– China accelerated its technological development thanks to the so-called military-civil fusion. I believe Europe should follow suit – Izabela Albrycht, Chair of the Kosciuszko Institute, says in an interview with BiznesAlert.pl.
BiznesAlert.pl: What has been the impact of Russia’s aggressive policy, for instance during elections, on cyber security?
Izabela Albrycht: The challenges cybersecurity is facing are changing together with the developments in geopolitical relations and the technological race between the top actors. For a long time now, threats from cyberspace have been present in our physical world as well. First, we have been dealing with Russia’s aggressive policy for a long time. This forces us to enhance the resilience of critical infrastructure facilities and systems to cyber attacks. In the past, the attacks on infrastructure of countries such as Estonia, Georgia and Ukraine were attributed to Russia. Therefore, this applies especially to those countries, which traditionally may be subject to hostile actions commissioned by Moscow, because they are located in the area of its historic resentment, or are in a strategic confrontation with it. It is also worth noticing that the attacks in cyberspace are increasingly more technologically advanced, but the reactions to them – such as economic or diplomatic sanctions imposed by the attacked states – are not. Secondly, it is necessary to build resistance to misinformation and propaganda. They threaten democratic institutions, such as elections, and increase social polarization. It seems that with the development of sophisticated methods of profiling the users of social media and the application of AI, e.g. to create the so-called deepfakes, these threats will become even more serious. Unfortunately, in recent weeks and months Russia and China have been cooperating on constructing a united, anti-Western narrative, which looks like coordinated propaganda, whose goal is to undermine the existing international order and to support the false narrative on how the Covid-19 pandemic spread. This is disturbing because both of those countries do not share the same rules and values as democratic states. Political scientists may ask whether this is a widespread disinformation campaign, which will grow in size during the presidential election campaign in the USA, similarly to what happened in 2016. However, this time we might be dealing with its new version managed from not one, but two capital cities. This turn of events seems possible due to the tensions between Donald Trump’s administration and the leaders of the Communist Party of China. However, one could ask whether in such a case both countries would “bet on” the same candidate. The coming weeks will give us answers to both questions.
How will cybersecurity be affected by the fact that Huawei is being eliminated from the Polish and other markets?
I don’t completely agree with the thesis in your question. At this point Poland has not yet made any decisions that would determine the future of this company on the Polish market. Still, some studies show that the average number of security vulnerabilities in Huawei’s rivals’ devices is significantly lower than in Huawei’s products, so based on that, you could come up with an answer to your question. At the same time, cybersecurity of 5G networks is not only about the quality of hardware and software, but also about the trustworthiness of the suppliers of those solutions and the security of the supply chain. This last issue is especially important, because the security has sharply decreased due to the pandemic; and the actions taken by the U.S. administration, which has made it de facto impossible for the Chinese company to obtain significant components for the 5G network. This is the main reason why Great Britain changed its decision on engaging Huawei in constructing the 5G network in that country. The EU has acknowledged the different security aspects of the 5G network as well. This is evidenced by the comprehensive scrutiny of the issue, which resulted in proposing the EU toolbox for 5G security. In the recommendations, the EU has stressed the need to consider various aspects (non-technical, including political) and risks caused by foreign suppliers (who are, for instance, at risk of intervention from their governments, an example of which is the Chinese national counterintelligence law from 2014, and amended in 2017). Finally, in the future, national security, in its defense aspect, will also depend on the 5G network, an issue pointed out by our NATO allies.
How should the accelerated digitalization caused by the coronavirus pandemic impact cybersecurity policies?
In recent years we have witnessed how the EU expanded its ideas about strategic autonomy to various sectors, such as telecommunications, AI, cloud computing and space. For each and every one of these sectors cybersecurity and supply chain security play a major role. This way of thinking about building our digital reality should be continued, because the possibility of creating our own safe technological solutions is also an important part of economic strength and the continent’s competitive advantage. Therefore, if the transition has accelerated, the digital market will grow even more and we may, or even should build a strong position in it, which will maintain our economic development and GDP growth. The ICT sector can be a strong driver for growth, so it needs to be noticed that it offers a developing market of products and services for network security and IT systems. We are drawing attention to this issue as part of the initiative and the first cluster in Poland #CyberMadeInPoland. Still, the European Union will always buy ICT products and services, but it should use its regulatory powers over foreign and domestic suppliers to maintain high expectations with regard to their reliability, resilience, cybersecurity and privacy. This means there will be many challenges, because the technical advancement and the intermingling of various disruptive technologies will increase not only the number, but also the sophistication of cyber attacks. Because new sectors of the economy will undergo digitization, or even convergence, i.e. a fusion between the digital and real worlds, all of the areas of our activity will be at risk of being attacked. Some of those will become the new critical sectors, and we need to realize this change is coming. The review of the NIS directive, which has recently started will definitely look into this. We will be talking about this at the CYBERSEC conference.
How should NATO and the EU develop their digital cooperation?
This is a very important question. I would say it’s fundamental. China has accelerated its technological development thanks to the so-called military-civil fusion. I believe Europe should follow suit. This is why it is crucial to include in the political and public debates, as well as in the strategies and policies, the issue of technological developent and all of its aspects that pertain to NATO, not just the EU. Many technologies have civilian as well as military application. This is why for a while now, NATO has been putting a lot of effort into creating policies for innovative solutions and advising member states on strategic aspects of breakthrough technologies. Additionally, it also wants to lead in innovative research. Jens Stoltenberg, the Secretary General of NATO, established the NATO Advisory Group on Emerging & Disruptive Technologies, to which, as you know, I have been assigned by Poland’s Foreign Ministry. The group’s main job is to help to realize those ambitions. The person responsible at NATO for this process is Mircea Geoană, Deputy Secretary General of NATO, who will be one of the main guests opening this year’s CYBERSEC. Apart from the issue of developing the mentioned technologies safely, it is also extremely important to have a shared view on the security of digital data and on the attribution of attacks in cyberspace. When it comes to the first issue, the European Commission, realizing data was the driver behind economic growth, published the European Data Strategy. However, such deliberations, and the implementation process of the strategy should spread horizontally into all areas, military and civilian, across all NATO member states. We should strengthen the cooperation between the EU and NATO in this area.
What does the next CYBERSEC want to achieve?
The geopolitical dynamic has accelerated to include new technologies, and at the same time led to cold and hot digital wars. This is why we will call on like-minded countries to take joint efforts to strengthen the security of the new digital world, in which we have been living since the beginning of the pandemic. We are hoping that the talks initiated during the CYBERSEC will turn into initiatives and large state coalitions, that will try to face the challenges posed by the development of 5G networks and AI. Whereas, when it comes to the EU, what will matter are the recommendations on ways in which we can secure “Europe’s Digital Decade”, a term coined by the EC President Ursula von der Leyen, that describes Europe’s period of dynamic digital development. In her recent speech, she announced that 20 percent of the EUR 750 bn recovery package after the pandemic, will be spent on digital investments. In an interview with Joanna Świątkowska, PhD., the EC Vice-President Margrethe Vestager, who is responsible for overseeing this process, will talk more extensively about those plans.
Interview by Wojciech Jakóbik