position,” Painter said, referring the the U.N. conversations. “There was a lot of interest in how it’s going to play out. No one really knows yet.”
The U.S. State Department, which is involved in the ongoing work to develop cyber norms at the U.N., would not comment on the summer school, which operated under Chatham House rules for debate. The U.S. was represented at the summer school by U.S. Under Secretary of State for Arms Control and International Security Andrea Thompson, who delivered remarks on “the need for diplomats to specialise on cyber and new technologies in order to effectively address threats to national and international security,” according to the Estonian Ministry of Foreign Affairs.
Thompson was also scheduled for sideline meetings with Estonian Undersecretary for Political Affairs Paul Teesalu and Estonia’s Ambassador at Large for Cyber Diplomacy Tiirmaa-Klaar.