Challenges in Cybersecurity Risks, Strategies, and ... - Unidir
Challenges in Cybersecurity Risks, Strategies, and ... - Unidir
Challenges in Cybersecurity Risks, Strategies, and ... - Unidir
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
BACKGROUND<br />
As cyberattacks grow <strong>in</strong> number <strong>and</strong> sophistication, <strong>and</strong> states, as well as non-state actors such<br />
as private hackers <strong>and</strong> organized crim<strong>in</strong>als, appear to be becom<strong>in</strong>g <strong>in</strong>volved, the threat is<br />
<strong>in</strong>creas<strong>in</strong>gly perceived as a problem <strong>in</strong> both a national <strong>and</strong> an <strong>in</strong>ternational security context. Yet<br />
assessments of how real the threat is, where the danger lies, who is best suited to respond to it,<br />
<strong>and</strong> what k<strong>in</strong>d of <strong>in</strong>ternational measures <strong>and</strong> strategies are appropriate to protect <strong>in</strong>formation<br />
societies aga<strong>in</strong>st malicious actors – <strong>in</strong> short, how best to safeguard the long-term stability <strong>and</strong><br />
peaceful use of the <strong>in</strong>ternet – vary widely.<br />
States are <strong>in</strong>creas<strong>in</strong>gly aware of the need to seriously address the daunt<strong>in</strong>g challenges of<br />
protect<strong>in</strong>g their <strong>in</strong>formation networks – especially those related to national security <strong>and</strong> critical<br />
<strong>in</strong>frastructures – from any attacker. Recent developments have shown that there is more to this<br />
endeavor than answer<strong>in</strong>g technical questions, particularly s<strong>in</strong>ce many technical problems do not<br />
necessarily seem to have solutions. The cybersecurity question needs to be placed with<strong>in</strong> a<br />
larger framework of <strong>in</strong>ternational cooperation, norms, <strong>and</strong> rules for appropriate <strong>and</strong> responsible<br />
state behavior that will ensure the peaceful use of cyberspace. To make such a framework<br />
possible, a variety of questions have to be addressed:<br />
� The potential impact of the actions of newly emerg<strong>in</strong>g, sophisticated cyberattackers, state<br />
as well as non-state actors, their motivations, tactics, <strong>and</strong> procedures.<br />
� The costs <strong>and</strong> benefits to national <strong>and</strong> <strong>in</strong>ternational security of military doctr<strong>in</strong>es<br />
<strong>in</strong>corporat<strong>in</strong>g offensive cyber operations have yet to be fully understood. Due to the nature<br />
of this type of technology, it is very difficult to attribute cyberattacks. Offensive uses of<br />
such technologies <strong>in</strong> the cyber doma<strong>in</strong> could lead to geo-strategic <strong>in</strong>stability <strong>and</strong> raise the<br />
risk of miscalculations <strong>in</strong> times of crisis. This <strong>in</strong> turn could lead to escalation <strong>and</strong> serious<br />
conflicts. It is important to underst<strong>and</strong> current trends <strong>and</strong> developments regard<strong>in</strong>g the<br />
potential of cyberattacks for conflict <strong>and</strong> war, <strong>and</strong> the possible effects on civilian<br />
<strong>in</strong>frastructure, economies, <strong>and</strong> human security.<br />
� Open questions regard<strong>in</strong>g the application of <strong>in</strong>ternational laws <strong>and</strong> norms have to be<br />
addressed, as there is still no multilateral underst<strong>and</strong><strong>in</strong>g about how to apply these to the<br />
cyber realm, or even about why do<strong>in</strong>g so is important for the future. For example, how<br />
should national militaries apply the laws of armed conflict <strong>and</strong> humanitarian law to<br />
cyberwarfare <strong>in</strong> the lead up to or <strong>in</strong> actual times of armed conflict? How does one apply the<br />
pr<strong>in</strong>ciple of proportional response to “cyberwar”? What level of cyber disruption<br />
constitutes “unacceptable harm” to civilians? Even more fundamentally, what constitutes a<br />
casus belli <strong>in</strong> cyberspace with possible effects on other doma<strong>in</strong>s caus<strong>in</strong>g a conventional<br />
response?<br />
� The question of what constra<strong>in</strong>ts can <strong>and</strong> should be put upon offensive cyber operations<br />
given their technical conditions <strong>and</strong> the current legal regimes needs to be further<br />
<strong>in</strong>vestigated. Is it possible to control various k<strong>in</strong>ds of cyber operations <strong>and</strong> conf<strong>in</strong>e their<br />
impact? What are the strengths <strong>and</strong> weaknesses of major strategies to prevent the misuse of<br />
cyberspace? An effective response to the threat of cyberattacks will have to <strong>in</strong>volve a<br />
variety of stakeholders. But what are the respective roles of non-state <strong>and</strong> transnational<br />
actors such as civil society <strong>and</strong> <strong>in</strong>dustry? What role can national governments play? How<br />
can global cybersecurity be strengthened through <strong>in</strong>ternational norms of behavior,<br />
8