The CyberPeace Institute, an independent, neutral, and collaborative non-governmental organization, was created to enhance the stability of cyberspace. It aims to decrease the frequency, harm, and scale of cyber-attacks on civilians and critical civilian infrastructure, and increase the resilience of vulnerable actors. The Institute subscribes to the following principles in its work:
- Impact: Reducing the frequency, harm, and scale of cyber-attacks by pushing for greater restraint in the use of cyber-attacks, increasing accountability for attacks that occur, and enhancing capabilities to prevent and recover from attacks.
- Inclusiveness: Being inclusive and collaborative in the approach, cooperating with, and supporting, existing synergistic efforts.
- Independence: Operating free from the direction or control of any other actors, including states, industries, and other organisations.
- Integrity: Ensuring that its work and interactions with the cybersecurity community and victims of cyber-attacks reflect the highest ethical and analytical standards.
- Neutrality: Supporting the stability and security of cyberspace rather than the interests of individual actors; as such, engaging with stakeholders and cyber-attack victims regardless of geographic location, nationality, race, or religion.
- Transparency: Being transparent about its operations and methodologies, when it is feasible and responsible.
Through field analysis and global campaigning, the Institute’s goal is to protect the most vulnerable and to achieve peace and justice in cyberspace. Its work is structured around three pillars: assistance, analysis, and advancement. These pillars form the core of the Institute’s mission, building on the simple reality that infrastructure, networks, regulations, norms, and protocols are merely enablers in cyberspace.
To fulfil this mission, and to deliver products and services which have a real impact, the Institute has four strategic objectives, ensuring a human-centric response to the technological, ethical, and regulatory challenges of cyberspace. Each of these objectives enables operational, tactical, and strategic responses with the goal of empowering people by maintaining a vibrant, open, free, and peaceful online space. The first three objectives are aligned with the three pillars, while the fourth objective ensures that the Institute and its staff are at the forefront of what will be tomorrow’s challenges in cyberspace.
- Strategic Objective 1: To increase and accelerate assistance efforts towards the most vulnerable, globally.
- Strategic Objective 2: To close the accountability gap through collaborative analyses of cyberattacks.
- Strategic Objective 3: To advance international law and norms in order to promote responsible behaviour in cyberspace.
- Strategic Objective 4: To forecast and analyse security threats associated with emerging and disruptive technologies, to innovate breakthrough solutions, and to close the skill gap to address global cyber challenges.
The Institute has an international scope, and is independent, apolitical, and impartial in its operations, publications, and partnerships.
The Institute provides assistance to vulnerable communities, analyses cyberattacks to increase accountability, advocates for the advancement of the role of international law and norms for responsible behaviour in cyberspace, forecasts future threats (with a focus on disruptive technology), and supports capacity building.
Example of operational activities include:
- Mapping the threat landscape in relation to critical civilian infrastructure.
- Supporting the delivery of assistance at scale to the most vulnerable victims of cyberattacks.
- Co-ordinating resources to amplify the impact of existing assistance efforts.
- Conducting forensic and impact analyses of sophisticated cyberattacks and cyber operations, in co-operation with a consortium of experts from academia, industry, and civil society.
- Co-ordinating relief efforts through a network of volunteers and providing knowledge products to increase resiliency.
- Advancing the role of international law and norms governing the behaviour of state and non-state actors in cyberspace.
- Analysing responses to violations of norms, and how normative or legal gaps are exposed and undermined.
- Increasing public awareness of the real-life impact of cyberattacks, and providing a platform where vulnerable populations can tell their stories.
- Analysing potential threats and opportunities stemming from the convergence of disruptive technologies (e.g., artificial intelligence, brain machine interface, augmented Reality, virtual Reality, 5G, etc.).
- Acting as a platform to share innovative approaches and capacity-building strategies.
Digital policy issues
- Critical infrastructure
Consistent with its human-centric approach, one of the Institute's key areas of focus is the protection of civilian infrastructure from systemic cyberattacks. For instance, in 2020, the Institute, together with a number of partners, launched Cyber 4 Healthcare, a targeted service for healthcare organizations fighting COVID-19. The initiative helps people find trusted and free cybersecurity assistance provided by qualified and reputable companies. In May 2020, the Institute issued a call for governments to stop all cyberattacks on healthcare organizations and to work with civil society and the private sector to ensure that medical facilities are protected and that perpetrators are held accountable.
Following that appeal to governments, the Institute launched a Strategic Analysis Report in March 2021. Playing with Lives: Cyberattacks on Healthcare are Attacks on People urges governments to remove rewards for criminals and hostile states attacking healthcare. The first of its kind, this analytical report focuses on the impacts of attacks on people and society and highlights the responsibilities of nation-states in leading the way for attacks to decrease globally and threat actors to be held accountable. It maps existing initiatives and provides actionable recommendations to governments and policymakers to engage with civil society, industry and academia and design collective solutions.
Cyberpeace: From Human Experience to Human Responsibility
While the international community has recognized the need to be more “human-centric,” the CyberPeace Institute believes that an increased focus on human impact is not enough. In our pursuit of cyberpeace, we must start with the human impact. In each and every response, we must recall that the digital is human.
In cyberspace, everyone has a role to play. This collective action is essential to promoting justice, effecting change and ensuring human security, dignity and equity.
The CyberPeace Institute is gathering testimonials and digital evidence from the field to track these diverse accountabilities, ensuring that cyberattacks and cyberoperations are investigated in their local context. Closing the accountability gap will be made possible by shedding light on responsibilities in the context of the societal impact of irresponsible behaviour.
- Network security
To increase the scale and impact of its efforts to assist civilian victims of cyber-attacks, the Institute is building the CyberPeace Builders network, composed of volunteers from a range of backgrounds and locations worldwide, administered by a dedicated management structure, in collaboration with partners with established assistance capabilities. The network will provide emergency incident response and longer-term recovery plans to civilian victims recovering from significant cyberattacks perpetrated by malicious actors. It also assists vulnerable individuals in increasing their resilience and guarding against future cyberattacks.
- Interdisciplinary approaches
In order to contribute to closing the accountability gap in cyberspace, the Institute seeks to advance the role of international law and norms. This includes initiatives such as: publishing analyses of the economic and social impacts of cyberattacks; driving external engagement with stakeholders, individuals, and organizations focused on enhancing the stability of cyberspace; conducting reviews of cyberattacks based on international law and norms; and assessing potential remedies to fill the identified gaps. The Institute is actively engaged in the work of the United Nations Open-Ended Working Group on Developments in the Field of Information and Telecommunications in the Context of International Security, and is co-Chair of the Paris Call Working Group 5: Building a cyberspace stability index, one of six groups established in November 2020 which are dedicated to ensure that fundamental rights and principles that apply in the physical world are respected in cyberspace. More information on the Paris Call here
- Capacity development
In 2020, the Institute initiated a series of CyberPeace Labs webinars, bringing together experts from academia, the private sector, international organizations, civil society, and governmental bodies as discussants. Within the context of the COVID-19 pandemic, the first CyberPeace Lab: Infodemic: A Threat to Cyberpeace, explored how malicious actors exploit infodemics to facilitate cyberattacks. The discussions from the series produced a set of best practices and actionable recommendations to inform initiatives undertaken by the Institute and, ultimately, to improve resilience against cyberattacks and bring about online peace.
The Institute also aims to facilitate the creation and scale-up of operational partnerships for cyber capacity-building, notably with grassroots practitioners and civil society organizations, to maximise the beneficial impact on local communities and individuals, while taking into account specific human contexts.
The Institute is also developing tailored products, such as the Resilience Toolkits, which are tailored to improve cyber hygiene. These Toolkits reflect specific local and regional contexts and are designed, produced, and delivered in collaboration with local partners and stakeholders to accelerate existing efforts at the regional level.
In 2021 the Institute launched the Cyber Awareness Café, an online resource that promotes cyber awareness through sharing of information and cybersecurity tips with NGOs and local entities around the world.
In addition to its CyberPeace Labs, the Institute shares useful video materials and discussion recordings on its YouTube channel, maintains blogs on Medium, and is an active user of a number of social media channels, for example, Twitter, LinkedIn, Instagram and Facebook.