State Sovereignty in Times of Digitalisation

Vice Admiral Dr. Thomas Daum, Chief of the German Cyber and Information Domain Service talks about "State Sovereignty in Times of Digitalisation".

The increasing digitalisation has changed our world in a significant way. Today, we live in an information society. In many aspects, our focus is on information. Information has become a vital resource, which must be protected accordingly.

This key dependency is associated with risks and vulnerabilities. First of all, there is a reliance on technical systems which are functioning based on information in digital form. They include the broad spectrum ranging from critical infrastructure to home computers with the whole span from private financial information to digital pictures. Everybody has of course realised by now the serious consequences of a malware attack for global enterprises as well as for individuals.

With respect to the manipulation of information and and influencing with information, our open societies are particularly at risk. According to a recent study, governmental and private sectors are already considering the “manipulation of public opinion” through so called fake news to be the biggest cyber threat for Germany. Both elements – cyber attacks and disinformation – are of course essential elements of a strategy of hybrid influence that we can observe repeatedly. They are able to cause tensions, influence cohesion in states as well as in communities of states and, in extreme cases, even trigger violent conflicts. Therefore, the following statement should be considered true: “The ability of our society to cope with the challenges of the future depends on the solution to the question of how we can ensure the availability, integrity and privacy of our information”.

Armed Forces are not Sufficient in the Cyber and Information Domain

State sovereignty can no longer be exclusively defined by the physical control of a nation’s territory and borders. The protection against threats from the cyber and information domain has become essential. As early as four years ago, NATONorth Atlantic Treaty Organization recognized cyberspace as an additional military dimension. In the Bundeswehr, we have chosen a broader definition of this new military dimension – one that includes the information domain. Taking a holistic approach, we have combined our expertise in the field of the cyberspace and information domain to establish a new major organisational element. This enables us to face the new challenges.

However, there is a fundamental difference between the dimension of the Cyber and Information Domain and the other traditional areas of military operations. Conventional armed forces can certainly contribute to maintaining state sovereignty in the Cyber and Information Domain, but unlike in the other dimensions, this will not be sufficient. For example, military actions during a hybrid scenario will to a long extend just remain below the threshold of a military attack, which would of course lead to the employment of armed forces. Many important issues of such a scenario have not yet been fully addressed.
Sure, to protect us against attackers using conventional weapons, the police can take preventive action. But how do we prevent cyber attacks on our power plants?
How does prevention in this area look like? Was cyber security already considered a design feature of the plant? “Security by design” must be the standard of today’s engineering. Subsequent improvements can only be made to a limited extent and lead to high costs.
With respect to social media, there is a whole series of questions to be answered: Who detects deliberately-spread false information? Was any law broken at all or do the activities remain within the legal framework? So far, it is the task of civil society to address this problem, except there is a criminal offence. Civil society must develop the resilience to identify such campaigns and neutralise their effect.

A National Approach as a Response to Hybrid Threats

All of these examples illustrate the following: Digital sovereignty and immunisation can only be addressed in a comprehensive manner as a responsibility of the state and society as a whole. The cyber and information domain does not end at jurisdictional boundaries or at national borders. All relevant players – government, industry, science and civil society; national and international – must jointly tackle these challenges and need to work together in order to be capable to (re)act.

We need a common and comprehensive situational picture in the Cyber and Information Domain. We need the organisation and the procedures to be able to respond immediately and comprehensively whenever necessary. We need the infrastructure required for that purpose, the appropriate know-how and the associated state-of-the-art technology.
We furthermore need to consider the question how we can sufficiently maintain the ability to exercise command and control, to operate, to act and to function in the event of a failure of important infrastructure for whatever reason. The aim is resilience.
In a very different area, we can currently see how important resilience is and that this cannot be achieved overnight: Coronavirus has revealed several shortcomings. Let us learn from that!

by Dr. Thomas Daum  email