V4 and cyber defence

This week, Facebook’s founder and CEO Mark Zuckerberg has had to appear at a US Senate committee hearing. The now widely known Facebook scandal erupted after it had been revealed that the company had not prevented millions of its users’ profiles from being misused. The case is closely related to the disclosure of a hidden-camera exclusive recorded at Cambridge Analytica, a company that reportedly abused its position, intervening several times in different elections in unlawful ways. Additionally, last year, two ransomware, Petya and WannaCry, also caused widespread panic online, causing considerable economic damage globally.

Witnessing the rising number of online challenges in the early 2010s, Central European countries also created their own national cyber defence strategies and begun to develop their co-operation system. However, there was no need for the Visegrad Four to move to a completely uncharted area, since several international organizations had issued their cyber defence strategies in the 2000s and outlined specific guidelines for states. For example, the European Union Agency for Network and Information Security (ENISA), established by the European Union in 2004, and the NATO Cooperative Cyber Defence Centre of Excellence (NATO CCDCOE), established in 2008, put forward serious recommendations that helped to elaborate the aforementioned strategies. ENISA’s primary goal is to “help the EU and EU countries to be better equipped and prepared to prevent, detect and respond to information security problems.” In addition, NATO CCDCOE in Estonia has published the “Tallinn Manual,” a cyberspace framework that was the first to gave the world a legal framework for IT warfare, and transposed “the Geneva Conventions into cyberspace.” For the most part, the Handbook makes recommendations, but it does not specify a single optimal framework for framing national strategies, since the preferences may vary from one country to another; it rather chooses to focus on clarifying the most important questions and concepts and passing on comprehensive knowledge.

In 2013, Central European countries, with the assistance of these external actors and in line with the guidelines of the aforementioned organizations, set up the Central European Cyber Security Platform (CECSP). The platform was initiated by Austria and the Czech Republic, but soon, Slovakia, Poland, and Hungary also chose to join it. This way, the four countries of the Visegrad Group, together with Austria, managed to create their own platform for cyber defence co-operation. However, lacking mutual trust, this platform is only restricted to transferring experience and organizing joint exercises.

Of course, there is a cyber defence co-operation among Visegrad Countries outside the CECSP as well, but its co-ordination has proved difficult too, due to the differing strategies and the distant foreign policy priorities of the four states. While Hungary was among the first countries to develop its own national cyber defence strategy in the early 2010s, achieving a top position in the European Union at the beginning, the Czech Republic and Poland have managed to assume a more proactive and innovative role in the Central European region by now.

At the same time, the willingness to transmit information and share experience is also varies greatly across the V4. While Czechs and Poles are trying to communicate as openly and interactively as possible, the communication of Hungary and Slovakia is characterized by more isolation.

The rotating presidential system of the Visegrad Four has not brought any significant change to this day, although the group has several times addressed the importance of a cyber defence co-operation. The Czech Presidency’s 2015/2016 program sought to deepen this co-operation in the framework of the CECSP, and the subsequent Polish Presidency had virtually the same goal—but beyond some superficial signs of co-operation, relations were not significantly deepened during their term. The current Hungarian Presidency’s program is also concerned with the harmonization of cyber defence initiatives in a tangential manner, and the Joint Declaration of the Defence Ministers of the V4, dated 28 March 2018, hardly mentions this area touching it only on a European level.

In the civil and public sphere, tough, via promoting cyber hygiene, there is still ample room for synchronizing the cyber defence of the Visegrad Countries. Moreover, regular regional competitions and exercises can also reinforce information transfer and mutual learning. On the other hand, NATO membership might also contribute to improving cyber security co-operation in the V4. The co-ordination of regional defence systems in the framework of NATO’s “Smart Defence” strategy, for example, increases the pressure for promoting co-ordinated defence against cyberattacks.

Besides, it is important to regularly reassess the four countries’ national cyber defence strategies and to continuously update them according to the NATO and ENISA guidelines. From this point of view, Hungary has dropped behind: although it set up the National Institute of Cyber Security in 2015, which made the management of online security easier and more transparent, the country’s abovementioned cyber defence strategy has become obsolete by now.

Even though all four states are struggling with labour emigration, which particularly affects the IT sector, a positive trend has begun recently, as public funding has increased, and salaries have become more competitive. Beyond these, the appeal for applicants for public sector IT jobs can be further increased by providing employees with extras and benefits.

All in all, it is evident that there is hope for the Visegrad Four to synchronize their cyber defence, but there is still a long way to go before the concerned states can build up the required level of trust needed to reach a compromise that harmonizes their different interests. Still, cooperation at a regional level is indispensable, since, as recent events have proven, sometimes even the largest and the strongest states fail to withstand external interventions in their cyberspace.

Opening pic by Shutterstock