I am pleased and honored to welcome you today at the Federal Foreign Office. This is day two of the Munich Security Conference’s annual Cyber Security Summit, and at the same time day zero of the Internet Governance Forum. I don’t know about you, but to my ears that sounds like time travel. Or like someone tinkered with the calendar on my telephone. Which brings us straight to the subject of this conference: Cyber security.
I think we all understand that digitalization will deliver greater prosperity and stability in the world. But it also creates a new virtual frontier that we need to secure. The internet as a global platform is facing serious threats, which we all need to respond to.
Last month, the German Federal Office for Information Security stated that cyber-attacks have risen to an even higher level of sophistication than ever before and that the IT threat situation remains alarming. Threats are growing and they are becoming more complex and more intertwined.
We are confronted by numerous attacks: on democratic institutions to influence elections, on companies to copy intellectual property, on international organisations like the OPCW to discredit them, as well as attempts to steal money from central banks or to extort it from private entities using ransomware.
Most threatening for an industrialized and interconnected country like Germany are attacks on critical infrastructure and vital industrial installations. Just think of: the damage the “WannaCry” ransomware inflicted on the National Health Service in the UK. Or the danger posed by the Triton Attack on a petrochemical plant in Saudi Arabia.
Whether we speak of individual actions or concerted campaigns, it is clear that our societies, our economies and even our government functions can be severely harmed by malicious cyber actors. Because the effects of cyber-attacks are two-fold: they have a technical, tangible effect when they destroy infrastructure. But they also have a political effect: They undermine trust. Trust between individuals and groups in our societies but also trust between countries and across political and economic systems.
Where trust in international relations is lacking, multilateralism is the best remedy. This is why we are strongly committed to upholding the rules-based international order. An order based on cooperation, the respect for international law and human rights in the physical as well as in cyber-space.
Our approach towards this goal is three-pronged:
First, we support the creation of a reliable, rules-based normative framework for responsible state behavior in cyber space. While there is a broad international consensus that international law applies in its entirety to cyberspace – that cyberspace is no unregulated “Nirvana” –, it has yet to be defined what this means and what behavior of states we can expect in cyberspace. Germany is working within the relevant UN-bodies on writing such a rule-book.
Secondly, we are strengthening our resilience as well as that of partner countries. In cyberspace more than anywhere else it is true that your own security is only as good as the security of your neighbors. We are mutually interdependent. We have therefore recently initiated a project to establish a European network of cyber experts. This way, we can improve the ability of partner countries to protect themselves against cyber attacks, and thereby protecting ourselves.
Thirdly, we support credible deterrence measures against cyber-attacks: There must be consequences for bad behaviour in cyberspace. Because what is true in live is true for the digital world as well: our bite should always be as good as our bark. We work together with like-minded countries to hold irresponsible States accountable when they act contrary to the existing framework of legitimate behavior in cyberspace. This must include taking concrete retaliatory measures, like those included in the recently adopted European Union cyber sanctions regime, which we strongly support. This regime – a part of the cyber diplomacy toolbox – will allow the EU to credibly and coherently respond to malicious cyber behaviour by third parties.
Apart from this three-pillar approach we also engage in other areas to make cyberspace more stable and secure. Let me give you some examples:
- Germany is a strong supporter of the multistakeholder approach for internet governance, and we are proud that the United Nations nominated us as “champions” for our reform of Internet Governance Structures.
- The “European human rights based approach to Artificial Intelligence” – together with other international efforts – is a good stepping stone to creating a global standard on AI. Contributing to such a global standard will be a priority of our upcoming EU and Council of Europe presidencies. And we will introduce this approach to Artificial Intelligence into the discussion of the UN Human Rights Council as well as at the high-level Human Rights conference in Berlin next month.
- We will also continue to engage in confidence building measures in the OSCE and to promote the regulation of the military use of artificial intelligence in lethal autonomous weapons, the famous “LAWS”. There we have just recently achieved agreement on politically binding guidelines.
There is an overarching goal behind our endeavors: we want to protect and promote an internet that is free, open, stable and secure. This will only work if we act together. Therefore, cooperation in cyberspace is a key component of the Alliance for Multilateralism initiated by Federal Foreign Minister Heiko Maas.
Summing up: We need more exchanges on best practices and more cooperation, particularly across borders. While the amount of data in use doubles every year, we cannot stand on the sidelines and leave this economic and political treasure chest called “internet” unprotected. I count on to always keep this aim in mind while you to take the discussion forward.