Cybersecurity Policy and Resilience
Cybersecurity policy has become an integral part of national and international politics. Amongst other elements, cybersecurity policy includes establishing institutions, the allocation and distribution of resources, processes and legal frameworks, as well as the influence that national policies have on international relations (“spillover effects”). Even if many of these challenges have to be addressed primarily at the national level, it is crucial to learn from each other internationally in order to develop common solutions and to disseminate these solutions.
The SNV’s working area "International Cybersecurity Policy" consists of three pillars (German-, European-, and Transatlantic Cybersecurity Policy) and is currently funded by the William and Flora Hewlett Foundation and the German Ministry of Economic Cooperation and Development (BMZ) via the German Corporation for International Cooperation (GIZ). The International Cybersecurity Policy team is regularly interviewed by German- (amongst others Tagesthemen), American- (for example the Washington Post and New York Times) and European media (amongst others EURACTIV) and presents its work at national and international events. It was previously invited to hold presentations at the German Bundestag, the Cybersecurity Caucus of the American Congress and the European Parliament.
German Cybersecurity Policy
In terms of German cybersecurity policy, the SNV pursues the goal of supporting politicians in pursing empirically based, better policies. For this purpose, it provides various types of analyses and handouts, such as a mapping of German cybersecurity actors, policy analyses and a subject-specific events calendar. Furthermore, the SNV contributes to the enhancement of expertise in various target groups, including government employees, students and journalists and the exchange of knowledge between experts of the cybersecurity policy community. In addition, the SNV takes an active role in public debates in order to set thematic priorities and to introduce new ideas to the media discourse.
European Cybersecurity Policy
The SNV deals, among other things, with EU cyber diplomacy, EU cyber security architecture and current topic-specific legislation in the field of IT security. The SNV regularly contributes to the EU Directions blog. From 2018 - 2021, the SNV implemented the EU-funded project EU Cyber Direct together with the European Institute for Security Studies and the German Marshall Fund. The SNV has been represented on the Advisory Board of the successor project since 2021. The SNV is also part of the ENISA Ad-Hoc working group on cybersecurity and artificial intelligence and also sits on the Advisory Committee of the SPARTA project.
Transatlantic Cybersecurity Policy
In January 2017, the SNV founded the "Transatlantic Cyber Forum" (TCF). The TCF is an intersectoral, transatlantic cybersecurity expert network with 150 members from civil society, academia and the private sector. The TCF constitutes working groups on current issues of transatlantic cybersecurity policy, which aim to develop concrete policy recommendations within a time frame of nine months. The current working groups deal with the deployment of governmental Computer Security Response Teams and active cyber defense. . Previous working groups worked on IT security of machine learning in critical infrastructures and the security sector, minimum standards for government hacking, the protection of data-driven elections and government-led management of vulnerabilities.
Cyber Diplomacy and Cyber Foreign Policy
With societies increasingly digitizing, cybersecurity becomes a focal point of their foreign and security policy. Since the challenges and threats in this field are global and constantly growing, international dialogue is more important than ever – between states but also with companies, academia, and civil society. Such dialogue is essential for establishing effective cooperation that meaningfully complements domestic cybersecurity policies. SNV’s International Cybersecurity Policy Team analyzes debates in current cyber diplomacy fora and formulates recommendations on how these often abstract discourses can be translated into concrete policies. We also explore how states shape international ideas about the appropriateness of certain behaviors through their actions.
Cybersecurity Policy Exercises
The International Cybersecurity Policy team designs and conducts cybersecurity exercises and scenario workshops world-wide. Cybersecurity exercises generally offer an interactive learning experience and allow for a better understanding of existing policies, their implementation, and their impact.
Please see our policy brief on “Cybersecurity Exercises for Policy Work” for more information on cybersecurity exercises and their benefits.
We generally reject invitations to "manels" (all-male panels). Travel and accommodation costs for events to which our team is invited are generally not covered by the SNV; we recommend CO2 compensation for flights and do not take domestic flights. While we generally refrain from speaking fees for presentations within the fields of politics, academia and civil society, we require a remuneration or donation to the SNV for invitations from the private sector.