BRIEFINGS FROM THE RESEARCH ADVISORY GROUP BRIEFINGS TO THE GLOBAL COMMISSION ON THE STABILITY OF CYBERSPACE FOR THE FULL COMMISSION MEETING, NEW DELHI 2017 New Delhi, November 2017 GCSC ISSUE BRIEF №1 PROMOTING STABILITY IN CYBERSPACE TO BUILD PEACE AND PROSPERITY The Global Commission on the Stability of Cyberspace (GCSC) engages the full range of stakeholders to develop proposals for norms and policies to enhance the international security and stability of cyberspace. @theGCSC www.cyberstability.org [email protected] [email protected] The GCSC does not specifically endorse the respective publications, nor does it necessarily ascribe to the findings or conclusions. All comments on the content of the publications should be directed to the respective authors. Copyright © 2018. Published by The Hague Centre for Strategic Studies. The opinions expressed in this publication are those solely of the authors and do not reflect the views of the Global Commission on the Stability of Cyberspace (GCSC), its partners, or The Hague Centre for Strategic Studies. This work was carried out with the aid of a grant from GCSC partners: the Ministry of Foreign Affairs of the Netherlands, Cyber Security Agency of Singapore, Microsoft, ISOC, Ministry of Foreign Affairs of France. The views expressed herein do not necessarily represent those of the partners. The intellectual property rights remain with the authors. This work is licensed under a Creative Commons Attribution – Non- commercial – No Derivatives License. To view this licence, visit (www.creativecommons.org/licenses/by-ncnd/3.0). For re-use or distribution, please include this copyright notice. ABOUT THE GLOBAL COMMISSION ABOUT THE BRIEFINGS ON THE STABILITY OF CYBERSPACE The Global Commission on the Stability of The briefings and memos included in this issue were Cyberspace (GCSC) helps to develop norms and developed by independent researchers working within policies that advance the international security and the GCSC Research Advisory Group. The papers stability of cyberspace. It promotes mutual included here were submitted to the Global awareness and understanding among the various Commission on the Stability of Cyberspace (GCSC) in cyberspace communities working on issues related to order to support its deliberations. international cybersecurity. By finding ways to link the The opinions expressed in the publications are those various intergovernmental dialogues on international solely of the authors and do not necessarily reflect security with the new communities created by the views of the GCSC, its partners, or The Hague cyberspace, the GCSC fulfils a critical need: Centre for Strategic Studies. The Commission does supporting policy and norms coherence related to the not specifically endorse the respective publications, security and stability in and of cyberspace by applying nor does it necessarily ascribe to the findings or a multi-stakeholder approach to its deliberations on conclusions. All comments on the content of the peace and security. publications should be directed to the respective Chaired by Marina Kaljurand, and Co-Chairs Michael authors. Chertoff and Latha Reddy, the Commission The research was commissioned by the GCSC in a comprises 26 prominent Commissioners representing Request for Proposal after its Commission Meeting in a wide range of geographic regions as well as Tallinn in June 2017. The Commissioners selected government, industry, technical and civil society the winning proposals at the Commission Meeting in stakeholders with legitimacy to speak on different Las Vegas in July 2017. The researchers received the aspects of cyberspace. funding associated with the Request for Proposal and The GCSC Secretariat is provided by The Hague were invited to present their work to the Centre for Strategic Studies and supported by the Commissioners during the Commission Meeting in EastWest Institute. New Delhi in November 2017. GCSC ISSUE BRIEF 4 TABLE OF CONTENTS BRIEFING 1 6 Overview of Cyber Diplomatic Initiatives Alex Grigsby BRIEFING 2 39 An Analytical Review and Comparison of Operative Measures Included in Cyber Diplomatic Initiatives Deborah Housen Couriel MEMO 1 75 Protecting the Public Core of the Internet Joanna Kulesza and Rolf H. Weber BRIEFING 3 99 Protecting the Core Oluwafemi Osho, Joseph A. Ojeniyi and Shafi’l M. Abdulhamid BRIEFING 4 127 Mapping National and Transnational Critical Information Infrastructures Analía Aspis MEMO 2 161 Countering the Proliferation of Offensive Cyber Capabilities Robert Morgus, Max Smeets and Trey Herr MEMO 3 188 What Makes Them Tick: Evaluating Norms on Cyber stability Arun Mohan Sukumar, Madhulika Srikumar and Bedavyasa Mohanty OVERVIEW OF CYBER DIPLOMATIC INITIATIVES Alex Grigsby, assistant director of the Digital and Cyberspace Policy program at the Council on Foreign Relations BRIEFING №1 GCSC ISSUE BRIEF 6 TABLE OF CONTENTS INTRODUCTION 9 SECTION 1: THE STATED INTERESTS OF MAJOR STATES ACTIVE IN THE CYBER NORMS DEBATE 11 1.1 Russia 11 1.2 United States 12 1.3 The United Kingdom 13 1.4 China 13 1.5 France 14 1.6 The European Union 15 1.7 India 15 1.8 Analysis 16 SECTION 2: ASSESSMENT OF MULTILTERAL INITIATIVES 17 2.1. The United Nations 17 2.2 ORGANIZATION FOR SECURITY AND COOPERATION IN EUROPE 18 2.3 ASEAN Regional Forum 19 2.4 Shanghai Cooperation Organization 19 2.5 BRICS 20 2.6 NATO 21 2.7 Group of 20 21 2.8 Group of 8, then 7 21 2.9 Organization of American States 22 2.10 Analysis 23 SECTION 3: ASSESSMENT OF BILATERAL DIALOGUES AND INITIATIVES 24 3.1 The U.S. – Russia dialogue 24 3.2 The U.S. – China dialogue 25 GCSC ISSUE BRIEF 7 3.3 Russia-China, Russia-India, and Russia-South Africa agreements 25 3.4 The U.S. – India framework 26 SECTION 4: NON-STATE PROPOSALS 27 4.1 Creating an attribution organisation 27 4.2 Microsoft’s norms and the Digital Geneva Convention 27 4.3 Tallinn Manual 28 4.5 Proposed norm against undermining the global financial system 29 CONCLUSION 30 ANNEXES 31 Figure 1 -- Assumptions, threats and solutions explicitly in states’ cyber-related strategies 31 Figure 2 -- Stability-improving measures referenced in multilateral initiatives 33 GCSC ISSUE BRIEF 8 INTRODUCTION Cyberspace poses at least five unique challenges to maintaining international peace and security: 1. It is hard to attribute an attack to an actor, and when attribution is possible, it often occurs too slowly for leaders under pressure to “do something;”1 2. Determining the intent of a cyber operation is difficult—the same methods used for routine espionage can also be used for offensive activity;2 3. The use of proxies allows their sponsors to obfuscate the attribution process, but also raises questions as to the effective control that a sponsoring state has over its proxies;3 4. Given that cyber operations can be hard to detect, adversaries believe they can gain an advantage by attacking first, heightening the risk of a crisis; 5. The costs of entry are fairly low—even small states can buy commercially-available cyber tools to infiltrate sensitive networks.4 These challenges make it more likely that two or more rival states misinterpret cyber operations directed at them, and in the fog of cyberspace, take escalatory measures to protect themselves. In successive UN reports, states have recognized that their online activities has the potential to trigger offline conflicts and that they have a common interest in improving the stability of cyberspace. What stability looks like and how it is achieved is, however, a major point of contention. Some states accept that they and their peers will continue to use cyberspace as a vehicle to pursue their interests, and seek to implement rules to make state activity predictable to decrease the risk of conflict. Others argue that stability is best achieved if states refrain or are prohibited from undertaking cyber operations in the first place. Despite this disagreement, there is broad consensus that three types of activity help promote cyber stability: norms, both legal and voluntary, that clearly set out what states can and cannot do online; confidence building measures (CBMs) that aim to enhance states’ understanding of their rivals actions’ online; and capacity building to improve the ability of states to address cybersecurity incidents as well as abide by norms and participate in CBMs. This briefing provides an overview of the diplomatic efforts and initiatives to improve the stability of cyberspace. Section one examines the interests and measures proposed by states. Section two examines multilateral initiatives. Section three examines the states’ bilateral efforts. Section four examines the initiatives put forth by non-government actors. It concludes with suggestions for possible future stability measures. 1 “The Problems with Seeking and Avoiding True Attribution to Cyber Attacks,” RobertMLee.org, last modified March 4, 2016, http://www.robertmlee.org/the-problems-with-seeking-and-avoiding-true-attribution-to-cyber-attacks/; Tobias Feakin, “Developing a Proportionate Response to a Cyber Incident,” The Council on Foreign Relations, last modified August 24, 2015, https://www.cfr.org/report/developing-proportionate-response-cyber-incident. 2 Ben Buchanan, Hacking, Trust, and Fear between Nations, New York: Oxford University Press, 2016. 3 Tim Maurer, “’Proxies in Cyberspace,” Journal of Conflict & Security Law 21 no. 3 (2016): 383–403, http://carnegieendowment.org/files/JConflictSecurityLaw-2016-Maurer-383-403.pdf. 4 Nick Carr, “Cyber Espionage is Alive and Well: APT32 and the Threat to Global Corporations,” FireEye Blogs, May 14, 2017, https://www.fireeye.com/blog/threat-research/2017/05/cyber-espionage-apt32.html. 9 OVERVIEW OF CYBER DIPLOMATIC INITIATIVES Throughout this briefing, the term “offensive cyber operation” will refer to actions taken through cyberspace with the purpose of disrupting, degrading, or destroying a computer or networked system. The term “cyber operations” will refer to both offensive cyber operations and cyber espionage. The use of the term “cyber tools” refers to software and techniques that enable states to conduct their cyber operations.
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages207 Page
-
File Size-