Cooperation between the U.S. and Germany on cybersecurity cannot be taken for granted since information sharing remained a delicate issue between the two countries following concerns raised by documents released by whistleblower Edward Snowden in 2013. The U.S. and Germany set aside those tensions, and government representatives recently met for the fourth time to discuss a wide range of cyber issues.

At the annual Cyber Bilateral Meeting in Washington, D.C. in March 2016, the delegations agreed to collaborate further on the protection of critical infrastructure, and to "continue to work closely to enhance cybersecurity of critical infrastructure, improve incident management and coordination, and build cyber capacity of other countries", as noted in an official joint press release.

Most importantly, the U.S. and German delegations agreed to further promote certain key values and objectives related to cyber, such as

  • internet freedom,
  • international cybersecurity,
  • promotion of human rights online,
  • private-sector partnerships,
  • cyber capacity building in third countries, and
  • the concept of multistakeholder internet governance.

The concept of multistakeholder internet governance is particularly important. Multistakeholder internet governance is a participation model that seeks to include all interested parties, such as industry, civil society, technical and academic experts, and governments to facilitate dialogue, decision making, and problem solving on issues arising from the growing importance of the use and misuse of the internet in almost every sphere of life. For example, this model is used by the Internet Corporation for Assigned Names and Numbers (ICANN, which most notably is responsible for managing most top-level domains) and the Internet Engineering Task Force (IETF, which develops and promotes internet standards). Also, at the end of last year, the United Nations General Assembly reaffirmed the multistakeholder model and extended the Internet Governance Forum mandate for another 10 years, which allows for a continued participation of all stakeholders in the development of internet standards and therefore was particularly highlighted as a positive development by the U.S. and German governments at the Cyber Bilateral Meeting.

The delegations also expressed that they support the applicability of international law in cyberspace, and assessed which measures Germany could adopt to continue setting the standards. This comes at a time when Germany chairs the Organization of Security and Cooperation in Europe (OSCE). Thus, Germany can coordinate the work of OSCE institutions for the remainder of 2016, before Austria will take over this role in 2017 as the chairmanship rotates annually between the participating states. The U.S. and Germany welcomed and supported the results of the consensus report of the United Nations Group of Governmental Experts (UN GGE) on Developments in the Field of Information and Telecommunications in the Context of International Security, which was adopted in July 2015. The report proposes norms of responsible behavior, features comments on how international law applies, and recommends confidence-building measures. One important recommendation is that states should not knowingly allow their territory to be used for internationally wrongful acts using information and communications technology. At the same time, states should, among other things, take appropriate measures to protect their critical infrastructure from threats stemming from information and communications technology.

Cybersecurity cooperation was another important topic at the Cyber Bilateral Meeting. The grave implications of cyberattacks were once again brought to the world's attention in December last year, when over a quarter million people in the Ukraine lost power as a result of a cyberattack on a local electrical grid. The delegations discussed bilateral cybersecurity cooperation measures in light of such incidents, including information exchange regarding infrastructure hardening and improvements.

The chairmen of the two delegations, Christopher Painter (U.S. Department of State's Coordinator for Cyber Issues) and Ambassador Thomas Fitschen (the Federal Foreign Office's Director for International Cyber Policy), expressed their willingness to continue their annual bilateral meetings, and are determined to meet again in Berlin, Germany, in 2017.

Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Morrison & Foerster LLP. All rights reserved