CYBERSEC 2021: Partnering across oceans and seas.
By Katie Aulenbacher, the CyberWire staff
Mar 23, 2021

"Together Against Adversarial Internet" addressed questions of policy, economics, security, and innovation through the lens of our shared digital future. CYBERSEC took up the the Three Seas Initiative and issues of collective security in cyberspace.

CYBERSEC 2021: Partnering across oceans and seas.

Polish Chancellery of the Prime Minister Secretary of State Marek Zagórski addressed regional partnerships in a segment titled “The Three Seas Initiative as an integral part of the new transatlantic technology alliance.” Remarking that the EU is falling behind in the digital race, he said clearly defined objectives and a healthy attitude towards digital sovereignty, tempered by the necessity of collaboration, would further the bloc’s strategic goals.  

Zagórski mentioned that the Internet enables companies to monopolize markets in countries while maintaining no physical presence there. With a hand wave at social media, he expressed a desire for businesses to divide the rewards of joint labors, from profits to intellectual property to political advantages. Raising another important form of collaboration, he characterized cybersecurity as an essential component of strong military alliances. 

Moving on to the Three Seas Initiative, Zagórski described the indicators of success as tight coordination and exchange of information and intelligence among member states, facilitated by protected infrastructure that allows cyber organizations to collaborate on one network. He envisioned joint regional facilities and tools, and an abundance of cross-border initiatives. 

Three Seas currents and squalls.

A panel discussion on “Green and digital Three Seas investments - on the way to innovative and resilient Europe's eastern lung” moderated by Former UN and US State Department official Scott Malcomson began with an overview of the Three Seas Initiative. Estonia Ministry of Foreign Affairs Secretary General Jonatan Vseviov explained that twelve nations totaling 100 million citizens, or a quarter of the EU’s population, are working to remedy a lack of connectivity brought about by fifty years behind the Iron Curtain. The region is now poised for explosive growth, and must navigate questions about who should own and manage infrastructure upgrades. Vseviov said Three Seas capitalizes on the fact that the strength of democracies and free markets lies in the private sector. The venture’s goal is encouraging strategic industry investments, and results are already rolling in. 

Three Seas as a capacity-building exercise.

Former US State Department Coordinator for Cyber Issues Christopher Painter characterized Three Seas as a “capacity building initiative,” foundational to social and economic progress, with the potential for an EU-wide impact. He stressed the need to build in security from the start, encouraging leaders to think about what could happen if it’s treated as an afterthought. Done correctly, he said, the project could be a model for the world of how to build common infrastructures despite disparate political, economic, technological, and security regimes. Three Seas Initiative Investment Fund Chairman of the Management Board Piotr Karnkowski drove home this point with the observation that the project spans eleven languages. 

Former Slovenia Minister of Public Administration Boris Koprivnikar defined the region’s thematic priorities as infrastructure, trust, risk management, regulation, collaboration, and digital literacy. He sees the role of the Government as coordinating stakeholders, sharing information, and outlining the problems, and the private sector’s job as generating the solutions. Imagining a future with shared 5G-enabled automated transportation and manufacturing solutions, PwC Cybersecurity Lead for Public Sector Managing Director Karol Okoński envisaged a digital highway with fiber optic infrastructure and networked data processing centers running through the Three Seas region. 

These solutions will require a great deal of coordination between member states, Okoński said, with issues of proportional investment, preference about technical specifications, and security at play. Vseviov added that states won’t draw up lists of safe and unsafe firms and investors, but will instead promulgate principals and general guidelines. 

Build first and secure later may not be the best way to foster cross-border trust.

Malcomson observed that tech companies often build first and secure later, and pressed the issue of how trust will play into cross-border investments and technologies. Digital agreements are just one part of international alliances, Koprivnikar replied, emphasizing the distinction between policy objectives and the tools needed to reach them. He said Three Seas represents a new tool, not a new alliance, and conversations about trust will take place in this larger context. Malcomson wondered what could happen if a member state took a turn towards authoritarianism. Painter responded that civil liberties are an ever-present concern in international relations, and should be addressed with systems’ risk management protocols, especially in the case of 5 and 6G, which present significant opportunities for abuse. 

The US remains committed to supporting the Three Seas.

Seguing from ongoing human rights concerns and the Trump Administration’s efforts to weed out insecure vendors like Huawei, Malcomson asked Painter if the Three Seas Initiative remains a priority for the Biden Administration. Painter affirmed President Biden’s strong interest in international collaboration and said the project should expect the US’ continued support. While worrying over a widespread lack of awareness of cyber’s impact on policy, the economy, and society, he noted that the Administration has placed a good number of cyber-competent people in high places.   

The panel closed with a review of the initiative’s priorities as Bulgaria takes up the mantle. Vseviov said that all members need to invest some “skin in the game,” then the focus can turn to enticing private sector partners. Karnkowski also emphasized public-private partnership building. Koprivnikar said that clarifying investment rules will draw investors, and communicating transparently about national differences will build trust. Okoński returned to the issue of designing for cybersecurity from day one. Painter seconded this point, adding that it will be important to develop a clear “roadmap” for what is needed to construct a transnational digital superhighway.   

The specter of a cyber blitz.   

Former US Secretary of Defense Leon Panetta shared his perspective on the topic, “The cyber Pearl Harbor warning – 2021 and beyond.” While there’s broader acknowledgement of cyber domain dangers than when he first sounded the alarm a decade ago, he said, threat actors have since cultivated more impressive capacities, and allied defenses are still inadequate. Panetta identified better intelligence gathering and sharing as the solution, bolstered by public-private partnership and coordinated defenses.  

And it’s a wrap. 

Kosciuszko Institute Chair Izabela Albrycht summarized the conference’s chief takeaways. US-EU partnership is crucial to navigating emerging technologies and the rising threat of Russia and China. Government, academia, and industry all have a role to play. International norms should reflect democratic values, but stakeholders need to hammer out shared definitions. Data flows are another temporary sticking point, and work remains to be done on strategic foresight and security by design. The main conclusion, she said, is that we’re in this together.