May 3, 2021
How the US and EU can counter digital threats together
The United States and its allies face significant and growing threats from Russia and China in “hybrid” and “gray zone” warfare, fought at least partially in the digital and information environments. The threats aren’t all the same: They range from Russia’s cyberattacks and electoral interference against Europe and the United States to China’s long campaign to dominate key technology sectors such as 5G and artificial intelligence.
While different in style, Russian and Chinese threats all seek to exploit gaps in Western cyber defenses and digital and information governance. These gaps exist because national policies, laws, regulations, and standards vary across NATO members and across military and civilian dimensions of the Alliance. As a result, to create effective defense strategy, NATO must recognize that the military threat environment is shaped by the civilian organizations that write these rules.
A partnership to close the gaps and secure democracy
To close these gaps as a part of its defense strategy, the United States should develop a strong collaborative relationship with the European Union (EU) in the digital and information sphere. This initiative could be included as part of a broader US government approach to the EU or be an exclusive objective for the US Department of Defense, which would narrow the relationship’s focus and separate it from other issues such as energy, migration, and trade. Such a strong US-EU relationship would counter Russian and Chinese hybrid threats by unifying transatlantic defense and civilian digital and information governance. Big US tech companies may not like it, given their distaste for European regulations, but security needs should trump those concerns.
The United States should work through NATO, leading the effort while avoiding becoming hostage to the ups and downs of NATO-EU relations, which necessarily focus on other policy areas such as maritime security. And because the authoritarian threats from Russia and China, while different, seek to undermine democracy, democratic countries should unite to counter them.
Why the EU? It is the most important international regulator in the world on everything from trade to technology, as Anu Bradford describes in her book The Brussels Effect. “Few regulations have impacted global digital companies or their users more than the EU’s 2016 General Data Protection Regulation,” Bradford writes. After the EU, the United States is the second-most important global regulator because of its economic size, its historic economic role, the dominance of its digital technology firms, and, importantly, its cybersecurity and warfare capabilities. Thus, a strong, collaborative partnership between the United States and the EU would provide a distinct edge over Russia and China, equipping the partners to directly counter Russian and Chinese hybrid-warfare tactics.
Such a partnership would leverage the EU’s considerable regulatory capabilities and effectively unify Western defense and civilian governance of the digital and information environments. Shaping this environment—choosing your battlefield and forcing your adversary to compete under your preferred conditions—is a key element of a successful strategy. Neither Russia nor China makes clear distinctions between military and civilian domains. And for too long Russia and China have been able to exploit gaps among Western countries, such as the lack of consensus on Chinese 5G technology, to issue their threats. Defense Department cooperation with the EU may appear unusual, even if done through NATO. But it would reflect the fact that this is a threat to both Western defenses and civilian economies, and it would empower a large and capable coalition of countries to work together in addressing this threat.
This collaboration should extend beyond periodic conferences. It should permanently link the regulatory capacities of the EU with the powerful military-security digital and information capabilities of the United States and NATO. This would require both the United States and the EU to compromise and implement changes that benefit the other at their own expense, with the goal of improving collective security. For example, the United States could use its cyber capabilities to help defend the EU against Russian and Chinese cyberattacks. In turn the EU could adapt its regulatory frameworks to weaken Russia’s and China’s global cyber power. Admittedly this will be a significant diplomatic challenge. But it would give weight to the United States’ goal of forging an “alliance of democracies” and would “ensure a free and fair digital future” that protects the transatlantic community from “malign influences, state surveillance and monopolistic practices,” according to a report from Harvard’s Belfer Center for Science and International Affairs.
But there are risks to such an endeavor. The EU would be concerned about the United States over-emphasizing military and intelligence interests, which may weaken civil liberties and privacy. Similarly, military efforts to emphasize digital security at the expense of open development could throttle the dynamic commercial foundations of the information revolution. Lastly, private US firms are likely to resist efforts that impinge on their business models and profits.
We may be entering a period in which structural change in the digital and information environments is easier to attain. Recent developments like the Australian government requiring Google and Facebook to pay for news indicate that the private technology industry is losing influence and governments are gaining it. In this new period, addressing Russian and Chinese threats via a US partnership with the EU through NATO may be achievable, even without weakening civil liberties and privacy or subordinating civilian governance of the digital and information sphere. The future of democracy may well depend on whether or not that’s the case.
Harry I. Hannah is a retired Central Intelligence Agency officer who worked on a variety of intelligence issues during thirty-four years in the intelligence community. He currently works for The MITRE Corporation. CIA approval for publication does not represent agency endorsement or verification of this work.
Further reading
Image: A US Air Force airman works at the 561st Network Operations Squadron at Petersen Air Force Base in Colorado Springs, Colorado July 20, 2015. Photo via Reuters/Rick Wilking.