Skip to main content European Cyber Agora 2024 2023 2022 2021 Microsoft AI Azure Space Mixed reality Microsoft HoloLens Microsoft Viva Quantum computing Sustainability Education Automotive Financial services Government Healthcare Manufacturing Retail Find a partner Become a partner Partner Network Microsoft Marketplace Marketplace Rewards Software development companies Blog Microsoft Advertising Developer Center Documentation Events Licensing Microsoft Learn Microsoft Research View Sitemap

European Cyber Agora 2025

Workstream on Accountability and Deterrence in Cyberspace

The goal of this workstream is to further shared understandings that promote responsible behaviour in cyberspace. Specifically, it seeks to further empower the European cyber communities to lead in upholding international norms. In the face of sustained state-sponsored cyberattacks on critical infrastructure and democratic institutions, the importance of establishing robust international frameworks that foster accountability and deterrence in cyberspace becomes ever more urgent.

Workstream Objectives

This workstream aims at facilitating the norm building process fostering accountability and deterrence in cyberspace. The goal is to amplify the voice of the European cyber ecosystem in presenting a common approach to fostering responsible state behaviour in cyberspace at the international level.

  • Strategic objectives: Change the attitudes of European decision-makers regarding when and how to make public attributions to allow imposing more firm costs to enhance deterrence effects.
  • Medium-term objective: Creation of a forum for European coordination taking a broad multistakeholder approach involving industry and civil society, take stock of the approaches favoured across the European cyber ecosystem and identify strategies that can shift the attitudes of European decision-makers regarding attribution and deterrence practices.
  • Long-term objective: Contribute to the establishment of a rights-based set of international norms and expectations fostering responsible state behaviour through accountability and deterrence, namely at the level of ongoing UN negotiations (OEWG, PoA etc.).

Thematic Introduction

To foster accountability, upholding international law and international norms for responsible state behaviour is essential. This includes existing treaties and agreements, such as the UN Charter, and the 11 UN norms on responsible state behaviour in cyberspace, but also a plethora of relevant bilateral and multilateral agreements. Such accountability starts with effective attribution, requiring a more agile and rapid process for attribution determinations and consensus –building, particularly among aligned coalitions of states like those within the NATO alliance or the EU. To this date, perpetrators of malicious cyber operations rarely face significant responses, be it through public attribution or imposing costs such as sanctions.

The lack of effective enforcement of current norms and the insufficient impact of attributing cyber actions reveals the need for greater consistency in the application of existing norms and possibly stronger deterrence measures. These strategies should seek to reduce perceived benefits of cyberattacks and amplify potential costs. Discussions on cyber deterrence need to centre on establishing clear criteria for evaluating harm from cyber incidents in order to determine proportional countermeasures, for instance by defining when cumulative effects of cyberattacks can amount to an armed attack, etc. These criteria will aid in defining appropriate countermeasures. Additionally, like-minded nations may need to accept that deterrence will require meaningful steps and the willingness to act if red lines are crossed.

Accountability through common norms and attribution

Agreeing new initiatives to advance norms discussions at the international level is critical, so proposals such as the UN Programme of Action on cybersecurity are welcome. It is also crucial to think about how existing norms can promote accountability in smaller partnerships. Successful enforcement of norms depends on being able to attribute cyberattacks to states. Timely attribution of state-sponsored cyberattacks publicly and privately is crucial for effective deterrence in cyberspace. Yet, in the European context, there seem to be multiple components that complicate public attribution. First, decision-makers may be reluctant to make public attributions due to persisting concerns that these will result in pressure to impose consequences on perpetrators that could escalate conflicts and amplify geopolitical tensions. Moreover, a lack of capacity may be a further obstacle to effective attribution. However, there are positive examples of public attributions, demonstrating both willingness and capacity, namely the joint attribution made by the Czech Republic with Germany, the EU and NATO in May 2024, denouncing activities by a Russian state-controlled actor. Existing efforts such as the EU Cyber Diplomacy Toolbox provide a framework for using the EU’s Common Foreign and Security Policy measures to "prevent, deter and respond to malicious cyber activities" and to make joint attributions. One key challenge seems to be that Member States (MS) may be reluctant to utilize the toolbox sufficiently as it requires the sharing sensitive data across all EU MS and unanimous decision-making. These barriers ultimately result in preferences by MS to favour unilateral rather than collective attribution. Such attribution tends to be ad hoc and less effective in consolidating deterrence efforts. Hence, structural challenges European actors face in individual and collective attribution should be addressed to improve the impact of public attribution. Outside the EU, NATO could be another suitable forum for addressing alignment challenges with transatlantic partners in attributing attacks. The NATO Cyber Defence Pledge and the Comprehensive Cyber Defence Policy focus on improving information sharing, mutual assistance and coordination of collective responses to cyber-attacks. However, similar to the EU, attribution decisions are taken individually by NATO members, not by the Alliance itself. Solutions should focus on fostering a culture of confidence to make use of existing frameworks and processes which leverage cooperation at both EU and NATO level.

Deterrence through consequences

As current costs imposed on bad actors have proven insufficient to stop them from conducting further cyberattacks, more effective deterrence will need to include commitments to imposing more robust, dynamic and creative sets of countermeasures when adversaries wilfully violate clear international expectations. The goal is to reduce the perceived benefits and drive up the perceived costs of cyberattacks. To set uniform criteria, it’s crucial to agree on when cyberattacks constitute the 'use of force' or an 'armed attack' that could warrant proportionate reactions by affected states. Codifying common definitions and understanding at EU and NATO level, can shape the debates at UN level.

Guiding Questions

  • How to operationalise cumulative attribution, that is connecting the dots between repeated attributions to the same threat actor and the broader threat context they operate in
  • How to incentivise the wide use of existing processes for joint attribution that are corroborated and coordinated between allied states at NATO and EU-level
  • How to include authoritative intelligence and expertise by industry and civil society into the attribution process

Get involved

We will be organizing numerous events across the three workstreams leading up to the annual European Cyber Agora conference in 2025. We welcome participation from across all sectors and encourage you to reach out to us via: EuropeanCyberAgora@microsoft.com, marius.houwen@iss.europa.eu, JTrehu@gmfus.org

Surface Pro Surface Laptop Surface Laptop Studio 2 Copilot for organizations Copilot for personal use AI in Windows Explore Microsoft products Windows 11 apps Account profile Download Center Microsoft Store support Returns Order tracking Certified Refurbished Microsoft Store Promise Flexible Payments Microsoft in education Devices for education Microsoft Teams for Education Microsoft 365 Education How to buy for your school Educator training and development Deals for students and parents AI for education
Microsoft AI Microsoft Security Dynamics 365 Microsoft 365 Microsoft Power Platform Microsoft Teams Microsoft 365 Copilot Small Business Azure Microsoft Developer Microsoft Learn Support for AI marketplace apps Microsoft Tech Community Microsoft Marketplace Marketplace Rewards Visual Studio Careers About Microsoft Company news Privacy at Microsoft Investors Diversity and inclusion Accessibility Sustainability
English (United States)
Your Privacy Choices Opt-Out Icon Your Privacy Choices
Consumer Health Privacy Sitemap Contact Microsoft Privacy Manage cookies Terms of use Trademarks Safety & eco Recycling About our ads