Cyberconflict

Updates

Symantec published a report revealing the details on the cyber espionage group acting in 2017-2018 to gather intelligence on targets in telecom and IT services that opened the access to oil and gas sector mainly in Pakistan and Turkey. Seedworm also affected Russia (11 victims belongs to one Russian firm), Saudi Arabia, Afghanistan, Jordan, and organizations in Europe and North America that have ties to the Middle East. The group used GitHub to store the malware and exploit several publicly available open-source tools like LaZagne and Crackmapexec which they customize to carry out their attacks.

The European Commission adopted an updated version of the EU cyber defence policy framework.  The purpose of the framework is to take into account the changing security challenges since the original framework of 2014. The updated framework identifies six priority areas for cyber defence: development of cyber defence capabilities, protection of the EU Common Security and Defence Policy (CSDP) communication and information networks, training and exercises, research and technology, civil-military cooperation and international cooperation. and clarifies the roles of the different European actors. It also clarifies the roles of European actors within these six areas, including EU member states, the European Commission, the European Defence Agency (EDA), the European External Action Service (EEAS), the European Security and Defence College (ESDC), the European Network and Information Security Agency (ENISA), the European Cybercrime Centre (EC3) and CERT-EU.

ASEAN countries signed multiple statements on deepening cooperation in cybersecurity with various key partners. During the East Asia Summit (EAS), ASEAN countries and their eight partners issued a statement on deepening cooperation in the security of information and communications technologies (ICTs), vowing to promote an open, secure, stable, accessible, and peaceful ICT environment; work together to protect their ICT networks and provide assistance to states that do not have sufficient capacities in this regard; foster cooperation to support a secure and resilient digital infrastructure; and strengthen cooperation on personal data protection. ASEAN countries also issued a joint statement with Russia, acknowledging the need to elaborate on the already proposed norms of responsible behaviour of states in cyberspace; the importance of developing a peaceful, secure, and resilient rules-based ICT environment; the need to prevent the use of information resources or technologies for criminal or terrorist purposes; and to narrow the digital divide. ASEAN countries stated they will consider the initiative of the Russian Federation on an ‘ASEAN-Russia Dialogue on ICT security-related issues’. On 16 November, ASEAN countries issued a statement on cybersecurity cooperation with the USA as well, pledging to strengthen cybersecurity in ASEAN; committing to promote norms of responsible state behaviour in cyberspace in peacetime developed by the UN Governmental Group of Experts (UN GGE) in 2015; and to explore ways and build capacities to counter the use of ICTs for terrorism as well as its forms and manifestations on the Internet. 

At the opening of the annual UN Internet Governance Forum (IGF), held at UNESCO premises in Paris, French President Emmanuel Macron launched the “Paris Call for Trust and Security in Cyberspace”, a high-level declaration on developing common principles for securing cyberspace. The Paris Call builds on the WSIS Tunis Agenda’s definition of the ‘respective roles’ of states and other stakeholders. It also resonates with the UN Group of Governmental Experts reaffirmation that international law applies to cyberspace. The declaration invites for support to victims both during peacetime and armed conflict, reaffirms Budapest Convention as the key tool for combating cybercrime, recognises the responsibility of private sector for products security, and calls for broad digital cooperation and capacity-building. It than invites signatories to, among other, prevent damaging general availability or integrity of the public core of the Internet, foreign intervention in electoral processes, ICT-enabled theft of intellectual property for competitive advantage, and non-state actors from ‘hacking-back’. The Paris Call has strong initial support from hundreds of signatories, including leading tech companies and many governments. Yet the USA, Russia, and China are missing. The declaration and its effects will be discussed again during the Paris Peace Forum in 2019, as well as during the IGF 2019 in Berlin.

Two new resolutions on cybersecurity issues have been adopted by the UN First Committee of the General Assembly (GA): one proposed by Russia by a vote of 109 in favour to 45 against, and the other by the USA with 139 in favour to 11 against. The resolution proposed by Russia (A/C.1/73/L.27.Rev.1), which has undergone number of changes since the draft was introduced mid-October, establishes an open-ended working group, to initially convene in June 2019, which will involve all interested states, hold intersessional consultations with business, NGOs and academia, and report to the UN GA in Autumn 2020. The group is mandated to, on a consensus basis, further develop the eleven norms of the 2015 report of the GGE (spelled out again in the resolution, but with certain changes in wording comparing to the GGE report) as well as the role of private sector and civil society, and discuss their implementation; it will also discuss models for ‘regular institutional dialogue with broad participation’ under the UN. The US resolution (A/C.1/73/L.37), underlines the reports of the UN GGE (2010, 2013, and 2015), and calls for the establishment of another GGE, mandated to further study norms, confidence-building measures and capacity-building measures, taking into account effective implementation of those, to report to the UN GA in Autumn 2021. It particularly suggests that the report should contain written national submissions on how international law applies to cyberspace. It also invites UNODA to conduct consultations with regional organisations (namely AU, EU, OAS, OSCE and the ASEAN Regional Forum), and the UN GGE chair to organise two open-ended informal consultative meetings with all the interested states.

The Global Commission on the Stability of Cyberspace (GCSC) has released its 'Singapore package' with the six new proposed norms for state and non-state behaviour. The norms focus on tampering with products, vulnerability disclosure and responsibility, botnets, cyber-hygiene, and conduct of offensive cyber operations by non-state actors. According to its Commissioners, the GCSC may still work on development of few additional norms, but will now put more focus on exploring the ways to steer other processes with its proposed norms.

Cyber-attacks can have a background in international relations, or bring about the consequences that can escalate to a political and diplomatic level. An increasing number of states appear to be developing their own cyber-tools for the defense, offence and intelligence related to cyberconflict.

The use of cyber-weapons by states - and, more generally, the behavior of states in cyberspace in relation to maintaining international peace and security - is moving to the top of the international agenda.

 

Dealing with cyberconflicts as policy issue is in an early stage, with some early agreements related to the implementation of the existing international law to cyberspace and drafts of the norms and confidence building measures.

The complex nature of cyberconflict

The traditional forms of war are well known. There is established international law that regulates the conduct of armed conflict and seeks to limit its effects, such as the Geneva Convention which protects those who are not a part of the fighting. The rules of war, however, are different from the possible event of interstate cyber-conflicts, which are still not well defined.

A major characteristics of the cyberconflict is an almost impossible attribution of the attack even to a certain users, let alone to sponsorship by any state, due to the very complex and sophisticated weapons used which are able to work through a number of proxy layers (including botnets). Another difference between a traditional war and a possible cyberwar, however, exists in the scale: cyber-incidents do not take place between two nations while other countries silently watch. The Internet is a global resource and the cyberweapons, such as botnets, will employ the computing resources of other nations, making cyberwarfare effectively global. It is, therefore, reasonable to understand that the issues of cyber-conflicts and cyberwarfare belong to the Internet governance area and should be debated along with other security threats.

In 2013, the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE), prepared the Tallinn Manual elaborating on the implementation of the existing international humanitarian law on entering and conducting a war (jus ad bellum and jus in bello) in cyberspace. One attempt by academics and non-state actors to draft an international agreement is that of the Stanford Draft Convention on Protection from Cyber Crime and Terrorism. This draft recommends the establishment of an international body, named the Agency for Information Infrastructure Protection (AIIP). The UN Governmental Group of Experts has confirmed, in 2013, that the existing international law applies to cyberspace, but is yet to discuss on how it applies in practice. The OSCE has developed the Confidence Building Measures to enhance cooperation and prevent cyber-conflicts.

Events

Actors

(CCDCOE)

As a multinational and interdisciplinary hub of cyber defence expertise, the Cooperative Cyber Defence Centre

...

As a multinational and interdisciplinary hub of cyber defence expertise, the Cooperative Cyber Defence Centre of Excellence involves experts with military, government, and industry backgrounds and provides an international ‘360-degree’ look at cyber defence. The CCDCOE organises the world’s largest and most complex international technical cyber defence exercise –  Locked Shields, and the annual conference on cyber conflict – CyCon. The CCD COE's Tallinn Manual is a very detailed and elaborate study on how international law applies to cyberspace with regard to warfare.

(UNIDIR)

Within the framework of its Emerging Security Issues Programme, UNIDIR explores issues related to the use of n

...

Within the framework of its Emerging Security Issues Programme, UNIDIR explores issues related to the use of new technologies (such as machine learning, artificial intelligence, robotics, and computational power) as methods and means of warfare. One of the Institute’s research projects focuses on the weaponisation of increasingly autonomous technologies, and it aims to examine areas where there is common ground, as well as areas requiring further investigation. As part of the project, expert-led discussions are organised, and public observation papers are produced with the aim to help frame future dialogue on the issue and assist governments in making responsible policy choices.

(OSCE)

The OSCE has a represe

...

The OSCE has a representative on Freedom of the Media to promote Internet freedom through diplomatic channels and public statements. OSCE monitors media developments in its member states and advocates for media freedom on the Internet, media self-regulation, media laws, media pluralism, and safety of journalists, and denounces criminalisation of defamation and hate speech. To this aim, OSCE produces legal reviews and conducts research on media freedom. It also organises an annual conference on digital media freedom and journalism. In March 2017, the OSCE issued the Joint Declaration on Freedom of Expression and "Fake News", Disinformation and Propaganda alongside the UN Special Rapporteur on Freedom of opinion and expression.

(UN GGE)

The UN GGE has tackled issues related to cyber conflicts in its reports.

...

The UN GGE has tackled issues related to cyber conflicts in its reports. For example, the 2013 report recognised the fact that existing international law applies to the use of ICTs by states. It also outlined a series of recommendations on confidence building measures aimed at promoting trust and assurance among states and helping reduce the risk of conflict. The 2015 report noted that the use of ICTs in future conflicts between states is becoming more likely and offered additional recommendations on confidence building measures aimed at reducing the risk of misperception, escalation, and conflict that may stem from ICT incidents.

(ICRC)

The ICRC promotes the view that the use of cyber capabilities in armed conflict must comply with all principle

...

The ICRC promotes the view that the use of cyber capabilities in armed conflict must comply with all principles and rules of international humanitarian law. Its 2015 Report on international humanitarian law and the challenges of contemporary armed conflicts draws attention to the fact that cyber warfare and autonomous weapon system raise legal, ethical, and humanitarian issues. The Committee is engaged in bilateral dialogue with several states on the potential human costs of cyberwarfare, and it contributes to international activities in this area (for example, it served as an observer to the group of experts that drafted the Tallinn Manual).

(NATO)

Cyber defence is part of NATO’s mission of collective defence. In 2016, the organisation declared cyberspace as its fourth operational domain, in addition to air, lan

...

Cyber defence is part of NATO’s mission of collective defence. In 2016, the organisation declared cyberspace as its fourth operational domain, in addition to air, land, and sea. Its Policy on cyber defence, adopted in 2014, outlines, among others, ways to take cyber defence awareness, education, training, and exercise activities forward. Although NATO’s main priority in cyber defence is the protection of communications and information systems owned and operated by the organisation, it also assist member states by sharing information and best practices regarding the prevention, mitigation, and recovery from cyber attacks, as well as by conducting cyber defense exercises. 

Instruments

Conventions

Resolutions & Declarations

Wuzhen World Internet Conference Declaration (2015)

Other Instruments

2015 Report of the Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security (2015)
2013 Report of the Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security (2013)

Resources

International Cybersecurity Norms (2016)

Publications

Internet Governance Acronym Glossary (2015)
An Introduction to Internet Governance (2014)

Papers

From Articulation to Implementation: Enabling Progress on Cybersecurity Norms (2016)
International Cybersecurity Norms. Reducing Conflict in an Internet-dependent World (2014)

Reports

Towards a secure cyberspace via regional co-operation (2017)
Hostile Drones: The Hostile Use of Drones by Non-State Actors against British Targets (2016)
National Security Implications of Virtual Currency. Examining the Potential for Non-state Actor Deployment (2015)

GIP event reports

Cyber Stability 2018: Preventing and Mitigating Conflict (2018)
The Proposal for a Digital Geneva Convention – Implications for Human Rights (2017)
GPW 2017: Summary of Discussions on Conflict Prevention and New Technologies (2017)
Roundtable Discussion: A New Digital Geneva Convention? (2017)
Preventing Cyber Conflicts: Do We Need a Cyber Treaty? (2017)
Looking Ahead: What to Expect in the Cyber Realm (2017)
Launch of the SCION Pilot Server (2017)

Processes

Click on the ( + ) sign to expand each day.

13th IGF 2018

  • 13:30 - 15:00
    Understanding Cyber Harm: The Human Rights Dimension

12th IGF 2017

IGF 2016

IGF 2015

 

The GIP Digital Watch observatory is provided by

in partnership with

and members of the GIP Steering Committee



 

GIP Digital Watch is operated by

Scroll to Top