We never miss CyCon! Last week, three of our cyber security experts – Berenike Vollmer, Harriet Rogers and Miriam Howe – attended the 16th annual International Conference on Cyber Conflict, CyCon 2024. This is the flagship event of NATO’s Cooperative Cyber Defence Centre of Excellence (CCDCOE) in Tallinn, Estonia.
The conference, themed "Over the Horizon," reflected on the future of technology and its potential to reshape global security dynamics, while also confronting immediate challenges such as the responsible deployment of AI and cloud technologies in cyber warfare. It brought together 700 participants from over 40 countries, including leading figures from NATO, various governments, academia and industry.
On the panels, over 100 cyber experts delivered insights that as always, challenge and shape our understanding of emerging cyber issues. In this blog, we outline our five key takeaways, and reflect on these topics with the aim of igniting further discussion and debate.
Our five key takeaways:
1 - Challenges in dependency on and integration of AI in military cyber operations
The integration of AI into military cyber operations represents a pivotal evolution in adapting to the dynamic landscape of modern warfare. A number of Cyber Commanders underscored the importance of AI in bolstering capabilities across various domains, from drones to information management.
AI’s role in cyber security – including decision support and analysis against emerging threats and influence operations – is well on its way to becoming mainstreamed, both in advanced militaries and technology companies. This is a crucial development: Cyber Commanders recognise that AI and autonomy are indispensable for maintaining pace with adversaries who, as we were reminded, are using AI-enabled attacks for reconnaissance and coding assistance.
While challenges remain around transitioning to autonomous responses, organisations are identifying how they can apply defences autonomously, recognising that the speed of response required for crisis situations will never be achieved while the human remains in the loop.
2 - Responsible approaches to proactive cyber operations
The discourse on Responsible Cyber Operations (RCOs) and the ethical dimensions of cyber warfare underscored the imperative of grounding cyber operations in common values and norms. As discussed during RUSI’s workshop on Day Zero, RCOs demand a nuanced approach that balances international frameworks, domestic legislation and operational development. Key principles include ensuring transparency among partners, promoting adherence to international norms and standards, and aligning governments to enable consistent and interoperable actions.
Across panels, speakers also stressed the significance of managing communications effectively, mitigating risks, and avoiding actions that could escalate conflicts. This includes developing a clearer language around acceptable practices and targets to foster responsible behaviour throughout operations.
Several keynotes, including those from AWS and the German Cyber Command, stressed the need for ethical foundations of cyber operations, and highlighted the importance of grounding cyber operations in common values in line with the rule of law. Finally, Cyber Commanders emphasised that ethical considerations extend to protecting individuals involved in cyber operations – underlining the need to protect and develop the people at the heart of cyber operations.
3 - Strategic advantages gained through supply chains and digital infrastructure
The evolution of AI illustrates how security challenges and opportunities arise at the point that technical change and geopolitical or socioeconomic factors overlap. This has recently been accentuated in discourse on critical infrastructure protection and supply chain risk management.
The panel “Compute to Compete” highlighted that while the geopolitical focus has been on chips and semiconductors, the wider supply chain for computational power includes cloud services, telecommunications infrastructure and undersea cabling. Similarly, when discussing AI, we talk a lot about the data, models and software but far less about the physical dependencies – servers, chips, cables and comms infrastructure – and how they drive the geo-strategic competition.
Compute allows us to wield data more effectively, to turn information into advantage and drive innovation faster, offering huge development opportunities for nations and potentially strategic advantage for those controlling the infrastructure. But compute provision relies on undersea cables, it resides in cloud servers, it depends on complex semi-conductor supply chains – much of which lies in the private sector.
This raises profound questions about security and governance, with private sector innovation juxtaposed against national infrastructure control and international regulatory efforts. Massive investment from both the EU and US has given them leverage if not control in this space, but industry still holds the building blocks. Whether states are able to wield this power or just procure it remains to be seen.
4 - The intensified role of public-private collaboration in cyber space
Throughout CYCON 2024, the importance of public-private collaboration in bolstering cyber security continued as a central theme, with calls to shift from a "need to know" mind-set to a "responsibility to share" between governments and their private sector partners.
The panel on “Public Private Collaboration on Cyber Threat Intelligence” examined the drivers and incentives for consuming, generating and sharing threat intelligence from different perspectives. This included governments entrusted with national cyber defence, commercial CTI providers and industry consumers such as critical infrastructure providers. The diverse perspectives reflected that government is no longer the primary source of threat intelligence, with the advent of OSINT and rich telemetry from the commercial sector, leading us to question the respective values of each of these and how they impact the development of analyst skills. Like any public private collaboration, threat intelligence sharing is vital for addressing the growing complexity of the cyber defence and resilience challenges; as well as addressing pervasive skills gaps and workforce shortages.
The importance of a common perception of threat in driving this collaboration resonated with the NATO audience, where nations recognise the targeting of critical infrastructure as a threat to their national cyber defence. Informal networks are seen as irreplaceable channels, but need to be curated and nurtured to successfully enable the trust relationships on which they are based.
At the same time, others stressed the importance of clarifying legal boundaries to enable and empower both formal and informal sharing of information, and indeed we were challenged to go beyond information sharing into integration of public and private sector cybersecurity operations.
5 - The role of industry in cyber conflict and crisis response
The lens of public-private sector collaboration was also focussed on the role of industry in the cyber dimensions of international conflicts and crisis response. With a number of workshops and panels analysing lessons from Ukraine and emergencies in other parts of the world such as the Balkans and Costa Rica, a number of themes emerged.
Firstly, donor coordination is a necessity that is evolving through formal mechanisms such as the Tallinn Mechanism and IT Coalition. It is a key success factor for making tangible progress in situations where the stakeholder environment is particularly complex, helping to prioritise the efforts of governments and companies and to draw cumulative value from otherwise disparate activities.
Secondly, there is a necessary pivot from cyber capacity building towards emergency response that impacts the pace and target outcomes of international support.
Thirdly, some detailed discussions on the incentives and decision calculus for private sector involvement in crisis and conflict served as a catalyst for the enduring debate on how government can incentivise industry in national cyber security objectives. The recognition of the unique nature of each situation doesn’t stop us from learning lessons about barriers that can be removed and preparations that can be made, to improve the pace and effectiveness of such efforts.
Final thought – a strong sense of collective cyber defence
It was, as ever, a conference packed with challenging questions, expert insights and a whirlwind of networking with new faces and familiar ones.
We discussed everything from technology evolutions and the challenges of integrating AI, to strategic competition and norms in cyber operations, the crucial role of public-private partnerships, the strategic geopolitical use of digital supply chains, and ethics for responsible cyber operations.
This diverse range of topics highlighted the dynamic nature of cyber defence and the continuous evolution required to stay ahead of threats. And what remained constant throughout all discussions, both formal and informal, was the sense of collective cyber defence needed to keep nations safe and citizens secure.
Visit our Explore Responsible Cyber Power for more content created by our industry experts
Disclaimer: Please note this blog reflects views from individuals at BAE Systems Digital Intelligence and is not intended to reflect a view from CyCon itself.