Do you think there has been a basic difference between the U.S. and Europe in their approach to cybersecurity. If there has been, do you think this difference is staying same, growing or waning?  

https://www.gmfus.org/sites/default/files/2021-10/Cyber-Agora-20page-web-02.pdf

There is a difference in how the U.S. and the countries of Europe approach cybersecurity. The difference is growing and waning in different ways. The U.S. approach focuses on offensive and defensive cyber operations. The country’s significantly higher budget gives it the capability of having incredibly complex offensive cyber operations and a strong defense that is continuing to grow. However, improvements still need to be made to its foundation for security.

France is becoming more similar to the U.S. cybersecurity approach, primarily utilizing more offensive cyber operations,  but has two key differences. The first difference is that their offensive and defensive security agencies are split apart and not with the intelligence community. The second difference comes with choosing a different tactic from the rest of their allies’ tactics of naming and shaming, instead opting to prioritize diplomacy to resolve issues.

The UK has fewer differences compared to the U.S., as they focus primarily on improving their cybersecurity from a general standpoint, implementing new systems for reporting incidents, and having the goal of reducing the amount of cybercrime in their country. Furthermore, Germany is also waning in differences by investing in offensive cyber operations as opposed to their previous focus on defense. However, their iteration of the vulnerabilities equities process differs from the U.S. by being more accessible to the public, and having parliament play a role in that process.

Scaling up to the EU, there are two growing differences. Their plan follows a multi-stakeholder approach, in which not only do the governmental and non-governmental sectors collaborate, but both parties play a factor in how cybersecurity is directed. In countries like Finland and Estonia, the significant difference between them and the U.S. is the utilization of cyberspace to gain influence. This also includes using more harmful techniques like “sharp power,” which focuses on piercing the information environments of different countries to gain influence.

Overall, Europe and the U.S. are different in how cybersecurity approaches, but those differences are both waning and growing. While the U.S. has the capital to focus on both offensive and defensive cybersecurity, countries like France, the UK, and Germany are investing generally in cybersecurity or having more of a focus on offensive operations. However, larger differences like the utilization of a multi-stakeholder approach for policy and tactics like using cyberspace for influence are what makes Europe unique along with the U.S.