The Digital Shield: Using Cyber Diplomacy to Strengthen National Cyber Resilience

In the modern security environment, unconventional, asymmetric security challenges become increasingly dangerous since adversaries seek cheap and easy ways to confront stronger opponents by exploiting vulnerabilities without engaging in direct, conventional warfare. The cyberspace has emerged as a critical domain which national security systems have to engage with. As cyber-attacks grow more sophisticated, governments recognize that addressing cyber-related issues to strengthen national cyber resilience requires a comprehensive, whole-of-government approach. In this process, cyber diplomacy is a vital aspect of cybersecurity. Cyber diplomacy involves facilitating the development of international cooperation frameworks, norms of behavior, information sharing, and trust-building among nations.

However, governments often struggle to integrate cyber diplomacy as a key component of their national cybersecurity systems and they fail to fully understand its role in enhancing national cyber resilience. The root problem underlying this issue is the lack of unified definitions of cyber diplomacy and national cyber resilience. This absence of a common understanding of these two interrelated concepts makes it difficult for various stakeholders to engage in concerted action, and see connections between their efforts.  

Going forward,  well-suited definitions of cyber diplomacy and national cyber resilience are needed. This will allow policymakers to analyze the most effective ways of leveraging cyber diplomacy in strengthening national cyber resilience.

What is Cyber Diplomacy?

Cyber diplomacy is a relatively new field in international security and international relations. Comprehensive  studies on cyber diplomacy are thus far lacking, and a universal definition of the term is not yet available. However, several proposals for defining the concept of cyber diplomacy arose from academic, national, and international perspectives.

For instance, in a contribution from 2017, André Barrinha & Thomas Renard define cyber diplomacy as “diplomacy in the cyber domain or, in other words, the use of diplomatic resources and the performance of diplomatic functions to secure national interests with regard to the cyberspace.” Shaun Riordan considers cyber diplomacy as a “use of diplomatic tools, and the diplomatic mindset, to resolve issues arising in cyberspace.” The Cybersecurity Tech Accord, a coalition of over 150 tech firms, contends that  “cyber diplomacy involves all available diplomatic methods (both online and offline means of communication and information exchange); it is simply the cyber-related subject matter that defines the field.” 

Some governments have begun to embrace cyber diplomacy. The Cyber Diplomacy Act of 2021 established the Bureau of Cyberspace and Digital Policy within the U.S. State Department.  This office now sits at the vanguard of U.S. cyber diplomacy. Its central tasks are engagement with foreign stakeholders in the cyber realm, as well as the promotion of U.S. interests in this domain. The Act defines cyber diplomacy as “the policy to work internationally to promote an open, interoperable, reliable, unfettered, and secure Internet governed by the multi-stakeholder model, which promotes human rights, democracy, and rule of law, including freedom of expression, innovation, communication, and economic prosperity; and respects privacy and guards against deception, fraud, and theft.”

The United Kingdom is undertaking similar efforts to raise the profile of cyber diplomacy. The UK’s Integrated Review 2021 underlines that the aim of its cyber diplomacy is “to grow the international coalition working with us to strengthen the case for a free, open, peaceful and secure cyberspace, and to respond to and deter state-directed malicious cyber activity.”

One of the most advanced digital states in the world is Estonia. According to Estonia’s Ministry of Foreign Affairs, “cyber diplomacy is mainly focused on state behaviour in cyberspace and the principles and norms that apply to states in cyberspace. Cyber diplomats also contribute to the fight against international cybercrime and the protection of a free and open internet.”

The European Union (EU) determines its approach to cyber diplomacy within its Common Foreign and Security Policy (CFSP). Within this framework,  cyber diplomacy “contributes to conflict prevention, the mitigation of cybersecurity threats, and greater stability in international relations. It influences the behavior of potential aggressors.”

The United Nations (UN) and the Organization for Security and Cooperation in Europe (OSCE) have thus far not provided a concrete definition of cyber diplomacy. However, these organizations, and in particular the United Nations, are currently in the epicenter of the most significant cyber-diplomacy-related processes in the world. 

The UN has the Open-Ended Working Group (OEWG) on security and use of information and communications technologies, and plans to establish the Programme of Action (PoA) to advance responsible state behavior in the cyberspace. Most UN member states also endorsed or co-sponsored the resolutions on responsible state behavior in cyberspace.

The participating states of the OSCE adopted the cyber/ICT security confidence-building measures (CBM) “to reduce the risks of conflict stemming from the use of information and communication technologies. The aim of the confidence-building measures is to enhance interstate cooperation, transparency, predictability, and stability, as well as to reduce the risks of misperception, escalation, and conflict that may stem from the use of ICTs.”

These academic and political attempts to define cyber diplomacy touch on a wide variety of elements pertinent to cyber diplomacy. Ultimately however, cyber diplomacy is a variety of diplomacy, which itself is a practice of statecraft. This means that its chief objective is to preserve and advance national interests. The definition advanced by Barrinha and Renard most accurately reflects this, as it defines the term as diplomacy in the cyber domain with the main aim of defending the national interests in cyberspace. And this defense is becoming increasingly important, with governments increasingly concerned about cyber attacks and how to thwart them. 

Understanding National Cyber Resilience

In recent years, the issue of national cyber resilience has garnered much attention. Cyber attacks, election interference, and other forms of hybrid warfare have set off alarm bells. Many states are discovering vulnerabilities in the cyber domain and are trying to increase resilience. However, the understanding of cyber resilience is widely recognized exclusively in the context of IT systems’ safety and security. Even the recently adopted EU Cyber Resilience Act (CRA) fails to define cyber resilience from a strategic perspective, as it represents a legal framework for businesses operating in the EU market.

Since the notion of cyber resilience at the strategic level has evolved from the general understanding of resilience, an understanding of national cyber resilience begins at this foundational level. Resilience can broadly be defined as “the ability to prepare for threats and hazards, adapt to changing conditions, and withstand and recover rapidly from disruptions” – the definition provided by the U.S. Federal Emergency Management Agency (FEMA), which is similarly shared by North Atlantic Treaty Organization (NATO), UK’s National Resilience Framework and the 2016 EU-NATO Joint Declaration. 

This widely accepted definition of resilience contains all the four components of emergency management: mitigation, preparedness, response, and recovery. These elements are also immediately applicable to the cyber space and resilience therein. The U.S. National Institute of Standards and Technology (NIST) and Estonia’s e-Governance Academy have recognized this.

The NIST stresses that five policy functions of the U.S. Cybersecurity Framework (CSF) – identify, protect, detect, respond and recover – can be adapted by the public sector and constitute a basic framework to increase cyber resilience. 

The report “National Cyber Security in Practice,” published by the e-Governance Academy in cooperation with Estonia’s Ministry of Foreign Affairs, equally underscores  that cyber incidents require prevention, control and reduction of the damage caused together with the identification and understanding of potential threats.

Drawing from these definitions of resilience and recommendations by different organizations regarding the possibility of its adoption by public agencies working on cybersecurity, national cyber resilience can be defined as a state’s ability to prevent, detect, respond to, and recover from a cyber-attack.  Prevention is the phase in which cyber risks and threats must be identified and ideally preempted, for example by closing loopholes in operating systems. Prevention also includes the development of contingency plans, the enhancement of international and interagency cooperation, and engagement in relevant training and exercises. Detection describes the phase in which authorities should provide early warning about imminent or ongoing cyber incidents. Response follows naturally, and once cyber attacks are detected, authorities should ideally thwart these assaults in real time. Potent responses require effective coordination among relevant stakeholders and intelligence sharing. Lastly, resilience also encompasses recovery. Systems affected by cyber incidents must be restored–and strengthened. Forensic investigations are needed to develop effective lessons learned, such that prevention can be improved. It is here where bilateral and multilateral cooperation can yield particularly productive results. Governments can disseminate lessons learned, thereby alerting others to weaknesses in their systems and improving prevention overall. Effective recovery also translates these lessons learned into policy.  

Using Cyber Diplomacy to Strengthen National Cyber Resilience

Governments can–and should–leverage cyber diplomacy as an effective tool to strengthen their national cyber resilience. The required diplomatic tools must be applied during each phase of cyber-resilience-building both in peacetime and in times of crisis.

Prevent: Information Sharing and Trust Building

To effectively prevent cyber attacks, well-established channels of communication and information sharing between governments are indispensable. In this process, diplomacy can serve as the pathway for ensuring the exchange of critical intelligence on cybersecurity. Dedicated cyber diplomats should play a vital role in negotiating bilateral and multilateral agreements that will establish frameworks for information sharing.

Moreover, cyber diplomacy is a cornerstone of building trust among nations. Cyber diplomats are at the forefront of confidence-building measures. Such measures should aim to share information on national policies and strategies, which increases trust and transparency among nations. By developing such mechanisms, countries work with like-minded partners and in the scope of regional and international organizations to mitigate cyber risks, thereby enhancing their national cyber resilience. The OSCE is a good example in this regard, with 16 confidence-building measures adopted to reduce the risks of conflicts stemming from cyber incidents. Based on these measures, OSCE regularly conducts trainings and meetings to share best practices. Although voluntary, these measures provide a good basis for other organizations and states to adopt similar initiatives.

Detect: Norms and Agreements

One of the primary responsibilities of diplomacy is to initiate and negotiate international treaties and agreements. Fostering international, bilateral, and regional cooperation frameworks is essential in the process of early identification and response to cyber incidents since the nature of cyber-attacks is mostly transnational. Through this effort, cyber diplomats secure national cyber resilience by contributing to the establishment of international measures, which can aid attribution in cyberspace. Attribution measures help to identify the perpetrators by providing relevant authorities with information about the tactics, methods and vectors used by the attackers. Therefore, based on responses to previous incidents, the states are equipped with sufficient knowledge and experience to detect cyber incidents from particular actors in their early stages. 

Such agreements pave the way for the establishment of international norms and principles. Cyber diplomats are involved in negotiating the agreed-upon norms of responsible state behavior in cyberspace and defining the possibility of applying international law in the cyber domain. Ongoing developments in the UN regarding the potential replacement of the OEWG by the Program of Action are a clear demonstration of these efforts. If successful, for the first time, there will be a permanent body under the auspices of the UN First Committee dedicated to responsible behavior in cyberspace.

Respond: Coordinating International Cooperation and Communication

During cyber-attacks, it is essential to have established practices of successful international, bilateral, and regional cooperation. This will help ensure a swift and effective response to cyber incidents and guarantee necessary international support and condemnation.

In addition, during the response phase, cyber diplomats are vital in setting up lines of communication with the international community to provide reliable information on the ongoing cyber incident. 

Recover: Capacity-Building

The recovery phase is an important line of effort in national cyber resilience, as it involves restoring and recovering systems affected by cyber-attacks. Therefore, it is vital to have sufficient capabilities to ensure quick restoration. In peacetime, cyber diplomacy promotes capacity-building initiatives, securing the necessary tools, expertise, and technologies that can be employed for recovery processes.

Conclusion

The international security environment has become increasingly challenging, with a great extent of unpredictability and uncertainty. In these circumstances, unconventional security challenges evolve into complex issues that require a comprehensive approach at the national and international level. The cyber domain has been recognized as a key battleground, both in the present and in the future. Therefore, cyber diplomacy emerges as a fundamental requirement and strategic necessity for strengthening the cybersecurity systems of nations across the world.

Developing effective cyber diplomacy at the national level can serve as a cornerstone of international cooperation and information sharing, while contributing to the establishment of norms and principles for responsible state behavior in cyberspace. In addition, it is essential for trust-building among countries through the exchange of best practices and the reduction of risks stemming from cyber incidents. In this way, successful cyber diplomacy becomes an essential enabler for the implementation of national cyber policies and for strengthening a nation’s ability to prevent, detect, respond to, and recover from cyberattacks.

As a result, recognizing the increasingly pervasive nature of cyber threats and the urgency of addressing related issues, countries should adopt a wide-ranging approach, integrating cyber diplomacy into national cybersecurity systems and the process of cyber resilience-building.

This is a guest contribution. Megi Benia is a Ph.D. Candidate at Tbilisi State University. She works at the Emerging Security Challenges and Arms Control Department, Directorate-General for Security Policy and Euro-Atlantic Integration of the Ministry of Foreign Affairs of Georgia. Her research interests include international security, cyber diplomacy, cybersecurity, and hybrid warfare.Views expressed are the author’s own and do not represent the views of GSSR, Georgetown University, or any other entity. Image Credit: ChatGPT Images