Nations Intensify Cooperation in Cyberspace
Germany and United States engagement thrives in cyberspace and information technology.
Germany, the United States and many other nations are facing a more diverse, complex, quickly evolving and demanding security environment than at any time since the end of the Cold War. The resulting challenges to national and international security and stability could be as harmful to societies, economies and institutions as conventional attacks.
At the NATO Wales Summit in 2014, the heads of state and government agreed that cyber defense is part of NATO’s core task of collective defense. At the NATO Warsaw Summit in July 2016, attendees reaffirmed NATO’s defensive mandate, pledged to “enhance the cyber defenses of their national networks and infrastructures,” also known as the Cyber Defense Pledge, and recognized cyberspace as a domain of military operations.
Cyberspace differs from all the other military domains as a constantly evolving, man-made construct. With relatively low costs and barriers to access, malicious actors can attain the skills and resources required to engage persistently in disruptive cyberspace activities. Adversaries may leverage advanced skills and resources to orchestrate effects in and through cyberspace, potentially in tandem with traditional military and diplomatic activities.
The ability to remotely deny or manipulate data and information through cyberspace provides the opportunity to generate effects rapidly while maintaining deniability and hampering technical attribution. With the complex and diverse character of cyberspace in mind, no single nation or entity has all the necessary knowledge, capabilities, capacity or authority to protect and secure its interests in cyberspace.
Improving security, increasing resilience and utilizing potential in cyberspace requires a broad and well-coordinated effort within a joint, multinational and interagency coalition, including the civil sector with academia, industry and civilian organizations. Identifying knowledgeable partners and allies to face challenges in cyberspace is crucial. Establishing relationships among nations willing to invest in standing up significant capabilities within cyberspace is not an easy task; maintaining and fostering these close ties is even more difficult.
At the end of 2019, Germany and the United States agreed to increase their collaboration in cyber and information technology (IT). On April 2, 2020, after only a few months of intensive staff work, a bilateral German-U.S. Cyber/IT Engagement Framework (CITEF) was signed on a ministerial level between the U.S. Joint Staff J-6 deputy director of command, control, communications, computers, cyber and intelligence, and the deputy director-general for cyber and information technology, German Federal Ministry of Defense.
The framework details intended engagements and future collaboration activities between these government organizations. It encompasses multiple aspects in the thematic areas of information technology governance, management, training and exercises, and capability development.
In many aspects of interoperability and multinational cyberspace utilization, NATO and the Federated Mission Networking (FMN) capability, an initiative NATO facilitated, are the leading agents in developing policies, doctrine, tactics and procedures focusing on, but not limited to, military applications.
The FMN aims to support command and control as well as decision making in future operations through improved information sharing. It is based on principles that include cost-effectiveness and maximum reuse of existing standards and capabilities.
Annual exercises and events like the Coalition Warrior Interoperability Exercise and Cyber Coalition enable these efforts to take shape and mature the commonly understood approaches to complex cyber domain challenges. The bilateral German-U.S. efforts predominantly aim for enhancing interoperability by advancing NATO and FMN activities.
Whenever a milestone in the engagement plan has been achieved, the results will be passed on to the respective NATO and/or FMN entities to ensure mutual understanding, cross-fertilize ongoing work and trigger further coalition-led activities. Subsequently, the bilateral German–U.S. cyber information technology engagements strive to inform NATO and FMN work by better synchronizing, harmonizing and coordinating national approaches.
According to the Multinational Interoperability Council, the “future coalition operational environment must be one in which interoperability has been contemplated and addressed well in advance.” The overall goal of the bilateral Cyber/IT Engagement Framework (CITEF) is to increase force interoperability and trust between Germany and U.S. military.
NATO defines force interoperability as the “ability of the forces of two or more nations to train, exercise and operate effectively together in the execution of assigned missions and tasks.” Additionally, NATO defines interoperability more generally as “the ability to act together coherently, effectively and efficiently to achieve Allied tactical, operational and strategic objectives.” Consequently, force interoperability cannot be limited to technical issues. Policies, doctrines, procedures, cultural aspects and even language play a major role in developing, increasing and maintaining force interoperability.
To facilitate collaboration, the German–U.S. CITEF incorporates bilateral actions in a broad array of interoperability challenges. For example, German military forces engage in the U.S.-led multinational capability demonstration Bold Quest to align detailed technical prerequisites.
By creating an environment in which subject matter experts from Germany and the United States can openly discuss and exchange information in a well-coordinated way, the CITEF builds on the strong ties and deep trust between the two nations. It aims for significantly contributing to the ongoing effort to enable more effective coalition operations. The framework sets the foundation for developing strong, sustainable working relationships, reducing disputes and subsequently ensuring military success.
The CITEF provides guidance from senior leadership on a two-year basis by defining specific desired outcomes, allowing for the development of detailed bilateral engagements. In the addendum to the document, lines of effort for each desired outcome are specified, and within each, measurable actions and goals are defined.
Following this principle, each bilateral action undertaken in the context of the bilateral CITEF can ultimately be traced back to the pre-established senior leadership guidance. In addition, specific work plans for every effort allow for an effective and efficient utilization of limited resources. The framework, including the addendum, is a living document and will be updated on a regular basis.
One example that bilateral activities not only contribute to the strong ties and deep trust between Germany and the United States but also inform multinational efforts is the Coalition C4/Cyberspace Operations Planners course (C3OPC). Within the framework, Germany and the U.S. Joint Staff J-6 through the U.S. Army Cyber School initially developed the curriculum of the course. However, to improve the understanding of cyber operations and increase the level of trust among allies and partners, the countries agreed to open up the course for the participation of coalition nations and U.S. Defense Department personnel.
The course will be hosted at the Joint Forces Staff College, Norfolk, Virginia, and the U.S. Army Cyber School, Fort Gordon, Georgia. With a duration of three weeks, it will provide a broad, joint doctrine-based overview of joint C4/cyberspace capabilities; an overview of cyber and information technology structures and organizations, and key capabilities of participating nations; and convey in-depth knowledge on cyberspace operations planning principles, processes and best practices. In the long run, the overall vision of a multinational Joint Professional Military Education is to create and sustain a coalition subject matter expert community through an active alumni network.
In October 2020, the Joint Staff J-6 conducted a pilot of the course focusing on the first week of the C3OPC. Because of the coronavirus, it was limited to the participation of personnel residing close to the U.S. Joint Staff premises in Suffolk, Virginia. Nevertheless, the pilot included more than 15 nations, generated valuable information for maturing the curriculum and received overwhelmingly positive feedback by all participants.
In the coming months, the entire three-week curriculum will be reviewed and refined. In addition, the C3OPC will be synchronized with NATO’s Joint Professional Military Education efforts. The full implementation of the C3OPC with the inclusion of multinational attendees coming from overseas is planned for mid-2021.
The CITEF is the first signed German-U.S. agreement in decades that supports collaboration on cyber and information technology. It is considered the first step toward a more intensive collaboration between the United States and Germany. Based on the experiences that both nations will gain by conducting deliberate engagement actions, the CITEF will mature over time. Ultimately, the framework could stimulate a structured dialogue about cyberspace at a senior leadership level as well as deepen collaboration on operational and tactical levels.
The agreement and its initial achievements will be noted at a meeting planned for early 2021 between Germany’s Federal Ministry of Defense Director-General for Cyber/Information Technology, the U.S. Defense Department chief information officer and the director of the U.S. Joint Staff J-6.
Lt. Col. (G.S.) Stefan Eisinger, DEU AF, is the German liaison officer, U.S. Joint Staff, J-7/J-6.