Challenges in Cybersecurity Risks, Strategies, and ... - Unidir
Challenges in Cybersecurity Risks, Strategies, and ... - Unidir
Challenges in Cybersecurity Risks, Strategies, and ... - Unidir
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
This list could certa<strong>in</strong>ly go on.<br />
With all the different debates, which are naturally <strong>in</strong>fluenced by different political <strong>in</strong>terests, the<br />
question is whether a common denom<strong>in</strong>ator can be found for as many countries as possible.<br />
Any underst<strong>and</strong><strong>in</strong>g should <strong>in</strong>clude<br />
� a package of material norms of state behavior <strong>in</strong> cyberspace <strong>and</strong><br />
� an acceptable form.<br />
Even <strong>in</strong> our complicated world with widely vary<strong>in</strong>g <strong>in</strong>terests, on closer exam<strong>in</strong>ation at<br />
<strong>in</strong>ternational forums one can f<strong>in</strong>d a surpris<strong>in</strong>g degree of consensus. The follow<strong>in</strong>g po<strong>in</strong>ts<br />
concern<strong>in</strong>g the protection of global cyber space are addressed:<br />
1. the ability of critical <strong>in</strong>frastructures to withst<strong>and</strong> failure,<br />
2. economic aspects, protection of <strong>in</strong>tellectual property <strong>and</strong> protection aga<strong>in</strong>st crime,<br />
3. human rights, <strong>and</strong><br />
4. development aid.<br />
I would wager that most can agree on these po<strong>in</strong>ts, because I am fairly certa<strong>in</strong> that the defenders<br />
of economic <strong>in</strong>terests, for example, would not seriously deny the importance of uphold<strong>in</strong>g<br />
human rights, <strong>and</strong> the defenders of human rights would not oppose hav<strong>in</strong>g resilient critical<br />
<strong>in</strong>frastructures, <strong>and</strong> so on.<br />
I th<strong>in</strong>k this is already a good material basis for develop<strong>in</strong>g pr<strong>in</strong>ciples or norms of responsible<br />
state behaviour <strong>in</strong> cyberspace.<br />
I believe the best common denom<strong>in</strong>ator is economic growth: Both digitally dependent national<br />
economies, both established <strong>and</strong> exp<strong>and</strong><strong>in</strong>g, must keep an eye on <strong>in</strong>teroperability, network<br />
availability <strong>and</strong> the protection of critical <strong>in</strong>frastructures.<br />
As far as an acceptable form for norms of state behavior, I believe the first option is "soft law",<br />
which is politically rather than legally b<strong>in</strong>d<strong>in</strong>g although it encourages the formation of<br />
customary <strong>in</strong>ternational law <strong>and</strong> can serve as an aid to <strong>in</strong>terpretation <strong>in</strong> case of conflict. There<br />
are successful models for formulat<strong>in</strong>g common pr<strong>in</strong>ciples of <strong>in</strong>ternational policy on the basis of<br />
soft law. As a prom<strong>in</strong>ent example, I would mention only the 1948 Universal Declaration of<br />
Human Rights, which is now considered part of customary <strong>in</strong>ternational law.<br />
I could imag<strong>in</strong>e start<strong>in</strong>g with a politically b<strong>in</strong>d<strong>in</strong>g, soft law codex for norms of state behaviour<br />
<strong>in</strong> cyberspace which have broad <strong>in</strong>ternational acceptance. I am hopeful that successful<br />
approaches will eventually become b<strong>in</strong>d<strong>in</strong>g.<br />
There is no need to re-<strong>in</strong>vent norms of state behavior for cyberspace. If we could agree <strong>in</strong> a first<br />
step which <strong>in</strong>ternationally recognized pr<strong>in</strong>ciples can be applied to cyberspace, we would have<br />
already made significant progress.<br />
My vision for a shared underst<strong>and</strong><strong>in</strong>g of cyberspace oriented on the physical world is largely<br />
based on this idea:<br />
� security <strong>and</strong> predictability of activities <strong>in</strong> cyberspace;<br />
� transparency <strong>and</strong> trust- <strong>and</strong> security-build<strong>in</strong>g measures;<br />
� <strong>in</strong>ternational cooperation <strong>and</strong> fight aga<strong>in</strong>st cyber crime.<br />
States could agree on the follow<strong>in</strong>g, <strong>in</strong> agreement with tried <strong>and</strong> tested general pr<strong>in</strong>ciples for<br />
cyberspace:<br />
� peaceful use<br />
� a culture of cyber security<br />
� availability, confidentiality, <strong>in</strong>tegrity, authenticity<br />
� an obligation to protect critical <strong>in</strong>frastructures<br />
� an obligation to fight malicious software as well as crim<strong>in</strong>al <strong>and</strong> terrorist misuse as<br />
generally understood<br />
� cooperation among states <strong>in</strong> attribut<strong>in</strong>g cyber attacks.<br />
30