A COMPREHENSIVE APPROACH TO CONFIDENCE BUILDING Air Commodore John Maas CBE RAF john.maas@eeas.europa.eu
EU Comprehensive Approach European Security Strategy Development Aid Comprehensive action through consensus Resisting hybrid attack First and foremost, responding to and countering hybrid threats is a national responsibility. However, the EU with its panoply of levers, could play a key role in helping improve Member States resilience. As part of that effort, enhanced cooperation and coordination between the EU and NATO, in support of Member States and Allies, also appears essential to ensure there is no unintended fault line between institutions. This is a major challenge. Building resilience against hybrid threats requires countries to recognise and share their vulnerabilities so that common steps can be taken to reduce exposure to possible attack. Building resilience in critical areas of vulnerability is therefore the best way of preventing hybrid attacks from succeeding. With regard to partners, the EU, drawing on its wide array of instruments and expertise, can also play a central role in supporting partner countries, including in areas such as cyber security, border management, and the energy sector. Furthermore, work to bolster the effective application of the rule of law, fight corruption or reform the funding of political parties are again key ingredients in the defence against hybrid attack. In order to defend against wide-scale information warfare, that is designed to deny or distort facts and thereby manipulate populations, the EU requires an effective strategic communication strategy. To be effective, this should draw on expertise and instruments already available in Member States, the EU and the affected partner countries. Swift decision-making at the political level will be critical for the success of efforts to prevent and defend against future hybrid threats. Given the character of these threats, such decisions may need to be based on assumptions, predictions and trust. Locating the “smoking gun” after a cyber-attack is one such example. Hybrid threats also require a fundamentally different mind-set, where traditional separation lines between internal and external, defence and homeland security, civil and military affairs are no longer easily defined. SANCTIONS POLICY STRATCOMM
Important to send the right signals – point the way EU - Goal is to take a Global Approach bringing together regional Interests Comprehensive Approach offers hard and soft levers Trust – born from Communication, Relationships and Physical Measures
European Union operations have a strong regional focus Challenges: Humanitarian crises Disease Ungovernable spaces Urbanisation Migration Terrorism Radicalisation Violent Extremism
Active EU Operations and Missions "Where Trust has failed" EUBAM Libya EUFOR ALTHEA BIH EUNAVFOR MED EULEX KOSOVO EUAM UKRAINE EUMM GEORGIA EUCAP SAHEL NIGER EUBAM RAFAH Palestinian Territories EUTM MALI EUPOL COPPS Palestinian Territories EUPOL Afghanistan EUCAP SAHEL Mali EUNAVFOR Somalia ATALANTA EUMAM RCA Since 2015 EUPOL RD CONGO EUTM SOMALIA EUSEC RD CONGO Military Operations EUCAP NESTOR Civilian Missions
Confidence Building Measures: Typical elements addressed by EU The Link to Security and Defence Advancement of Human Rights Humanisation of Criminal Justice Youth education People diplomacy, dialogue & policy research Improved livelihoods/increased resilience of vulnerable communities Cultural cooperation Ethnic minorities Women’s empowerment Humanitarian assistance and health care Community Mobilization Capacity Building
Example of EU support to a UN Development Programme Location : Republic of Moldova (including Transnistria) Sector: Civilian peace-building, conflict prevention and resolution EU Contribution: € 9,500,000.00 (100% of total) Initiated and funded by the EU ''CBM III'' for Eastern Partnerships This project fostered cooperation between Moldova and its Transnistrian region in the fields of: 1) Business development 2) Social and community infrastructures, Health, Environment 3) Civil society
CSDP Option: March 2016 – EUCAP SAHEL Joint Seminar on Confidence Building Between the Malian Security Forces and the Civilian Population 2 day seminar with Civil Society and the Internal Security Forces of Mali "Building Trust and to improve synergies and confidence" Roles of police during arrests Presumption of Innocence Balance of secrecy and security Transparency in Press reporting
EU approach to CBMs in the cyber domain In a resolution on Cyber Security and Defence (2012), the European Parliament called on the Commission, EEAS and Member States to take a leading role in international organisations' in efforts to achieve a common understanding of norms of behaviour 2013 EU Cyber Security Strategy – better European and Global cyber security 2015 Cyber Diplomacy Council Conclusions – support for norms of behaviour Promoting Cyber Norms, CBMs and the existing International Law (IHL) 2016 EU support for Cyber Security in OSCE and ARF Cyber dialogues with China, Japan, India, South Korea, Brazil and the USA Cyber Capacity Building to address cybercrime with the Council of Europe EU approach to confidence-building The EU Cybersecurity Strategy adopted in 2014 reaffirmed the EU's support for 'efforts to define norms of behaviour in cyberspace that all stakeholders should adhere to', and commitment to the development of confidence-building measures in order to increase transparency and reduce the risk of misperception in state behaviour. In the Council Conclusions on Cyber Diplomacy adopted on 10 February 2015, the EU welcomed the adoption of a first set of Cyber Security Confidence Building Measures in the OSCE framework. The EU has played an important coordinating role throughout the process. The EU expresses support for the implementation of the OSCE framework and the commitment to elaborating measures aimed at enhancing confidence and cooperation. Furthermore, the EU is pursuing the objective of strengthening confidence-building processes through: •Support for the initiatives focused on confidence-building measures launched by other regional organisations, in particular through the ASEAN Regional Forum and the Northeast Asia Peace and Cooperation Initiative (NAPCI). The ARF and EU will co-host a workshop on confidence-building in Malaysia in March 2016. •Development of structured and overarching EU strategic cyber consultations, sectoral dialogues (e.g. on ICT, organised crime and human rights), and operational cooperation with the US, China, Japan, India, South Korea and Brazil; EPRS Cyber diplomacy: Confidence-building measures Members' Research Service Page 11 of 12 •Active participation in global and regional debates on cyber norms. For instance, the EU works closely with the Member States and like-minded partners to advance the set of norms proposed in the 2015 UN GGE report and to clarify the positions promoted by the Shanghai Cooperation Organisation (SCO) through the International Code of Conduct for Information Security. •Capacity-building initiatives implemented by the European Commission alone or in cooperation with other regional organisations (e.g. Council of Europe, OAS). The focus of these projects is primarily on developing legal and technological capabilities. In June 2015, the European External Action Service (EEAS) presented to the Council Friends of the Presidency Group on Cyber Issues a 'food-for-thought' paper on international security in cyberspace. The paper stresses the important role of CBMs in supporting the development of norms, and invites the Member States to continue the reflection on future confidence-building measures. In a resolution on Cyber Security and Defence (2012), the European Parliament called on the Commission, EEAS and Member States to take a leading role in international organisations in efforts to achieve final agreement on defining a common understanding of norms of behaviour in cyberspace, and also to encourage cooperation with a view to developing a cyber-weapons control agreement. The resolution also encourages closer cooperation with NATO and exchanges of knowledge with BRICS countries and other countries with emerging economies, with the aim of exploring possible common responses to the growth in cybercrime and cyberthreats at both civilian and military levels. In addition, the resolution on a Cybersecurity Strategy of the EU (2013) emphasised that efforts to increase cyber-resilience and fight cyber-threats should not be confined to like-minded partners, but also addressed to regions with lessdeveloped capacities. Most recently, the resolution on human rights and technology (2015) welcomed the December 2013 Wassenaar Arrangement decision on export controls in the areas of surveillance, law enforcement and intelligence-gathering tools and network surveillance systems. It recalled the still incomplete nature of the EU dual-use Regulation when it comes to the effective and systematic export control of harmful ICT technologies to non-democratic countries, and urged the Commission to address the existing shortcomings in the context of the forthcoming dual-use policy review and renewal. Finally, the resolution called for the development of policies to regulate the sales of zero-day exploits and vulnerabilities without such regulations having a meaningful impact on bona fide security
EU Approach to Cyber Some proposals: Establish Transparency by exchanging of Information about national organisations, doctrine and strategies Establish POCs as part of a directory Agree mechanisms and procedures for consultation and communication during crises Fully back de-escalation, but prepare measures to control escalation
Brussels: Consensus – a strength worth pursuing Luang Pradang: Confidence – a measure worth Building