by Michelle Bovée
The United States and the United Kingdom will soon participate in joint cyber "war games," simulated attacks against financial institutions in the City and Wall Street designed to test each nation’s cyber defense infrastructure. President Obama and Prime Minister Cameron also announced their intent to establish a trans-Atlantic "cyber cell" that will allow agents on opposite sides of the ocean to share information and jointly respond to cyber threats, and stated that additional exercises will take place later this year, focusing on the energy and transportation sectors. As the first initiative of this kind, these cyber war games will provide valuable insight into how both nations are planning to handle the challenges posed by cyber terrorism, data privacy, and internet surveillance.
Cyber attacks have had enormous repercussions for the private sector across the globe: over 80 percent of large British companies have reported an incident in 2014, and the estimated total cost has been placed between £600,000 and £1.5m. Across the pond, December's Sony hack is old news, but the repercussions clearly demonstrate the immense destruction such an attack can bring on private industry. Governments are hardly immune, either, as this month's CENTCOM Twitter and YouTube hack demonstrates.
So who is responsible for guarding against cyber threats, when both government and industry are vulnerable? Historically, the marker of a state has always been its firm hold over the monopoly of violence—the legitimate use of force within a territory. In the face of cyber terrorism, which knows no state boundaries, both Obama and Cameron acknowledged that the state alone cannot prevent attacks, and that private industry and government must work together to combat the evolving threat.
Governments and corporations working together to enhance cybersecurity measures and respond to cyber threats in concert sounds, at first, to be an ideal solution. The murky regulations surrounding online surveillance and privacy, however, complicate the situation. Data sharing between private companies and governments has been a contentious issue since news of the NSA's domestic surveillance programs came to light, and both Washington and London have recently come under scrutiny for seeking access to encrypted data, such as that stored on Facebook and Twitter. In response to these events, a number of major tech companies have taken steps to implement measures that prevent spies from accessing users' data without court approval.
It is worth noting here that the US and the UK are the only Western countries on Reporters Without Borders’ annual "Enemies of the Internet 2014: entities at the heart of censorship and surveillance" list, along with the governments of China, Iran, North Korea, Russia, and Sudan. This does not mean that a partnership to test resiliency and defend against cyber threats is a bad idea—after all, cyber attacks cross international lines and can disrupt daily life with a few deft keystrokes, particularly as the Internet of Things marches onward and connects household devices to the world wide web. The only true defense would be a mass movement to disconnect entirely, which seems highly unlikely. Preparation for a cyber attack is thus crucial. How the two governments conduct their cyber war games, and what they demand of the private institutions on the other side, could provide valuable insight into the future of international regulations on data privacy, storage, and surveillance. Joint cyber defense initiatives that bring together the public and private sectors, particularly on an international scale, will undoubtedly be contentious, as both sides test the bounds of the privacy vs. security dilemma and work to manage the challenges posed by the lack of distinct borders to separate one nation's citizens from another's on the internet.
Michelle Bovée is an Account Executive at a business development firm in the Washington, D.C. Metro Area and a graduate of the London School of Economics MSc International Relations program. She is a staff writer for Charged Affairs, where her focus areas include current events and international economics.
The opinions expressed in this article are the author's own and do not reflect the views of their employer or Young Professionals in Foreign Policy.