Guaranteeing security is the central task and basic promise of a modern constitutional State. It was way back in 1651 that Thomas Hobbes, in his Leviathan treatise on the philosophy of government, identified the protection of citizens as the key feature of the State. That was nearly 400 years ago. Our world, our State and our society have changed fundamentally since 1651 but the State’s obligation towards its citizens then formulated is more current than ever. Digitalisation has led to upheavals in the way we communicate, work and live. Security has become a prerequisite for freedom. Only those who feel and know themselves to be safe will experience freedom – in cyberspace as elsewhere.

Attacks on critical infrastructure represent a direct and large-scale threat to public safety

Our society is facing a multitude of threats. The threats in cyberspace are immense, diverse and relatively new. Attacks on critical infrastructure not only cause economic harm to businesses but also represent a direct and large-scale threat to public safety. Attacks on local government can shake public confidence in the functioning of the State. Cyber espionage undermines the competitiveness of businesses. Influencing elections and spreading fake news compromise the integrity of our democracy. And the chance of becoming a victim of crime is much higher in the digital space than the analogue world.

Frontispiece of a Thomas Hobbe's book Leviathan.
Frontispiece of "Leviathan": English philosopher Thomas Hobbes describes his idea of government in the 1651 book "Leviathan or The Matter, Forme and Power of a Commonwealth Ecclesiasticall and Civil". He argues for a social contract and a strong and united government/sovereign called Leviathan.

Cybersecurity – the protection of network and information systems and their users, as well as other persons affected by cyber threats – must be recognised as a crucial and pressing task of the State. The State needs comprehensive strategies for creating the conditions to provide citizens and the economy with the best possible protection from the dangers of cyberspace, and give them independent control over their own cybersecurity. The separation between the analogue and digital worlds is actually of no help in the development of such strategies. Dangers that originate in the digital world give rise to assets requiring protection in the analogue world. In the end, it makes no difference whether the power supply fails because of a hack or a physical attack.

In an interconnected world, we need strategies that make no separation between external threats and internal assets.

Safeguarding the public against threats from cyberspace can no longer be considered only in terms of „internal“ and „external“. In an interconnected world, we need strategies that make no separation between external threats and internal assets. Moreover, cybersecurity is a fundamental component of internal and external security.

Above all, however, cybersecurity must not be seen only in national terms. We have to include our shared-value partners and consider our competitors and systemic rivals. In an interconnected world, everyone is facing the same threats. With the EU, we can count ourselves lucky to be part of a mutually supportive community based on shared values and rights, but we must learn to be even better at playing this trump card.

Europe must achieve digital sovereignty. This is key to our cybersecurity.

Although many legislative initiatives are already being drafted in Brussels – most notably the NIS-2 Directive (NIS2), the Digital Services Act (DSA) and the Artificial Intelligence Act (AI Act) –  as an EU community we are called upon to do more. We need to start by asking what kind of world do we want to live in. If we want to play a role in shaping the future and assert our ideas and values, we as the EU must become better: faster, more self-confident, more innovative, more independent, to ensure that – as a regulatory power with strong cyber defences – we have a seat at the table alongside the other cyber powers; USA and China, or even just Russia, as well as the multi-billion dollar tech giants. Specifically: Europe must achieve digital sovereignty. This is key to our cybersecurity. Sovereignty does not mean self-sufficiency and isolation but ultimately the ability to take action and to carry out our own assessment of risk without outside influence. No other powers, transnational corporations, or indeed criminals, should be permitted to impose their rules on us. We must specify what free, constitutional and democratic cyberspace looks like and safeguard that system.

The world we live in is interconnected, safeguarding the public against threats from cyberspace becomes more and more relevant.

EU-wide security standards and platform regulation are what is needed to create a space that protects patents, citizens and values

What will it take? Tellingly, it helps to look into the past: even during the industrial revolution, those who regulated, standardised and certified were also those who wrote the work programme and the rules of competition. In today’s „digital revolution“, EU-wide security standards and platform regulation are what is needed to create a space that protects patents, citizens and values. Other spaces will have no choice but to follow or respect these European rules if they want to gain access to the highly attractive European market.

Reducing dependence on strategic resources and key technologies will be imperative, which we can do in particular by strengthening our technological economy as well as our capability in auditing and risk assessment of imports.

The threats will not diminish, but with a digitally sovereign Europe we will be more resilient

With the DSA, NIS2 and the AI Act, we are already working on ambitious and game-changing proposals for the stated goals. These and others must be ambitiously implemented in Brussels and Berlin en route to a digitally sovereign Europe. The threats will not diminish, but with a digitally sovereign Europe we will be more resilient and will increasingly take on the role a true player. Germany has a central role to play in Europe, whether in being courageous and setting an example, or in upholding the idea of cooperation. In the age of digitalisation, national sovereignty is inextricably linked to a common, European quest for security.

This contribution is a translated version of Sebastian Hartmann’s guest commentary published on 16 November 2022 in the Tagesspiegel Background – Cybersecurity. We want to thank Sebastian Hartmann who gave his permission to publish this text here.

Sebastian Hartmann, SPD, talking in the German BundestagSebastian Hartmann is a member of the German Bundestag since 2013 and the spokesperson on domestic policy for the Sozialdemokratische Partei Deutschland (SPD) parliamentary group. He became a member of the SPD in 1993 and was first an active in the youth organisation of the SPD (Jusos) and later elected into municipal office of the Rhein-Sieg-Kreis. Hartmann studied law at the University of Cologne and specialiced in European and International law.

More about the EU Cybersecurity:

Copyright Header Picture: shutterstock/illus man; picture of title page of leviathan: copyright: wikicommons/Andrew Crooke;  picture of interconnectivity: shutterstock/Dodotone; picture of Sebastian Hartmann: copyright: Sebastian Hartmann