Security in Ukraine and Digital Europe

European security has again risen to the top of the world’s geopolitical agenda. Despite continued diplomatic efforts to defuse the Ukraine crisis, tension and suspicion between Russia and the West has escalated to levels not seen since the Cold War. This is forcing a rethink of the current regional security framework, which is based on three fundamental pillars: the United States, Russia and Europe.

Addressing the challenge of European security will no doubt dominate the discussions among political leaders and international relations experts from both sides of the Atlantic at this weekend’s Munich Security Conference (MSC). But, in addition to Ukraine’s plight, the impact of technological and digital innovation on security will also feature prominently.

The ongoing geopolitical tensions over Ukraine reflect a conventional, predominantly geographic, conception of security — reflected in the frequent use of terms such as “spheres of influence,” “Nato expansion,” “territorial integrity,” and “post-Soviet security space.” But although this vocabulary is indispensable to understanding the current Nato-Russia confrontation, the enormous geopolitical changes wrought by globalisation and technological advances over the past 25 years will increasingly eclipse it.

That is because geopolitical interdependence and seemingly ceaseless technological innovation have transformed the nature of global conflict. As Connectivity Wars, a collection of essays published by the European Council on Foreign Relations, makes clear, the global system’s hyperconnectivity enables actors — without resorting to open warfare — to cause grave damage in other geopolitical domains, such as the Internet, on which our economies have come to depend.

The cybernetic dimension of the confrontation over Ukraine thus should not be underestimated. In January, cybercriminals disabled several Ukrainian government websites for hours and published messages threatening Ukrainian citizens and the confidentiality of their personal data.

Previously, the US government estimated that the 2017 “NotPetya” cyberattack targeting Ukraine caused global damage totalling $10 billion, making it the most destructive ever. The malware infected 10 per cent of Ukraine’s computer systems before spreading throughout the world.

Nor, as then-US secretary of defense Leon Panetta warned in 2012, can we exclude the seemingly remote possibility of a “cyber Pearl Harbor” that paralyses critical US infrastructure. In any case, cyberattacks and their consequences are becoming dangerously frequent, and we still lack institutions or infrastructure strong enough to confront the threat.

In his book The Future of Power, Harvard University’s Joseph S Nye, Jr argues that one of the main trends of the twenty-first century is states’ loss of geopolitical influence. Cyberspace is a clear example of this. Leading powers may have an unrivaled ability to control the sea, airspace and outer space, but they do not enjoy comparable predominance in the digital world.

Moreover, the nature of cyberspace greatly lowers the cost of offensive action. For example, the costs of contracting a cybercriminal are minimal compared to the almost $80 million price of an F-35 fighter jet (not to mention the additional cost of maintenance, munitions and personnel).

Discussions at the MSC regarding the cybernetic aspect of security will take place within the framework of the transatlantic digital agenda, which took an important step forward last year when the US and the European Union established the Trade and Technology Council. The fundamental issue is how to regulate the digital domain in a way that allows us to benefit from its enormous economic possibilities while, at the same time, protecting ourselves from the potential risks it poses to our democracies.

The EU bases its approach to cyberspace regulation on two fundamental principles: competition in the internal market and user privacy. Because of the EU’s large, affluent market and regulatory strength, its competition and data-protection rules have given rise to the so-called “Brussels effect.” Large multinational technology firms not only comply with EU rules in order to do business in Europe, but also to avoid having to deal with multiple regulatory regimes, often integrate them into their global operations — including in countries with less strict regulatory standards. But a viable digital Europe must include a third pillar: security.

 © Project Syndicate