About the Project

“Transatlantic Dialogues on Security and Freedom in the Digital Age” was a two-year-long project that sought to advance transatlantic cooperation on cyber security by bringing together experts from Europe and the United States to debate and research the appropriate balance between security and freedom. By way of a major conference, a number of workshops and a series of publications, the project critically examined two issues that have significantly influenced the cyber security policy agenda over the last few years.

Cyber security has risen from an issue of low politics to high politics, and it is now prominent on the policy agenda of governments all over the world. Cyber security threats are considered among the most serious economic and national security concerns of the 21st century. Governments have reacted to these threats by bolstering their defensive and offensive cyber capabilities, with drawbacks to fundamental rights, including the freedom of expression and privacy.

Europe and the US are still struggling to develop a coordinated response to these policy challenges. Harmonizing transatlantic policy objectives in the cyber realm could act as a strong lever for ensuring that the global evolution of the Internet proceeds in a way that enhances security and respects fundamental rights, while also preserving the generative power of a global network. Outlined below are the key accomplishments of the project.

The project produced two major policy accomplishments:

  • It pushed the discussion on digital sovereignty in Europe into considering the quality of cyber security products alongside surveillance concerns through the policy paper Technological Sovereignty: Missing the Point?, op-eds in notable publications on both sides of the Atlantic, public conference presentations in Europe and the US, and subsequent briefings in Germany and the US.
  • It brought greater nuance to policy discussions on Computer Security Incident Response Teams (CSIRTs) through multiple policy papers and op-eds, public conference presentations and closed-door briefings with high-ranking officials in the US, Germany, European Union and elsewhere.

The project produced three major publications:

  • Technological Sovereignty: Missing the Point? – Technological sovereignty has emerged as a key issue in the transatlantic debate on cyber security and the future architecture of the Internet. According to our analysis, most of the technical proposals in Europe for protecting against foreign surveillance would not be effective: some may hurt the open and free Internet, or lead to an inefficient allocation of resources. We also find that proposals tend to focus on the transatlantic dimension, neglecting the broader challenge of foreign surveillance and promising ideas like the expansion of encryption tools. Ultimately, the security of data largely depends on how, not where, it is stored and sent. An abridged version of this paper was published in Cyber Conflict: Architectures in Cyberspace, edited by the Institute of Electrical and Electronics Engineers.
  • CSIRT Basics for Policy-makers – As cyber security rose on the political agenda, policymakers began taking greater interest in Computer Security Incident Response Teams. Indeed, CSIRTs featured prominently in many of the global norms and confidence-building policy discussions of 2015. This report, the first in our CSIRT project, examines the role of CSIRTs in global cyber security and sheds light on recent trends in cyber security policy relating to CSIRTs, embedding them in the broader discussion.
  • National CSIRTs and Their Role in Incident Response – Over the last two decades, national CSIRTs (or nCSIRTs), which many hoped would remain apolitical bodies that secure the critical infrastructure and networks of the Internet, have undergone a gradual process of politicization. This politicization has led to the embedment of nCSIRTs in national governments around the world. But major issues remain unresolved: Where should nCSIRTs reside within a government, and what role should they play in network and national security? This report, the second in our CSIRT project, examines the principles of the CSIRT community alongside those of critical national security and safety bodies like law enforcement and intelligence agencies in order to determine where priorities complement or conflict with each other.

In addition, our project team organized a number of events to convene international experts and decision-makers:

  • “Digital Borders and Technological Sovereignty – Breaking or Saving the Internet as We Know It?” at New America, in Washington, DC (September 18–19, 2014) – The conference was divided into a one-day workshop on September 18 and a public event on September 19. The workshop brought together major stakeholders from the EU and the US – policymakers, academic experts and private sector representatives – as well as  the project’s steering committee to discuss the impact of technological sovereignty proposal.
  • One-day workshop on CSIRTs and CSIRT-to-CSIRT cooperation, at New America, in Washington, DC (February 19, 2015) – This workshop brought together major CSIRT experts and practitioners from the EU, the US and Southeast Asia to discuss the role of computer emergency response teams in the broader cyber security context. The participants provided meaningful input to our then-nascent research on CSIRTs. The discussions formed the basis of our research agenda and opened up new perspectives, especially from the technical expert community, on the issues at stake. In the months following, we conducted in-depth interviews with individual participants.
  • Other workshops – In addition to the policy breakfasts in Berlin and Washington, DC, we were invited to hold a two-hour workshop on CSIRTs’ relations with policymakers at the Annual FIRST Conference in Berlin on June 17, 2015, and to present our research at the conference of national CSIRTs on June 20, 2015. The workshop gave us the opportunity to raise awareness of our research among CSIRT practitioners and to gain insider knowledge on their working processes and policy perspectives. Our presentation before national CSIRT members helped us to forge working relations with CSIRT practitioners and to gain valuable feedback on our research. 

The project team also represented the project’s work at a number of major international conferences: 

  • On technological sovereignty, at the International Conference on Cyber Conflict (CyCon) 2015, in Tallinn, Estonia
  • On CSIRT basics, at the Annual FIRST Conference, in Berlin, Germany
  • On national CSIRTs, at the India Conference on Cyber Security and Internet Governance (Cyfy), in New Delhi, India
  • On national CSIRTs, for the Program on Cyber Security Studies at the George C. Marshall European Center for Security Studies, in Garmisch-Partenkirchen, Germany.

The two-year project concluded on December 31, 2015. The project team thanks the European Union and the Dutch Ministry of Foreign Affairs for their generous support throughout the project term.

Meet the Team

This is a joint project of New America in Washington DC and the Global Public Policy Institute (GPPi) in Berlin. Meet the team.

Meet the Steering Committee

A high-level steering committee made up of senior policymakers, academics and private sector representatives from Europe and the US advises the project team.