Cyberstability Updates – June 2018

Cyberstability Updates – June 2018

July 10, 2018, Monthly update

Download Publication Download Document

GCSC Updates 

GCSC Issue Brief 2: Briefing and Memos from the Research Advisory Group

The briefing and memos included in this issue were developed by independent researchers working within the GCSC Research Advisory Group. The papers included here were submitted to the Global Commission on the Stability of Cyberspace (GCSC) in order to support its deliberations in Bratislava in May 2018.

Read more

At IETF 102: The Global Commission on the Stability of Cyberspace – Cyber Diplomacy Meets Infosec and Technology

On Tuesday, 17 July, during IETF 102 in Montreal, the Global Commission on the Stability of Cyberspace (GCSC) will host a lunch panel on “Cyber Diplomacy Meets InfoSec and Technology.” During this session, the Commission wants to inform and engage with the IETF community on its work so far and the work that is in the pipeline.
Read more

Global Commission on the Stability of Cyberspace at EURODIG 2018

EURDIG offered a unique opportunity to present the work of the Global Commission on the Stability of Cyberspace (GCSC). GCSC Commissioner Wolfgang Kleinwächter briefed EURODIG participants on the work and progress of the Commission in recent months, including the two norms on protecting the public core of the Internet  and the electoral infrastructure. He also informed about the ongoing discussions on other norms, including how to deal with vulnerabilities in hard- and software and how to promote a holistic approach in global Internet negotiations. EURODIG participants asked questions how the broader public can participate in GCSC discussion and how the proposed norms can be translated into concrete commitments for state and non-state actors.
Read more

Sign up to the weekly newsletter!

Want to receive these updates on a weekly basis? Sign up here to receive our weekly newsletter on the work of the Global Commission on the Stability of Cyberspace (GCSC), its members and developments in the field of international cyber policy.

The GCSC in the News 

From Westworld to Best World for the Internet of Things

The op-ed by the GCSC Commissioner Jonathan Zittrain was published on 3rd June 2018 in The New York Times

Last month the F.B.I. issued an urgent warning: Everyone with home internet routers should reboot them to shed them of malware from “foreign cyberactors.”
Putting aside the strangeness that for once power-cycling a device could perform an effective exorcism upon it, the episode reveals more than just the potential for disruption of internet access for people using equipment they never expect to have to physically manage. It also underscores how unprepared we are to manage downstream-networked devices and appliances — the “internet of things” — that are vulnerable to attack.
Read more

NATO’s Most Urgent Pledge Isn’t 2%-of-GDP. It’s Better Cyber Defense

The op-ed by the GCSC Special Advison Amb. Sorin Ducaru was published on 4th June 2018 in the Defense One

It’s no surprise that NATO Secretary General Jens Stoltenberg and U.S. President Donald Trump spent much of their recent White House meeting talking about boosting alliance members’ spending; that’s been a focus of Trump’s since the campaign trail, and a target of NATO members since 2014. But it’s not the only, nor the most recent and urgent of the alliance’s pledges. That would be the two-year-old Cyber Defense Pledge.

Read more

Q&A With Marina Kaljurand on the Future of Cyberspace

The interview with the GCSC Chair Monica M. Ruiz, was published on 14th June 2018 by the Hewlett Foundation

The debate on international peace and security issues in cyberspace is at a critical juncture. The issues we’re deliberating today will probably decide what happens in the next decade, at least, of international cybersecurity, and also how individuals experience cyberspace’s most important infrastructure, the internet. After the failure of the UN Group of Governmental Experts (GGE) to reach a consensus report in 2017, governments took some “cooling-off time” to evaluate the present situation and to consider the way forward. There are several ideas being discussed at both the global and regional levels.

Read more

Palo Alto Networks Adds Distinguished Former Government Cyber Leaders as Advisers

The article featuring the GCSC Commissioner Christopher Painter was published on 14th June 2018 in CISION

Retired National Security Agency Deputy Director Richard H. Ledgett and Christopher Painter, the U.S. Department of State’s former top cybersecurity official, have joined the Palo Alto Networks Public Sector Advisory Council to advise the company on the security and technical challenges facing the world’s governments and advance the company’s cybersecurity strategy.

Read more

IFSEC Global influencers 2018: Cybersecurity

The article by Adam Bannister, mentioning the GCSC Commissioner Abdul-Hakeem Ajijola, was published on 15th June 2018 in IFSEC Global

After consultation with a panel of highly respected judges, we’re delighted to reveal the IFSEC Global influencers 2018 – cybersecurity category.

Read more

EURODIG Tbilisi 2018: Positioning in the New Complexity of the Global Internet Governance Ecosystem

The op-ed by the GCSC Commissioner Wolfgang Kleinwächter was published on 18th June 2018 in CircleID

In cyberspace, Europe risks becoming sandwiched between US and Chinese Cyberpower policies. Social networks, search engines, smartphones, eTrade platforms — key sectors of today’s digital economy — are dominated both by the US and Chinese giants: Alibaba and Amazon, Google and Baidu, Facebook and Weibo, Apple and Huawai. And it is also clear, that the 2020s global political agenda will be determined by issues like cyberwar and digital trade where the United States of America and the Peoples Republic of China will be the main competitors. Insofar EURODIG was a good opportunity to discuss the role of Europe in this forthcoming very complex cyber powerplay.
Read more

U.S. Cyber Policy, Beyond Ones and Zeros

The article by Gavin Wilde was published on 18th June 2018 in International Policy Digest

In several key aspects, the “information space” can exercise more organic sovereignty than the U.S. or Russia could impose upon it. Professor Joseph Nye of Harvard—a preeminent international relations theorist and former U.S. Assistant Secretary of Defense—proclaimed in 2011 that “states will remain the dominant actor on the world stage, but they will find [it] far more crowded and difficult to control.”

Read more

Bipartisan Report Warns against Future Democracy Interference

The article by Sophie Tatum, mentioning the GCSC Co-Chair Michael Chertoff, was published on 26th June 2018 in ABC News

The report is set to be announced at an event Tuesday with Minnesota’s Democratic Sen. Amy Klobuchar, former Homeland Security Secretary Michael Chertoff and former acting CIA Director Michael Morell, according to a press release.

Read more

Peace and security in cyberspace

The op-ed by the GCSC Commissioner Virgilio Almeida was published on 26th June 2018 in Valor

At a recent ceremony at the University of Lisbon, the Secretary-General of the United Nations (UN), António Guterres, emphasized the need for global action to minimize the risk of cyber war for civilians. In his speech, he said: “Episodes of cyber warfare between states already exist. The worst is that there no is regulatory scheme for this type of war and it is not clear how the Geneva Convention or international humanitarian law applies to it”. And the secretary general went even further by saying: “I am absolutely convinced that, unlike the great battles of the past, with barrage of artillery or aerial bombardment, the next war will begin with a massive cyber attack to destroy the military capacity … and to paralyze basic infrastructures like electrical networks “.

Read more

FIRST Security conference opens in Malaysia with a record attendance

The article featuring the GCSC Commissioner Christopher Painter was published on 27th June 2018 in Digital News Asia

“A lot of times you know when governments are communicating with each other we have to go through all these channels and one of the things that FIRST allows is a lot of informal communication very quickly with respect to incidents,” clarified Christopher Painter, Global Commission on the Stability of Cyberspace Commissioner, and formerly with the US State Department.

Read more

Arms Races to the Bottom

The op-ed by Bruce E. Cain and the GCSC Commissioner Frederick Douzet was published on 27th June 2018 in The American Interest

Even if President Trump is ultimately successful on the Korean front, there are many reasons to worry about the wisdom of developing cyber tools as offensive weapons. Not the least of which is that the cyber and nuclear threats are sometimes linked.

Read more

Six years on from the official launch, just how secure is IPv6?

The article by David Winder was published in June 2018 inSC Media

Internet Society Chief Internet Technology Officer, Olaf Kolkman says that IPv6 is “increasingly seen as a competitive advantage, a market differentiator and an essential tool for forward-looking Internet applications and service providers of all kinds.” But the question for enterprise security teams remains, just how secure is IPv6?

Read more

Spare the costs, spoil the bad state actor: Deterrence in cyberspace requires consequences

The op-ed by the GCSC Commissioner Christopher Painter was published in June 2018 byASPI

Some of them have been used in the past to varying degrees and with varying levels of effectiveness but not in a consistent and strategic way. Some, like kinetic responses, are highly unlikely to be used unless a cyber event causes death and physical injury similarly to a physical attack. Others admittedly take a while to develop and deploy, but we have to have the political willingness to use them decisively in the appropriate circumstances and in a timely manner.
Read more

Diplomacy in Cyberspace

The op-ed by by the GCSC Commissioner Christopher Painter was published in June in the Foreign Service Journal

The need for U.S. diplomacy, working in conjunction with other instruments of national power, is clear. Because cyberspace threats are almost always international, as is the technology itself, an unprecedented level of international coordination, engagement and cooperation is required both to counter threats and to embrace and drive the economic and social opportunities that cyberspace offers. This diplomatic effort must also be cross-cutting because security, economic and human rights issues in cyberspace are often interdependent.
Read more

International Cyber Affairs 

OPINION: It’s Time to Move Past Outdated Notions of Cyberspace and Cybersecurity

The article by Robert Potter was published on 29th June 2018 in the News Lens

We could then have further significant debates: Who has the power to categorize and police this behavior? What level of media ownership by other states is acceptable? These debates will eventually distil into effective, international norms. But until malicious activity can be reliably identified without undercutting them, those norms are unlikely to progress.
Read more

Is cyberwar politics by other means?

The article by Robert Potter was published on 27th June 2018 in the Asia and the Pacific Policy Society

Australia maintains the traditional view of a common Internet. While this norm remains highly praiseworthy, it does not capture the reality of contemporary influence operations.
Read more

Washington Needs a New Solarium Project To Counter Cyberthreats

This article, written by Peter Feaver and Will Inboden, was published on 26th June 2018 in Foreign Policy

Sometimes the most significant legislative measures get the least attention at the time of passage. That may be the case with the Cyberspace Solarium Commission mentioned in the National Defense Authorization Act that was passed on June 18 by the U.S. Senate. Tucked into the bill crafted and sponsored by Sen. Ben Sasse (R-Neb.), the commission may not garner many headlines, but it could galvanize a strategic paradigm shift.

Read More

Senate panel moves to restore State cyber office

The article by Olivia Beavers was published on 26th June 2018 in The Hill

The committee also passed a version that removed a House section that would’ve required President Trump’s cyber policy to clarify “the applicability of international laws and norms, including the law of armed conflict” as it relates to cyber.
Read more

Private-Sector Initiatives for Cyber Norms: A Summary
The article referring to the GCSC was published on 25th June 2018 in Lawfare

In good news, where the Group of Experts failed, others are trying to fill in the gaps. Since last summer, proposals for new norms of responsible behavior in cyberspace have sprung from many corners. States continue to make bilateral agreements; China has been particularly active in this practice. But, Tim Maurer has noted, the proposals that are best suited to help shape global governance have come from corporations and civil society groups, not states.

Read more

Trade Tensions With Allies Not Affecting Cyber, Top Diplomat Says

The article by Joseph Marks was published on 18th June 2018 in the Nextgov

During the Obama administration, officials won broad international endorsements for a slate of norms, including that nations would not cyberattack each other’s critical infrastructure or cyber emergency responders and would cooperate with other nations’ cyber law enforcement investigations.
Read more

Not The Cyber Deterrence the United States Wants

The article by Adam Segal was published on 11th June 2018 in the Council on Foreign Relations

Some experts argue deterrence is difficult, if not impossible. In the canonical book on the topic, Cyberdeterrence and Cyberwar, Martin Libicki noted nearly a decade ago that “attribution, predictable response, the ability to continue attack, and the lack of a counterforce option are all significant barriers.” Others, like Richard Harknett and Michael Fischerkeller contend that since adversary cyber forces are actively contending with one another, “if the United States is to shape the development of international cyberspace norms, it can do so only through active cyber operations.” Michael Sulmeyer more recently agreed, writing that deterrence is the wrong strategy entirely and the United States should not “change the calculations of adversaries” but rather “focus on disrupting their capabilities.”
Read more

SCO’s Qingdao Declaration: India refuses to endorse Xi Jinping’s OBOR as part of statement; full text

The SCO’s Qingdao Declaration was published on 11th June 2018 in the FirstPost

The Member States call on the international community to put more effort into creating a peaceful, secure, open and structured information space based on cooperation. They emphasise the central role of the UN in developing universal international rules and principles as well as norms for countries’ responsible behaviour in the information space and advocate the establishment of a working mechanism within the framework of the UN based on a just geographical distribution in order to develop standards, rules or principles for countries’ responsible behaviour in the information space and to formalise them by adopting the corresponding UN General Assembly resolution.

Read more

Three Measures That Could Pave the Way to Building Successful Cyber Norms

The article by Adam Segal was published on 6th June 2018 in the Council on Foreign Relations

Against the background of seemingly ceaselessly proliferating cybersecurity incidents, debates about the need for international norms regulating malicious code capable of jeopardising economic, social and potentially human systems have gained increasing traction over the past few years. However, consensus on how to regulate cyberweapons appears hard to come by.
Read more

Why Cyber Norms are Dumb and Serve Russian Interests

The article by James van de Velde was published on 6th June 2018 in The Cipher Brief

The United States risks falling behind some adversaries in a new era of ‘Mutually Assurance Disruption.’ If we don’t move to a relationship that is indeed mutually threatening (and thus mutually restraining), we may very well create the very instability we want to avoid. It would be akin to thinking that in order to deter nuclear war with the former Soviet Union, the United States should pledge to never build nuclear weapons.
Read more

Cybersecurity: Defending the digital wall

The article was published on 4th June 2018 in The Parliament

UK S&D group deputy Clare Moody said her group’s priorities on cyber defence were clear: “Better cooperation at European level, particularly given the development of the DSM.”

But, she stressed, “To do this effectively we also need to work cooperatively with our allies such as Nato and other countries who, like us, are keen to see the application of international law and norms in cyberspace to protect us.”
Read more