16 Jun 2017

The Council of the European Union launched an initiative to develop a “Cyber Diplomatic Toolbox” – a framework for joint diplomatic response of the EU to deter cyber-attacks and respond to cyber-threats. The toolbox should set range of diplomatic and political measures that EU can take in joint response to possible malicious cyber-activities by state and non-state, such as issuing condemning statements, summoning ambassadors, but also possibly introducing sanctions. This measure may be an attempt to balance the emerging hard power - offensive and defensive cyber-capabilities – that EU member states are developing, with soft-power measures, and might be efficient for deterring member states rather than non-state actors, Council on Foreign Relations reports. The use of a toolkit will not require a determination of attribution, and the attribution remains a sovereign decision of states that are victims of cyber-attacks.

13 May 2017

[Update] Read: The WannaCry ransomware cyber attack in detail:

A new version of ransomware, dubbed WannaCry, has quickly spread worldwide and infected hundred thousands of devices across many countries. The New York Times reported that WannaCry has hit the UK hospitals forcing public health system National Health Service to accept only the most urgent patients, and froze computers at the Russian Ministry of Interior, while MalwareTech security researcher reported almost 200,000 infected computers in all the continents. Similarly to other types of ransomware, WannaCry encrypts data on the infected device and demands a ransom of $300 in BitCoins to be paid to a given Bitcoin wallet within several days, otherwise the data will remain locked. Unlike other versions, however, WannaCry propagates through the network and infects computers like a worm - that is even if their users have not activated the infected file or link - allowing its massive effect. This was made possible by exploiting the vulnerability in Windows, called EternalBlue, which recently leaked from the NSA cyber-tools repository, Forbes reports. While Microsoft has issued a patch for this vulnerability in March already, many computers – especially in bigger systems that have complex procedures – have not yet installed the patches, and are being infected. The MalwareTech researcher realised that the WannaCry code demands infected computers to regularly contact a certain non-existing Internet domain, and registered such domain to create the map of infected computers. It appeared, however, that this served as a kill-switch for the malware spread, which was built in by the criminals to be able to abandon the infection process if needed. While the infection has been accidentally stopped, experts warn that a new form of ransomware will emerge very soon, and invite users, institutions and companies to update their Windows promptly.

6 May 2017

Just 48 hours before the Presidential Elections in France, over 9 GB of allege archive of emails of Emmanuel Macron, a candidate, leaked online thanks to an external hacking attack. The attack was based on a phishing domain created by the attackers to impersonate the site that Macron’s campaign associates used for cloud data storage. Such an attempt was reported by the security firm Trend Micro back in March, and attributed to the Russian hacker group Fancy Bear, yet Macron’s campaign then claimed the attack failed. According to Wired, cybersecurity experts have confirmed that the structure of the email archive seems real, yet warned that this doesn’t mean that the content is genuine but some of it could be forged designed to spark scandal. The Daily Beast, however, reported that Macron’s team had prepared a strategy against possible hacking and has purposely accessed the phishing pages to implant false information through multiple true and false log-ins, in order to force the attackers and the leaking websites like Wikileaks to need to spend time to figure out what is false and what is true. Ultimately, it may have discredited the entire leak, which could be one of the reasons why newspapers and broadcasters in France avoided to report on details of the leak, The New York Times reports.


Cyber-attacks can have a background in international relations, or bring about the consequences that can escalate to a political and diplomatic level. An increasing number of states appear to be developing their own cyber-tools for the defense, offence and intelligence related to cyberconflict.

The use of cyber-weapons by states - and, more generally, the behavior of states in cyberspace in relation to maintaining international peace and security - is moving to the top of the international agenda.


Dealing with cyberconflicts as policy issue is in an early stage, with some early agreements related to the implementation of the existing international law to cyberspace and drafts of the norms and confidence building measures.

The complex nature of cyberconflict

The traditional forms of war are well known. There is established international law that regulates the conduct of armed conflict and seeks to limit its effects, such as the Geneva Convention which protects those who are not a part of the fighting. The rules of war, however, are different from the possible event of interstate cyber-conflicts, which are still not well defined.

A major characteristics of the cyberconflict is an almost impossible attribution of the attack even to a certain users, let alone to sponsorship by any state, due to the very complex and sophisticated weapons used which are able to work through a number of proxy layers (including botnets). Another difference between a traditional war and a possible cyberwar, however, exists in the scale: cyber-incidents do not take place between two nations while other countries silently watch. The Internet is a global resource and the cyberweapons, such as botnets, will employ the computing resources of other nations, making cyberwarfare effectively global. It is, therefore, reasonable to understand that the issues of cyber-conflicts and cyberwarfare belong to the Internet governance area and should be debated along with other security threats.

In 2013, the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE), prepared the Tallinn Manual elaborating on the implementation of the existing international humanitarian law on entering and conducting a war (jus ad bellum and jus in bello) in cyberspace. One attempt by academics and non-state actors to draft an international agreement is that of the Stanford Draft Convention on Protection from Cyber Crime and Terrorism. This draft recommends the establishment of an international body, named the Agency for Information Infrastructure Protection (AIIP). The UN Governmental Group of Experts has confirmed, in 2013, that the existing international law applies to cyberspace, but is yet to discuss on how it applies in practice. The OSCE has developed the Confidence Building Measures to enhance cooperation and prevent cyber-conflicts.




Resolutions & Declarations

Wuzhen World Internet Conference Declaration (2015)

Other Instruments

2015 Report of the Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security (2015)
2013 Report of the Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security (2013)


International Cybersecurity Norms (2016)


Internet Governance Acronym Glossary (2015)
An Introduction to Internet Governance (2014)


From Articulation to Implementation: Enabling Progress on Cybersecurity Norms (2016)
International Cybersecurity Norms. Reducing Conflict in an Internet-dependent World (2014)


Towards a secure cyberspace via regional co-operation (2017)
Hostile Drones: The Hostile Use of Drones by Non-State Actors against British Targets (2016)
National Security Implications of Virtual Currency. Examining the Potential for Non-state Actor Deployment (2015)


The GIP Digital Watch observatory is provided by

in partnership with

and members of the GIP Steering Committee


GIP Digital Watch is operated by

Scroll to Top