Challenges in Cybersecurity Risks, Strategies, and ... - Unidir
Challenges in Cybersecurity Risks, Strategies, and ... - Unidir
Challenges in Cybersecurity Risks, Strategies, and ... - Unidir
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
therefore urgent if this gap <strong>in</strong> policy is to be addressed. The expert underl<strong>in</strong>ed this urgency by<br />
referr<strong>in</strong>g to the past: history has shown that once weapons are developed, prevent<strong>in</strong>g their use<br />
becomes difficult <strong>and</strong>, follow<strong>in</strong>g this logic, the cyber threat will <strong>in</strong>crease immeasurably <strong>in</strong> time<br />
if discussions are not undertaken now. However, the process of reach<strong>in</strong>g consensus among<br />
states requires multilateral cooperation at the regional <strong>and</strong> global level, <strong>in</strong>clud<strong>in</strong>g civil society<br />
<strong>and</strong> the nongovernmental sector.<br />
The UN Group of Governmental Experts (GGE) produced a report <strong>in</strong> 2009-10 encourag<strong>in</strong>g<br />
states to develop CBMs. The speaker hopes that the new 2012-13 GGE report, which is to be<br />
presented to the General Assembly session start<strong>in</strong>g <strong>in</strong> 2013, will provide a foundation for<br />
subsequent jo<strong>in</strong>t measures. Moreover, states are start<strong>in</strong>g to articulate proposals for action <strong>in</strong> this<br />
area.<br />
The proposed International Code of Conduct for Information Security, presented by Russia <strong>and</strong><br />
Ch<strong>in</strong>a, focuses – accord<strong>in</strong>g to the panelist – on confidence-build<strong>in</strong>g by offer<strong>in</strong>g a politically<br />
b<strong>in</strong>d<strong>in</strong>g CoC rather than a treaty, which is based on verification provisions with challeng<strong>in</strong>g<br />
ratification processes. This CoC, which was submitted to the UN General Assembly <strong>in</strong> October<br />
2011, constituted an <strong>in</strong>vitation to engage <strong>in</strong> further discussions.<br />
Transparency <strong>and</strong> CBMs were stressed as a means of response to the risks of misperception <strong>and</strong><br />
escalation, which are <strong>in</strong>creased by the characteristic attributes of cyberspace – such as its<br />
<strong>in</strong>tr<strong>in</strong>sic dynamism <strong>and</strong> anonymity. They also contribute to the development of common norms<br />
of responsible state behavior. Measures could be drawn from conventional arms control,<br />
provid<strong>in</strong>g a basis for multilateral methods <strong>and</strong> potentially lead<strong>in</strong>g to the development of a<br />
“Code of Conduct”. Transparency <strong>and</strong> CBMs could therefore create the foundation of trust<br />
amongst the state community that is necessary if states are to enter <strong>in</strong>to legally b<strong>in</strong>d<strong>in</strong>g<br />
agreements.<br />
The fourth speaker discussed state rights <strong>and</strong> responsibilities <strong>in</strong> cyberspace. It was argued that<br />
they can be realized <strong>in</strong> both the political <strong>and</strong> the legal doma<strong>in</strong>s, with states already start<strong>in</strong>g to<br />
address state responsibility politically. These underst<strong>and</strong><strong>in</strong>gs of political <strong>and</strong> legal<br />
responsibilities of states could “help establish <strong>in</strong>ternational law”. Just as a series of <strong>in</strong>dividual<br />
declarations by a sufficient number of states could over time – <strong>in</strong> addition to the broad<br />
pr<strong>in</strong>ciples articulated <strong>in</strong> the exist<strong>in</strong>g declaration of cooperative actions <strong>in</strong> the cybersphere –<br />
provide a more solid cooperation than any cybersecurity treaty could. The role of law, as<br />
po<strong>in</strong>ted out by the panelist, could therefore focus on the weaknesses <strong>in</strong> these declarations<br />
<strong>in</strong>stead. However, the speaker argued that the need for CBMs is greater than ever, <strong>and</strong> states<br />
have a legal obligation as well as a political responsibility to work faster towards creat<strong>in</strong>g them<br />
for cyberspace, as the process is currently very slow. The development of cybercrime<br />
cooperation mechanisms between the United States, Ch<strong>in</strong>a, <strong>and</strong> Russia was debated as a basis<br />
for build<strong>in</strong>g norms for responsible state behavior regard<strong>in</strong>g the military aspects of the cyber<br />
doma<strong>in</strong>. As developments <strong>in</strong> cyberspace have a harmful effect on “strategic nuclear stability”, it<br />
was concluded by the speaker that cont<strong>in</strong>uous dialogue at the <strong>in</strong>ternational level should be<br />
opened immediately, while steps should also be taken to create CBMs relat<strong>in</strong>g to state<br />
accountability <strong>and</strong> responsibility <strong>in</strong> the cyber realm.<br />
In the f<strong>in</strong>al presentation of this session, the speaker focused on state-sponsored cyberattacks <strong>and</strong><br />
talked about multilateral approaches to cybersecurity requir<strong>in</strong>g <strong>in</strong>ternational rules <strong>and</strong><br />
confidence-build<strong>in</strong>g. The current state of cyberspace security was described as def<strong>in</strong>ed by<br />
misperceptions <strong>and</strong> fears of escalation, <strong>and</strong> “preventive diplomacy”, which <strong>in</strong>cludes<br />
<strong>in</strong>ternational transparency <strong>and</strong> CBMs, should be key to improv<strong>in</strong>g security. While the oft-feared<br />
“Digital Pearl Harbour” may be rather unlikely <strong>in</strong> the sense that a cyberattack could completely<br />
15