European Cyber Agora 2023 :: EU Cyber Direct

As the European Union's cybersecurity policy strategy enters its third year, enhancing cyber resilience within the EU and advancing the EU's cyber diplomacy priorities internationally remains the utmost priority for the EU to respond to an increasingly challenging security environment.

This year, the European Cyber Agora continued to advance multistakeholder engagement with discussions ranging from cyber skills, diversity and inclusion to public-private cooperation, cyber resilience, capacity building, and the EU’s response to cyber mercenaries.

The conference took place on 25 and 26 April at the Microsoft Innovation Center in Brussels. Virtual participation was also possible.

Attendees could participate in high-level panel discussions with representatives of EU institutions, national governments, cybersecurity agencies, civil society, academia, and industry, as well as expert workshops led by the Agora community focusing on cyber diplomacy, emerging disruptive technologies, cybersecurity and space policy, and more.

In this context, EU Cyber Direct organised three workshops. On the first day of the conference, a discussion focussing on accountability and state responsibility in cyberspace explored the future of cyber deterrence and the role of the EU in fostering accountability and strengthening international cooperation. The workshop 'The Geopolitics of Ransomware: from Financial Extraction Tool to Hybrid Threat' examined the current threat landscape and the geopolitical features of ransomware attacks, as well as the role of international multi-stakeholder engagement and diplomatic countermeasures in cyber risk management. On day 2, the workshop on public-private collaboration in EU Cyber Diplomacy looked at existing realities of collaboration between the public and private sectors and drew from the lesson learnt in other multistakeholder coordination platforms.

The European Cyber Agora is facilitated by Microsoft, the German Marshall Fund of the United States, and EU Cyber Direct.

Programme

TIME(CEST)

DESCRIPTION

09:00 – 09:30

Registration and coffee

09:30 – 10:30

Armchair discussion

Advancing Public-Private Partnership in Cyber Threat Intelligence and Cyber Crisis Response

Leveraging the private sector’s capabilities is instrumental to amplify the EU’s ability to mitigate and respond to cyberattacks and achieve more accountability in cyberspace. Public and private sector organisations can benefit from each other in areas like cyber threat intelligence and situational awareness, operational cyber crisis management, and the attribution of cyber operations and incidents. What are the main challenges and opportunities for public-private intelligence sharing in these domains? What are the incentives for both parties to build a sustainable and reciprocal cooperation framework?

Moderator
Katarzyna Prusak-Górniak, Head of Digital Affairs Unit in Permanent Representation of Poland to the EU and Deputy Chairperson of the Governing Board of the European Cybersecurity Competence Centre

Speakers
Andrew Lee, Vice-President of Government Affairs, ESET
Christian D’Cunha, Head of Cybersecurity Coordination Task Force, DG Connect, European Commission
Clint Watts, General Manager, DTAC, Microsoft
Victor Zhora, Deputy Chairman, SSSCIP of Ukraine

10:30 – 11:00

Networking coffee break

11:00 – 12:00

Workshop 5

Building Transatlantic Cyber Resilience and Security

Organised by GMF

In borderless cyberspace, closer transatlantic cooperation has emerged as a top priority. To protect democracy against internal and external threats, transatlantic partners must step up their collaboration. In the context of the Trade and Technology Council and the EU-U.S. Cyber Dialogue, senior officials have announced a series of joint initiatives both at diplomatic and technical levels, but many challenges remain for both sides. This workshop will examine these initiatives and review the external effects of the EU and U.S. cyber policies.

Moderator

Romain Bosc, Senior Program Coordinator, German Marshall Fund of the United States

Speakers
Chase Carter, Political Officer, US Mission to the EU
Christiane Kirketerp De Viron, Head of Unit for Cybersecurity and Digital Privacy, DG Connect, European Commission
Julia Schuetze, Project director for cybersecurity policy and resilience, Stiftung Neue Verantwortung (SNV)
Staffan Truvé, Co-Founder and Chief Technologies Officer, Recorded Future

11:00 – 12:00

Workshop 6

The Emerging Space-Cyber Nexus and its Implications for EU Security and Defense

Organised by ECCRI

This workshop explores the growing intersection between space and cyber domains and its implications for EU security and defence. While space-based assets, such as satellites and the terrestrial ground stations, are critical for navigation, communication, and other societal functions, their dual-use nature can have serious implications in the context of armed conflicts. Space-based assets also remain vulnerable to cyber-attacks. This workshop examines the vulnerability of the global satellite infrastructure, and how it may impact the policies of the European Union on space and defence.

Moderator
Jakob Bund, Senior Research Associate, European Cyber Conflict Research Initiative (ECCRI)

Speakers
Carys Elinor Dunn, Space Counsellor, Permanent Representation of Belgium to the EU
Christophe Morand, Head of Task Force on Security of Information, DG DEFIS, European Commission
Lea Pavlovic, Policy Manager Space & Spectrum Policy Practice, Access Partnership
Matija Rencelj, Research Manager, European Space Policy Institute

12:00 – 13:00

Lunch

13:00 – 14:00

Workshop 7

Assessing the Role of Europe in Cyber Capacity Building in promoting cyber stability

Organised by GFCE and Microsoft

The fluid security and political situation in the EU’s neighbourhood translates into a complex cybersecurity landscape with serious spill over effects. Building cybersecurity capacities of other countries vulnerable to state-backed actors’ interference and subject to frequent cyberattacks and influence operations, is in the EU’s immediate interest. However, cyber capacity-building (CCB) is a complex and multi-faceted endeavour. Enhancing CCB maturity requires a delicate blend of political will and comprehensive strategy, including sufficient resources and a high degree of coordination. How concretely can the EU act to positively increase impact on cyber stability within, but also outside the EU?

Moderator
Tereza Horesjova, Outreach Manager, Global Forum on Cyber Expertise

Speakers
Miguel Exposito Verdejo, Acting Head of Unit for Science, Technology, Innovation and Digitalisation, DG INTPA, European Commission
Rik Veenendaal, Cyber Advisor Moldova, Government of the Republic of Moldova
Silja-Madli Ossip, Community Lead, EU CyberNet
Slavica Grkovska, Deputy President of the Government in charge of good governance policies, Republic of North Macedonia
Tanel Tang, Team Leader for Policy and Reform Coordination at Support Group for Ukraine, DG NEAR, European Commission

13:00 – 14:00

Workshop 8

Boosting Public-Private Collaboration in the Context of EU Cyber Diplomacy

Organised by EU Cyber Direct & GMF

With the war in Ukraine significantly intensifying the EU’s cyber threat landscape, the upcoming revision of the framework for a joint EU diplomatic response to malicious cyber activities – the EU’s Cyber Diplomacy Toolbox (CDT) – offers an opportunity to define a framework for public-private partnership (PPP) covering various areas of cyber diplomacy. This offers an ideal chance to conduct a comprehensive review and assessment of public-private collaborations from around the globe. This workshop will explore how public and private actors can be incentivised to collaborate more closely in the cyber domain and towards multi-layered cyber diplomacy. It will explore existing realities of public-private collaboration and draw from the lesson learnt in other multistakeholder coordination platforms.

Moderator
Kerstin Zettl-Schabath, Researcher, Heidelberg University

Speakers
Jérome Barbier, Head of Outer Space, Digital and Economic Affairs, Paris Peace Forum
Joseph Jarnecki, Research Fellow, Royal United Services Institute
Manon Le Blanc, Head of International Cyber Policy, EEAS
Nikolas Ott, Government Affairs Manager, Cybersecurity and Digital Diplomacy, Microsoft
Raffaele Marchetti, Professor and Deputy Rector, Luiss

14:00 – 14:30

Coffee Break

14:30 – 15:30

Armchair discussion

Spyware and Cyber Mercenaries: A Blind Spot in Europe’s Human Rights Narrative?

The growing use of spyware in Europe has triggered calls for regulation. While civil society and industry voices advocate for multistakeholder action and responsible state behaviour on the use and development of offensive cyber tools, the global nature and wide ramifications of the cyber mercenary market pose a real challenge to the entire international community. What could be the next impactful steps forward - domestically, at the European Union level and internationally?

Moderator
Charlotte Lindsey, Chief Public Policy Officer, CyberPeace Institute

Speaker
Anne Marie Engtoft Larsen, Tech Ambassador, Ministry of Foreign Affairs, Denmark
David Kaye, Clinical Professor of Law, Director, International Justice Clinic
Jeroen Lenaers, Member of the European Parliament, Chair of the PEGA Committee
Nathaniel Gleicher, Head of Security Policy, Meta

15:30 – 15:45

Closing remarks

by Gustav Lindstrom, Director, EU Institute for Security Studies (EUISS)

15:45 – 16:15

Reception

16:15 – 19:15

Global Forum on Cyber Expertise (GFCE) Annual Regional meeting for Europe

The field of cyber capacity building is rapidly maturing. The Global Forum On Cyber Expertise (GFCE), as the multi-stakeholder platform for cyber capacity building, must evolve to support and address the needs of the community while reducing fragmentation of efforts. Towards 2023, the GFCE is focused on coordination for the future, to leverage and streamline existing efforts, avoid duplication, strengthen global cooperation, and foster knowledge sharing. In the context of GFCE’s efforts on regionally sensitive approach to capacity building, the Secretariat of the GFCE, in co-operation with Microsoft, organise the GFCE Regional Meeting for Europe 2023, back to back with the European Cyber Agora Conference. The objective of this year’s Regional Meeting is to provide an opportunity for stakeholders to exchange on priorities of the region in cyber capacity building, in Europe and in relation to Africa. Inputs for the meeting will inform the global agenda for capacity building, to be presented later in 2023.

09:15 – 09:30

Welcome and registration

09:30 – 09:45

Opening remarks

by Nanna–Louise Linde, Vice-President of European Government Affairs, Microsoft

09:45 – 10:00

Keynote

Is cyberspace defining the future of European geopolitics?

with Margaritis Schinas, Vice-President for Promoting our European Way of Life, European Commission

The role and influence of cyberspace in European geopolitics will continue to grow in the future. As we explore and actualise the new opportunities that cyberspace can offer, we also need to take into account challenges that emerge – both in terms of security and influence. Europe can demonstrate leadership and build alliances to address today’s most pressing security challenges.

10:00 – 11:00

Armchair discussion

The European year of skills: How can Europe close the gaps on skills and inclusion in cybersecurity?

For “the European Year of Skills”, the European Union aims to address the global shortage of cybersecurity professionals with initiatives focusing on skills development and integration. Because the demand for qualified human resources in cybersecurity is growing in all sectors, new ways of expanding the cyber-skilled workforce need to be explored. Considering these challenges, with an additional perspective on diversity and inclusion for the future cyber workforce, panelists will discuss and share best practices from their respective efforts in tackling this global issue with European solutions.

Moderator
Nanna–Louise Wildfang Linde, Vice-President European Government Affairs, Microsoft

Speakers
Despina Spanou, Head of Cabinet for Vice President Margaritis Schinas, European Commission
Edward Parsons, Region Director UK and Europe, (ISC)²
Sophie M. Jonke, Location Head, ReDI School of Digital Integration, Munich
Suzanne Rijnbergen, Managing Director, Cyber Resilience, Accenture

11:00 – 11:30

Networking coffee break

11:30 – 12:30

Workshop 1

Accountability, State Responsibility and Increasing Confrontation in Cyberspace

Organised by EU Cyber Direct 

While international law, norms, and confidence-building measures have been widely agreed upon, their acceptance and implementation remains fragmented. Deterrence as a method of conflict prevention is increasingly disputed, and many countries are adopting pre-emptive measures against malicious actors. To strengthen a rules-based international order, and in turn prevent conflict, questions relating to accountability and liability are likely to become more prominent – not only for states, but also for victims of cyberattacks. This workshop will explore the future of cyber deterrence and the role of the EU in fostering accountability and strengthening international cooperation.

Moderator
Dennis Broeders, Full Professor, Institute of Security and Global Affairs, Leiden University

Speakers
Engelbert Theuermann, Ambassador, Special Envoy for Cyber Diplomacy, Ministry of Foreign Affairs, Austria
Kaja Ciglic, Senior Director for Digital Diplomacy, Microsoft
Monica Kaminska, Assistant Professor of International Security and Technology, Leiden University
Stéphane Duguin, Chief Executive Officer, CyberPeace Institute

11:30 – 12:30

Workshop 2

Defending Democracy through Transatlantic Technological Innovation

Organised by GMF, Carnegie Europe and Microsoft

With both the EU and NATO exploring new technological solutions beneficial to both civilian and military communities, the EU-NATO Joint declaration has also emphasized the need for enhanced collaboration in emerging and disruptive technologies (EDTs). How can we build more synergies across respective EU-NATO research and innovation? This workshop will explore developments in EDT governance in line with democratic principles, responsible innovation, and the deployment of dual-use EDTs. The discussion will focus on NATO’s Defense Innovation Accelerator for the North Atlantic (DIANA) and Innovation Fund, as well as the various EU funding programs across innovation and defense domains.

Moderator
Raluca Csernatoni, Fellow, Carnegie Europe

Speakers
Alice Pannier, Head of Geopolitics of technology, IFRI
David van Weel, Assistant Secretary General for Emerging Security Challenges, NATO
Nynke Tigchelaar, Head of Unit European Defence Fund Implementation 2 – Defence Technologies, DG DEFIS, European Commission
Raquel Jorge, Policy Analyst, Elcano Royal Institute

12:30 – 13:45

Lunch

13:45 – 14:00

Keynote

Cyber and digital in foreign policy - from expert area to core diplomacy

with Carl Fredrik Wettermark, Acting Director for Cyber Issues at the National Security Council, Swedish Prime Minister’s Office

14:00 – 15:00

Armchair discussion

Passing the Torch: National and Geopolitical Perspectives on EU Cybersecurity Policy Implementation

With the NIS2 entering into force, questions arise on how national authorities will implement the broadened scope and other key areas such as vulnerability handling and incident reporting. The panellists will provide insights into their respective national contexts and discuss EU cybersecurity policy implementation. How can a harmonised implementation of the NIS2 framework be achieved?

Moderator
Victor Cambazard, Cyber Attaché, Permanent Representation of France to the EU

Speakers
Evangelos Ouzounis, Head of Policy Development and Implementation Unit, ENISA
Jakub Otčenášek, Cyber Attaché, Permanent Representation of the Czech Republic to the EU
Johanna Erkkilä, Director, Assessments and Supervision, National Cyber Security Centre of Finland (NCSC-FI) Finnish Transport and Communications Agency, Traficom
Roy Coppieters, Director, Business Resilience, Continuity & Crisis management, PwC
Timothée Goulain, Head of European and International affairs Unit, ANNSI

15:00 – 15:30

Coffee break

15:30 – 16:30

The Geopolitics of Ransomware: from Financial Extraction Tool to Hybrid Threat

Organised by EU Cyber Direct 

As ransomware ranks among the top cyber risks for corporate realities and public services alike, they also pose an increasing threat to international security. The financial impact is dramatic – estimated at EUR 11.5 billion last year – alongside their capacity to disrupt services, supply chains and critical infrastructures. Recent attributions shed light on the fact that both state and non-state actors' motivations are shifting from mere financial extraction to more nuanced political motivations, progressively integrating ransomware into a 'hybrid warfare' process. This workshop will examine the current threat-landscape and the geopolitical features of ransomware attacks, while exploring the role of international multi-stakeholder engagement and diplomatic countermeasures in cyber risk management.

Moderator
Andrea Salvi, Senior Analyst, EUISS & Project Director, EU Cyber Direct

Speakers
Heli Tiirmaa-Klaar, Director of Digital Society Institute, ESMT
Nad'a Kovalčíková, Senior Analyst and CFI Project Co-Director, EU Institute for Security Studies (EUISS)
Robert Siwertz, Co-Founder, CParta

15:30 – 16:30

Workshop 4

Feminist Perspectives on the Militarisation of Cyberspace

Organised by Centre for Feminist Foreign Policy

With the increasing militarisation of cyberspace, civil society often stands on the frontline to defend democratic values and human rights. While cybersecurity policy tends to replicate traditional biases and policy models, it is important to bring the voice of marginalised communities to the fore. The spread of disinformation, surveillance, election meddling, and cyber operations against critical infrastructure calls for a collective effort to shape a safe and inclusive digital society. This workshop will discuss the role of civil society and feminist views in advancing cyber peace.

Moderator
Nina Bernarding, Co-director, Centre for Feminist Foreign Policy

Speakers
Allison Pytlak, Programme Lead, Cyber Programme, Stimson Center
Kristina Wilfore, Co-Founder, #Shepersisted
Mikaela Rönnerman, Chair of the Horizontal Working Party on Cyber Issues, Swedish Presidency of the Council to the European Union
Regine Grienberger, Cyber Ambassador, German Federal Foreign Office

16:30 – 16:45

Agora Spotlight

with Palo Luka, Chief Operating Officer, ESET

If you can’t get talent, make it! These days, the current supply of cybersecurity skills and professionals in the labour market cannot keep up with the booming demand. ESET’s Chief Operating Offer, Palo Luka, will present the company’s approach to reducing this asymmetry and how its first-class training programs for universities and high schools contribute to cybersecurity awareness and develop future generations of experts.

16:45 - 17:45

Reception