Cyberconflict

Updates

The report by special counsel Robert Muller on Russian influence on the US presidential elections in 2016 was published in the redacted form on April 18. The document among other things describes steps taken by Russian military officers from GRU and information campaigns organized by Internet Research Agency (IRA) in social networks.
It was investigated that GRU officers sent malicious links to several accounts linked to to the domain of Hillary Clinton's personal office to gain the access to the emails hours after Donald Trump in his campaign sarcastically called Russia to track down missing Clinton's emails with sensitive state information.
Secondly, the Mueller’s team identified that IRA organized several political rallies in the US in support of Trump’s campaign using social media and coordinating this rallies through Facebook, Twitter, and Instagram. Moreover, messages created by IRA accounts were promoted and amplified by the Trump campaign officials. It led to the public discord in social media.
Finally, the report concludes that Democratic National Committee leaks that GRU obtained and retailed through its DCLeaks and WikiLeaks represented much more interference. The information campaigns though offered some benefit for the Trump campaign, but the investigation did not identify evidence that any US persons knowingly or intentionally coordinated with IRA members.

 

The foreign ministers of G7 countries adopted the ‘Dinard Declaration on the Cyber Norm Initiative’, following a discussion on defence of democracies against foreign interference and on the responsible behaviour of states in cyberspace. The initiative’s aim is to encourage voluntary exchange of information, best practices, and lessons learned on implementation of voluntary, non-binding norms of responsible state behavior.  In a joint communique, the ministers committed to countering malicious cyber activities of North Korea and bolstering capabilities in order to address cybersecurity threats from Russia. They also encouraged China to uphold its commitments not to engage in malicious cyber activity, including cyber-enabled intellectual property theft with the intent of providing advantages.

Venezuela has announced a cyber-attack on its hydroelectric power operations caused power outage in the country. The cyber-attack was attributed to the USA by President Maduro as an act of ‘the electric war announced and led by the US imperialism against our people’ on Twitter. This was promptly denied by US Secretary of State Mike Pompeo. Maduro stated that Venezuela suffered another cyber-attack on 9 March. On 11 March, the Venezuelan government ordered US diplomatic personnel to leave Venezuela in 72 hours, as their presence ‘represents a risk for the peace, unity and stability of the country’. The US Department of State has confirmed it is withdrawing its personnel on 11 March. The electric service was restored on 12 March and stabilised in its entirety within the following days. Maduro announced that a special commission will be created to investigate the cyber-attack, with Venezuela asking for the support of the UN and countries with experience in cyber-attacks such as China, Russia, Iran, and Cuba. He also revealed that the attack originated from US cities Chicago and Houston. On 13 March, Maduro stated the sabotage was threefold, and included a cyber-attack on the central hydro plant Guri, an electromagnetic attack on the transmission lines and physical attacks to substations to generate fires and short circuits. Experts, on the other hand, consider the lack of proper maintenance and negligence to be the cause ot the power outage. On 21 March, Maduro stated that the electric war continues.

The US Navy published the ‘Navy Cryptologic & Cyber Warfare Community Vision’. The document states that the network is a warfighting platform and that the Navy must commit to strengthening the Information Warfare Enterprise. The Navy must win ‘the counter-C5ISRT challenge’ and be prepared to simultaneously defend and attack, as well as hold the enemy’s space at risk.

The US Cyber Command conducted a cyber-attack on Russian’s Internet Research Agency (IRA) to prevent it from conducting a defamatory campaign during 2018 midterm elections in the USA, according to the The Washington Post (WP). US officials told the newspaper, on condition of anonymity, that they were able to cut IRA off the Internet for several days. The Russian President’s Press Secretary, however, questioned the reliability of WP sources. The Russian Federal News Agency (FAN) claimed that FAN was the actual victim of the attack, since it had sent employees of its subsidiary, USAReally, to the USA to observe the midterm elections. FAN said it is not connected to the IRA, does not interfere with elections or conduct other illegal activities. Its internal investigation concluded that the USA failed to cut FAN off the Internet; parts of the server that were disabled were promptly replaced, and new mirrors created for USAReally continued working as usual.

Microsoft has expressed confidence that the attacks targeting democratic European institutions between September and December 2018 were conducted by Strontium cyber-espionage group, also known as Fancy Bear and APT28, which is often associated by research community to Russian military intelligence agency (GRU). The attacks targeted democratic institutions, campaigns, think tanks and non-profit organizations in Europe whose work relates to democracy, electoral integrity, and public policy and that are often in contact with government officials. The spear-phishing attacks targeted 104 accounts belonging to organisations’ employees located in Belgium, France, Germany, Poland, Romania, and Serbia.

Cyber-attacks can have a background in international relations, or bring about the consequences that can escalate to a political and diplomatic level. An increasing number of states appear to be developing their own cyber-tools for the defense, offence and intelligence related to cyberconflict.

The use of cyber-weapons by states - and, more generally, the behavior of states in cyberspace in relation to maintaining international peace and security - is moving to the top of the international agenda.

 

Dealing with cyberconflicts as policy issue is in an early stage, with some early agreements related to the implementation of the existing international law to cyberspace and drafts of the norms and confidence building measures.

The complex nature of cyberconflict

The traditional forms of war are well known. There is established international law that regulates the conduct of armed conflict and seeks to limit its effects, such as the Geneva Convention which protects those who are not a part of the fighting. The rules of war, however, are different from the possible event of interstate cyber-conflicts, which are still not well defined.

A major characteristics of the cyberconflict is an almost impossible attribution of the attack even to a certain users, let alone to sponsorship by any state, due to the very complex and sophisticated weapons used which are able to work through a number of proxy layers (including botnets). Another difference between a traditional war and a possible cyberwar, however, exists in the scale: cyber-incidents do not take place between two nations while other countries silently watch. The Internet is a global resource and the cyberweapons, such as botnets, will employ the computing resources of other nations, making cyberwarfare effectively global. It is, therefore, reasonable to understand that the issues of cyber-conflicts and cyberwarfare belong to the Internet governance area and should be debated along with other security threats.

In 2013, the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE), prepared the Tallinn Manual elaborating on the implementation of the existing international humanitarian law on entering and conducting a war (jus ad bellum and jus in bello) in cyberspace. One attempt by academics and non-state actors to draft an international agreement is that of the Stanford Draft Convention on Protection from Cyber Crime and Terrorism. This draft recommends the establishment of an international body, named the Agency for Information Infrastructure Protection (AIIP). The UN Governmental Group of Experts has confirmed, in 2013, that the existing international law applies to cyberspace, but is yet to discuss on how it applies in practice. The OSCE has developed the Confidence Building Measures to enhance cooperation and prevent cyber-conflicts.

Events

Actors

(CCDCOE)

As a multinational and interdisciplinary hub of cyber defence expertise, the Cooperative Cyber Defence Centre

...

As a multinational and interdisciplinary hub of cyber defence expertise, the Cooperative Cyber Defence Centre of Excellence involves experts with military, government, and industry backgrounds and provides an international ‘360-degree’ look at cyber defence. The CCDCOE organises the world’s largest and most complex international technical cyber defence exercise –  Locked Shields, and the annual conference on cyber conflict – CyCon. The CCD COE's Tallinn Manual is a very detailed and elaborate study on how international law applies to cyberspace with regard to warfare.

(UNIDIR)

Within the framework of its Emerging Security Issues Programme, UNIDIR explores issues related to the use of n

...

Within the framework of its Emerging Security Issues Programme, UNIDIR explores issues related to the use of new technologies (such as machine learning, artificial intelligence, robotics, and computational power) as methods and means of warfare. One of the Institute’s research projects focuses on the weaponisation of increasingly autonomous technologies, and it aims to examine areas where there is common ground, as well as areas requiring further investigation. As part of the project, expert-led discussions are organised, and public observation papers are produced with the aim to help frame future dialogue on the issue and assist governments in making responsible policy choices.

(OSCE)

The OSCE has a represe

...

The OSCE has a representative on Freedom of the Media to promote Internet freedom through diplomatic channels and public statements. OSCE monitors media developments in its member states and advocates for media freedom on the Internet, media self-regulation, media laws, media pluralism, and safety of journalists, and denounces criminalisation of defamation and hate speech. To this aim, OSCE produces legal reviews and conducts research on media freedom. It also organises an annual conference on digital media freedom and journalism. In March 2017, the OSCE issued the Joint Declaration on Freedom of Expression and "Fake News", Disinformation and Propaganda alongside the UN Special Rapporteur on Freedom of opinion and expression.

(UN GGE)

The UN GGE has tackled issues related to cyber conflicts in its reports.

...

The UN GGE has tackled issues related to cyber conflicts in its reports. For example, the 2013 report recognised the fact that existing international law applies to the use of ICTs by states. It also outlined a series of recommendations on confidence building measures aimed at promoting trust and assurance among states and helping reduce the risk of conflict. The 2015 report noted that the use of ICTs in future conflicts between states is becoming more likely and offered additional recommendations on confidence building measures aimed at reducing the risk of misperception, escalation, and conflict that may stem from ICT incidents.

(ICRC)

The ICRC promotes the view that the use of cyber capabilities in armed conflict must comply with all principle

...

The ICRC promotes the view that the use of cyber capabilities in armed conflict must comply with all principles and rules of international humanitarian law. Its 2015 Report on international humanitarian law and the challenges of contemporary armed conflicts draws attention to the fact that cyber warfare and autonomous weapon system raise legal, ethical, and humanitarian issues. The Committee is engaged in bilateral dialogue with several states on the potential human costs of cyberwarfare, and it contributes to international activities in this area (for example, it served as an observer to the group of experts that drafted the Tallinn Manual).

(NATO)

Cyber defence is part of NATO’s mission of collective defence. In 2016, the organisation declared cyberspace as its fourth operational domain, in addition to air, lan

...

Cyber defence is part of NATO’s mission of collective defence. In 2016, the organisation declared cyberspace as its fourth operational domain, in addition to air, land, and sea. Its Policy on cyber defence, adopted in 2014, outlines, among others, ways to take cyber defence awareness, education, training, and exercise activities forward. Although NATO’s main priority in cyber defence is the protection of communications and information systems owned and operated by the organisation, it also assist member states by sharing information and best practices regarding the prevention, mitigation, and recovery from cyber attacks, as well as by conducting cyber defense exercises. 

Instruments

Conventions

Resolutions & Declarations

Wuzhen World Internet Conference Declaration (2015)

Other Instruments

2015 Report of the Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security (2015)
2013 Report of the Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security (2013)

Resources

International Cybersecurity Norms (2016)

Publications

Internet Governance Acronym Glossary (2015)
An Introduction to Internet Governance (2014)

Papers

From Articulation to Implementation: Enabling Progress on Cybersecurity Norms (2016)
International Cybersecurity Norms. Reducing Conflict in an Internet-dependent World (2014)

Reports

Towards a secure cyberspace via regional co-operation (2017)
Hostile Drones: The Hostile Use of Drones by Non-State Actors against British Targets (2016)
National Security Implications of Virtual Currency. Examining the Potential for Non-state Actor Deployment (2015)

GIP event reports

UNIDIR Cyber Stability Conference: Strengthening Global Engagement (2019)
UN GGE on LAWS: Day 2 - morning (2019)
Side event: Public views on fully autonomous weapons (2019)
UN GGE on LAWS: Day 3 - afternoon (2019)
UN GGE on LAWS: Day 1 - morning (2019)
UN GGE on LAWS: Day 1 - afternoon (2019)
Cyber Stability 2018: Preventing and Mitigating Conflict (2018)
The Proposal for a Digital Geneva Convention – Implications for Human Rights (2017)
GPW 2017: Summary of Discussions on Conflict Prevention and New Technologies (2017)
Roundtable Discussion: A New Digital Geneva Convention? (2017)
Preventing Cyber Conflicts: Do We Need a Cyber Treaty? (2017)
Looking Ahead: What to Expect in the Cyber Realm (2017)
Launch of the SCION Pilot Server (2017)

Processes

Click on the ( + ) sign to expand each day.

WSIS Forum 2019

13th IGF 2018

  • 14:30 - 16:00
    Understanding Cyber Harm: The Human Rights Dimension

12th IGF 2017

IGF 2016

IGF 2015

 

The GIP Digital Watch observatory is provided by

 

 

and members of the GIP Steering Committee



 

GIP Digital Watch is operated by

Scroll to Top