From the Minister of Defense and the CCB to Digital Flanders: everyone has something to say about cyber defense and sovereignty. But not everyone is talking about the same thing. If we look past the semantics to the heart of the matter, what remains?
Digital sovereignty only has to yield to AI when it comes to the hype factor. The subject is thoroughly dissected at almost all European conferences and events, and American marketing departments have also embraced the sovereignty narrative. With what CISPE calls sovereignty washing, they position their decidedly non-European solutions as beacons of control and security.
Sovereignty and security go hand in hand. It is therefore no surprise that the theme is also extensively discussed at the CyberNova conference in Antwerp. What sovereignty exactly entails remains a matter of debate here as well.
By land, by sea, and by computer
The conference is opened by Minister of Defense Theo Francken. He sees how cybercrime has taken on a new dimension in recent years: that of state-level warfare. “As a result, cybersecurity has suddenly appeared on the agenda of defense departments worldwide,” he says. Francken is fully committed to NATO. In 2016, the treaty organization already expanded its active domains (land, sea, and air) to include cyber.
Francken thinks big, with a military Cyber Force that also has offensive tasks. Within the framework of NATO, he predicts that our country will help win the digital battle against the axis of autocracy. Just after his speech, a boat with soldiers passes by on the Scheldt on an unrelated mission, unintentionally reinforcing his point.
Miguel De Bruycker, head of the CCB, is less confident than Francken when it comes to the country’s digital sovereignty and the possibilities of protecting it. “Nation-states focus their attacks on critical infrastructure such as energy, transport, and healthcare. Government and diplomatic services are also targeted. We focus a lot on drones and ships, but is cyberspace really getting the right priority?” He indicates that he is somewhat concerned about this.
Sovereign, in relation to whom or what?
In his speech, Francken does not mention the catalyst for the entire sovereignty discussion: President Trump’s US, with its Cloud Act that allows the government to compel American companies to share data, even when it is stored in the EU. The fact that the US has acted as a fickle partner not only in NATO but also in the economic domain does not play a role in the digital war rhetoric.
During the most recent Security Conference in Munich, De Bruycker spent a day with European cybersecurity directors, where sovereignty was discussed half the time. “That was apparently a huge challenge in the EU,” he notes.
“But there is no standard definition of sovereignty,” he continues. “We are talking about different things. There is an economic aspect and a national aspect. A holistic approach is needed.”
Beyond national borders
A conversation about sovereignty quickly risks devolving into a discussion about geography. Are services located in the EU? In fact, that is not such a relevant question, partly because the Cloud Act does not respect those borders anyway.
Koen Segers, Managing Director of Dell Technologies in Belgium, saw the discussion evolve. “Initially, it was mainly about where data is located, but people have let that go somewhat. The conversation is now more about legislation, which is much more relevant. In practice, I think sovereignty is mainly about resilience.” By resilience, Segers refers to the capacity to continue working when something happens.
The decline of efficiency
Jan Smedts, Head of Digital Flanders, provides what we believe is the most relevant definition of sovereignty. It aligns closely with what Segers says. “Sovereignty is about control,” he states. “For decades, we have lived in a post-war context of trust. Efficiency was the dominant parameter, and we optimized everything with costs and convenience in mind.”
The result is visible: the entire economy is intertwined with itself, and business operations depend largely on foreign entities. It almost seems as if the knot cannot be untangled, but Smedts thinks it can and must be.
Reclaiming ownership
“We have underestimated the risk of dependency,” Smedts thinks. “Efficiency is the competence of yesterday. Today, agility is more important.” That all sounds rather vague until Smedts gets to the point: “The price of digital sovereignty is redesign. It will cost time, money, and perhaps even functionality, but in that process, we will reclaim ownership of our digital future.”
Smedts advocates for structural disintegration based on modularity. The only way to achieve digital sovereignty is through scalable and modular platforms based on standards. In that context, you can replace the functionality of one party with an alternative from another. He compares it to building with Lego. “That is slower than buying something ready-made, but that is the price we have to pay.”
Sovereignty is control over architecture and dependency, so you can move from Plan A to Plan B with focus and without panic.
Jan Smedts, Head of Digital Flanders
Modular construction provides options, and options bring power and decision-making rights. That, in turn, is what sovereignty is about: not whether a solution comes from party X or Y, but whether you can decide for yourself to replace party X’s solution with party Y’s whenever you want. “Sovereignty is control over architecture and dependency, so you can move from Plan A to Plan B with focus and without panic,” Smedts summarizes.
‘Cyberbus’
It is clear that Europe still has work to do to move in that direction. However, De Bruycker sees precedents from which we can take heart. “There used to be Boeing and McDonnell,” he says, referring to the aviation industry. “Until European countries came together and Airbus was created. I think we need a cyberbus.”
In the core sense of the word, sovereignty refers to supreme power and independence. What that means is context-dependent. When Francken speaks from the perspective of Defense, sovereignty is about protecting the country. In practice (and for the time being), this happens with partners in the context of NATO.
A matter of control
Sovereignty at the level of organizations that consume services implies that supreme power and independence must lie with the organization, not the services. That is currently not the case: if US President Trump were convinced tomorrow to ban AWS from providing services to the EU, companies without an alternative would come to a standstill. Power lies with the technology companies on which Europe depends.
In this context, Smedts offers a vision for a solution. Modularity shifts the center of power back to companies and organizations. This is more complex and less efficient than purchasing a single total solution, but it offers robustness, agility, and self-determination. In this version of sovereignty, it is also not necessary to choose exclusively for EU solutions, but viable EU alternatives must exist that can be switched to if necessary.