Forum on the Arms Trade
  • Home
  • Experts
  • Emerging Experts
  • Expertos y Expertas Emergentes
  • Trump's First 100 Days
  • Events
  • U.S. Arms Transfers to Israel - Trump
  • Biden Arms Transfers To Israel
  • Jobs Corner
  • Media directories
    • Middle East
    • General US arms sales
    • Ukraine
  • Major Arms Sales Notifications Tracker
  • U.S. Conventional Arms Transfer (CAT) Policy
  • U.S.-Saudi Arms Sales
  • U.S. Arms Sales to Taiwan
  • U.S. Arms Sales to India
  • U.S. Landmine Policy
  • Resource Page - Under Threshold Arms Sales
  • Resource Page - USML Cat I-III to Commerce
  • HD State Tracker
  • Get on the list
  • About
  • Archives
    • All archives
    • Newsletter
    • Blog

Solving the Rubik’s cube: what’s next for norms in cyber space

12/27/2018

2 Comments

 
This is the fourth blog post in a series looking at an array of issues in 2019 related to weapons use, the arms trade and security assistance, at times offering recommendations.
Picture
Allison Pytlak
A slow drift toward a militarized cyber space has characterized the last few years. At the same time, an ever-growing patchwork of multilateral initiatives has sprung up to curtail hostile actions in this domain and articulate behavioral norms for states. From high-level political declarations to closed expert groups, governments, the tech sector, academics and others are full of ideas and suggestions. Yet, are these initiatives succeeding? Do they address human impact? Do they offer change, or accept and embody the same politicization and double standards that bedevil other security issues?  
 
In 2019, it is virtually certain that hostile cyber operations will continue to occur—both between governments, and between governments and citizens. What are these threats exactly, and how can the global community act to keep the peace in cyber space?
 
The threat, is real
 
2018 was another active year for hostile cyber operations, to put it mildly.  State-sponsored hacking groups zeroed in on prominent international entities such as the Organization for the Prohibition of Chemical Weapons, alongside other targets like universities and hotel chains. Data exposure schemes kept pace with data breaches. We learned more about the vulnerability of the United States’ electrical grid.
 
While these operations do not constitute the doomsday scenarios that early cyber watchers predicted, they have nonetheless generated an increasingly militarized response from governments and experts, in which it is taken for granted that this is and will continue to be a fighting domain, and the best we can do is establish some rules of the road for damage control. This mentality is reflected in the role that digital technologies now play in some national cyber strategies and military doctrines. For instance, in September 2018 the United States’ new National Cyber Strategy adopted an aggressive stance, promising to "deter and if necessary punish those who use cyber tools for malicious purposes." The U.S., the United Kingdom and Australia have been open about the use of offensive cyber tactics against the Islamic State. Germany has slowly been transitioning to a more offensive approach; other European countries have been open about seeking the same.  
 
The slow drift can also be seen in how and where states are discussing international cyber security. In the United Nations (UN), this is an offshoot of disarmament and arms control bodies. Other multilateral fora tend to bring together individuals with that background as well. Consequently there is frequently an effort to import and apply hard security concepts to this domain—“cyber deterrence” is one example; efforts to fit traditional arms control regime-style solutions are another.
 
Accepting the militarization of cyber space without question further risks adopting frameworks and guidelines that are more permissive of harm to the population than international law allows, pushing the possibility of achieving cyber peace further away.
 
Many responses, any real solutions?
 
Navigating through the volume of policy and normative proposals that exist to guarantee global cyber stability is a bit like trying to line up the colors in a Rubik’s cube: you can see some patterns, but getting all those squares to click into place is a challenge. Below is a non-exhaustive overview.
 
The UN, the world’s largest multilateral negotiating fora, has since 2004 been the home of a Group of Governmental Experts (GGE) on information and communications technologies, or ICTs for short. The early Groups examined existing and potential threats in cyberspace and possible cooperative measures to address them, while more recent ones worked to develop behavioral norms for actions in cyberspace, culminating in eleven norms that were recommended by the Group in 2015 and subsequently adopted by the General Assembly.  
 
This seems to have been a highpoint for the Group however—significant differences over foundational questions such as the applicability of international law and the UN Charter to cyber space prevented agreement on a report in the next round. The geopolitical lines along which countries were divided is nothing new (in general terms, the west versus the rest) yet the extreme degree to which this issue became polarized in 2018 was unexpected, and has resulted in a procedurally conflicted and potentially counterproductive two-track UN approach to one of the most ubiquitous security threats facing the international community today. In 2019, there will be two UN entities concurrently taking work forward on cyber security norms: an open-ended working group that originated from a Russian-led initiative, and a US-inspired GGE. Exactly how these entities will interact remains unknown and the cost and administrative burden of managing both is not insubstantial.
 
Some have noted that deadlock at the UN gives impetus to, and space for, the efforts of other stakeholders. Governments, the tech sector, and other experts have been interacting for years through the Global Commission on the Stability of Cyberspace, which, in November 2018 proposed a set of six norms toward cyber stability. Also in November, France launched its Paris Call for Trust and Security Cyberspace during the Paris Peace Forum. The Paris Call is unique in bringing together endorsements from government, industry, and non-governmental organizations, but so far lacks support of some states, including Russia, China, United States, India, and Brazil.
 
Within the technology sector, Microsoft has framed itself as something of a moral compass in this space, first by publishing its own International Cybersecurity Norms in 2015 and most recently by playing a driving role in the Cyber Tech Accord. The Accord binds together 60 companies to partner on initiatives that improve the security, stability and resilience of cyber space—although some critics argue that implementation has fallen short. Somewhere in between the norms and the Accord, Microsoft’s CEO also called for the development of a Digital Geneva Convention in 2017, building somewhat on the contributions of the International Committee of the Red Cross to the literature on the applicability of international humanitarian law to cyber space.
 
Clearly, from the number of times that I have used the word “norms” in the last several paragraph, both state and non-state actors alike are fans of developing some—or of implementing those that are already agreed. Yet what of something legally binding? That’s even more of a fraught issue, tangled up in geopolitical and ideological divide. Russia has been proposing a UN cyber treaty for well over a decade but has not gained sufficient support from other states, largely because elements of the draft it has put forward could legitimize some of their more nefarious domestic practices in curtailing internet freedom. Any new treaty-based initiative—and support for that does exist— would need to somehow account for this in a way that doesn’t isolate support or spark competition. It would also need to navigate existing regional and bilateral cyber security pacts.
 
Taking a people-centered approach in 2019
 
Perhaps the biggest blind spot in all the above initiatives is the human one. Very little information related to the human impact of cyber operations makes its way into multilateral discussion forums on cyber security and this contributes to institutionalization and taking for granted the broader societal harm of cyber conflict.
 
There is, however, an ever-growing and highly credible evidence base illustrating the negative uses of digital technology in repressing human rights, notably the rights to freedom of expression, speech, assembly, and privacy. This is not a practice limited to just a handful of governments, but one that is practiced in many parts of the world.
 
The human rights dimension of the cyber security agenda is usually separated out from the “international security” agenda, at least in the context of the UN. This is due in part to the structure of the UN itself, but possibly also because it’s politically awkward—some of the countries that are the largest proponents of cyber stability and norm development, for example, are also quietly permitting the export of digital surveillance technologies produced by companies in their jurisdiction. This has been an on-going debate among European Union countries in particular, in which the dual-use nature of digital surveillance technologies has been at times an excuse for not taking a meaningful policy response.  
 
Continuing to factor out human rights and humanitarian impact from inter-governmental discussions about global cyber security makes it easier to think of this domain in purely military and hard security terms. Our experience in banning nuclear weapons and regulating the global arms trade demonstrates that incorporating these perspectives can alter the discourse and generate people-centered responses.  
 
Where to from here?

Like a genie out of the bottle, it’s unlikely that the digital threats will decline in 2019, so to return to the question posed at the beginning of this blog: how can the global community act to keep the peace in cyber space?
 
First, we must stop using the same words, language, and approaches that we apply to traditional disarmament and security issues, and understand cyber space on its own terms: as both a medium in which conflict can occur, as well as a multi-faceted tool to cause disruption and harm offline. Trying to determine what a cyber bomb equates to in the kinetic world is futile; there is no such thing, and this of thinking encourages “round peg in square hole”-type solutions.
 
Yet, we cannot underestimate the vulnerability of digital networks and systems that prop up existing weapons and weapon systems. Nuclear weapons are vulnerable to cyber operation. The systems that enable unmanned aerial vehicles are vulnerable to cyber attacks. This should be further incentive to disarm.
 
Third, it’s frustrating that progress at the UN has been held hostage by power politics. It’s also concerning that two of the world’s largest cyber bullies are at the helm of new efforts. This can, however, be an opportunity for other states to step up and play constructive roles in bridging differences and brokering solutions,—as they’ve started to, along with other stakeholders.
 
Fourth, it will be important to harmonize efforts across the patchwork of responses identified here, in order to avoid redundancy and maximize knowledge and move toward implementation of what has already been agreed. States should establish the strongest norms against malicious operations—and reduce the motivation to pursue aggressive cyber capabilities.
 
Last, we must stop overlooking the human dimension and talking about cyber security in sanitized and faceless terms. Human rights considerations, for example, should be included in all discussions rather than being sidelined in the standard arms control and disarmament forums.


Allison Pytlak is the Programme Manager of Reaching Critical Will, Women’s International League for Peace and Freedom (WILPF)
 
2 Comments
popcorn time ios link
2/22/2019 02:55:57 am

Whenever I read a blog, I trust that it doesnt baffle me as much as this one. That is to say, I realize it was my decision to peruse, yet I really thought youd have something fascinating to state. All I hear is a cluster of whimpering about something that you could fix in the event that you werent excessively bustling searching for consideration.

Reply
Juice Wrld Denim Vest link
5/30/2022 07:09:28 am

Excellent post. Please keep up the great work. You did an amazing job. I really enjoyed reading this blog. I like and appreciate your work. Thank you for Sharing such an amazing article.

Reply

Your comment will be posted after it is approved.


Leave a Reply.

    About

    The "Looking Ahead Blog" features comments concerning short- to medium-term trends related to the arms trade, security assistance, and weapons use. Typically about 500-1000 words, each comment is written by an expert listed on the Forum on the Arms Trade related to topics of each expert's choosing.

    We have a number of special series including: 


    Looking Ahead 2025
    Looking Ahead 2024
    Looking Ahead 2023
    Looking Ahead 2022
    ​Looking Ahead 2021
    Looking Ahead 2020

    Looking Ahead 2019
    Looking Ahead 2018
    First 100 Days (April/May '17)

    Looking Ahead 2017

    Inclusion on the Forum on the Arms Trade expert list does not indicate agreement with or endorsement of the opinions of others. Institutional affiliation is indicated for identification purposes only.

    Archives

    May 2025
    February 2025
    January 2025
    December 2024
    November 2024
    September 2024
    March 2024
    January 2024
    November 2023
    October 2023
    August 2023
    April 2023
    March 2023
    February 2023
    January 2023
    December 2022
    September 2022
    August 2022
    May 2022
    April 2022
    February 2022
    January 2022
    October 2021
    September 2021
    August 2021
    July 2021
    April 2021
    January 2021
    July 2020
    May 2020
    January 2020
    December 2019
    July 2019
    April 2019
    January 2019
    December 2018
    May 2018
    December 2017
    May 2017
    April 2017
    January 2017
    December 2016
    October 2016
    June 2016
    May 2016
    April 2016
    June 2015
    May 2015
    March 2015

    Pdf's

    March 11 (2015)

    Categories

    All
    Adam Isacson
    Africa
    Alejandro Sanchez
    Allison Pytlak
    Amy Nelson
    Anna Stavrianakis
    Arms Sales
    Arms Trade Treaty
    Arms Trafficking
    Aude Fleurant
    Bonnie Docherty
    Brian Castner
    Child Soldiers
    Colby Goodman
    Corruption
    Cyber
    Dan Gettinger
    Danielle Preskitt
    Divestment
    Doug Weir
    Drones
    Emerging Experts
    End-use Monitoring
    Environment
    Erin Hunt
    Europe
    Exploration Of Arms Reduction And Jobs
    Explosive Weapons
    First 100 Days
    Frank Slijper
    Gender
    Global Trade Trends
    Harm To Civilians
    Hector Guerra
    High School Debate '19 20
    High School Debate '19-20
    Humanitarian Disarmament
    Human Rights Due Diligence
    Iain Overton
    Investors
    Jeff Abramson
    Jen Spindel
    Jobs
    John Lindsay Poland
    John Lindsay-Poland
    Jordan Cohen
    Kate Kizer
    Killer Robots
    Landmines/cluster Munitions
    Latin America
    Laura Boillot
    Lode Dewaegheneire
    Looking Ahead 2017
    Looking Ahead 2018
    Looking Ahead 2019
    Looking Ahead 2020
    Looking Ahead 2021
    Looking Ahead 2022
    Looking Ahead 2023
    Looking Ahead 2024
    Looking Ahead 2025
    Maria Pia Devoto
    Martin Butcher
    Matthew Bolton
    Middle East
    Military Expenditures
    Natalie Goldring
    Nicholas Marsh
    Non State Actors
    Paul Holtom
    Rachel Stohl
    Ray Acheson
    Robert Muggah
    Robert Watson
    Roy Isbister
    SALW
    Samuel Perlo Freeman
    Samuel Perlo-Freeman
    Security Assistance
    Seth Binder
    Shannon Dick
    Suicide Bombing
    Summit For Democracy
    Sustainable Development
    Tobias Bock
    Transparency
    Ukraine War
    UN Register
    Victim Assistance
    Wanda Muñoz
    War In Ukraine
    William Hartung
    Wim Zwijnenburg
    Yeshua Moser-Puangsuwan

    RSS Feed

Proudly powered by Weebly