News that broke on the eve of the conference, which wrapped up on Sunday, set the tone
Munich Security Conference: Cybersecurity takes centre stage
Cyber dangers were at the forefront of policymakers' minds as they attended this year's Munich Security Conference.
News that broke on the eve of the conference, which wrapped up on Sunday, set the tone. US and British officials revealed Russia was behind the NotPetya ransomware attack, with the FBI later indicting 13 Russians and identifying three Russian companies accused of meddling in the 2016 US election.
At the conference, Russian Foreign Minister Sergey Lavrov was forced to deny a Moscow plot. “Until we see the facts, everything else is just blather,” he said.
HR McMaster, the US National Security Adviser, responded that Russia was waging electronic warfare, to “support rightist groups, even the most extreme forms of fascist groups, and then groups on the left, in an attempt to pit western societies against each other”.
Experts say the big question is how to contain the threat.
“What is the international community going to do to collectively and effectively address the growing risk of cyberattacks on a time horizon that keeps pace with the evolving threat landscape?,” asked Tim Maurer, director of the Cyber Policy Initiative at the Carnegie Europe think tank, ahead of the conference.
“The worst-case scenario is that a major cyber incident will force collective action. A preferable outcome would be more substantial progress by the international community to avoid such an event. With some governments now taking steps to impose greater consequences against those crossing certain lines, it will be important to pursue global co-operation in areas of common interest,” he said.
At Munich, major presentations were made by tech companies that are the focus of concerns over fake news and other forms of manipulation, including Facebook and Google. Senior executives conceded there was a problem.
“The trust that has been built up in democracy is much easier to destroy than rebuild,” admitted Eric Schmidt, the former chief executive of Google.
He warned about the scale of the problem: “The internet is the first thing that humanity has build that humanity doesn’t understand."
Titles of events at the conference included "Digitally Assured Disruption", "The force awakens: Artificial intelligence and modern conflict", "The human toll of cyber conflict", and "Hackers, bots and terrorists, how to defend societies from cyber aggression".
One of the most popular was the Digital Forensic Research (DFR) laboratory’s event on "Disinformation, fake news and election integrity". Staff at the Atlantic Council-supported body have no doubt that the Kremlin has been caught out.
"Now we have independent Russian media that have named the troll factory accounts; Facebook and Twitter have confirmed the troll factory accounts on Facebook and Twitter. That is absolutely damning," said Ben Nimmo of the DFR. "There is no possible way you can say that that didn't happen. You now have the (US) Department of Justice further confirming it."
The German firm Siemens took the opportunity of Munich to launch a charter of trust for a secure digital future, saying cybersecurity threats could not be met with just a seat belt or an airbag.
“Confidence that the security of data and networked systems is a key element of digital transformation,’ said Siemens CEO Joe Kaeser.
The firm's 10-point plan for cybersecurity is a call to arms, with a coalition of firms behind the initiative calling for dedicated government ministries and independent certification of infrastructure for the internet.
Alleged Russian meddling in the US election — including the hacking of Democratic Party e-mails — came about despite a massive increase in Washington's spending on cybersecurity, which rose to $28 billion in 2016 from just $7.5 billion a decade earlier.
Like Siemens, US companies were also keen to put their expertise on display.
"The more we are connected the more we are vulnerable," said John Harris, CEO of cybersecurity firm Raytheon International.
"We understand the vulnerabilities, we understand the threats, and devise systems and solutions that afford us an opportunity to protect our networks, protect our products and protect our customers."