Cyberstability Updates – June 2018
The briefing and memos included in this issue were developed by independent researchers working within the GCSC Research Advisory Group. The papers included here were submitted to the Global Commission on the Stability of Cyberspace (GCSC) in order to support its deliberations in Bratislava in May 2018.
On Tuesday, 17 July, during IETF 102 in Montreal, the Global Commission on the Stability of Cyberspace (GCSC) will host a lunch panel on “Cyber Diplomacy Meets InfoSec and Technology.” During this session, the Commission wants to inform and engage with the IETF community on its work so far and the work that is in the pipeline.
EURDIG offered a unique opportunity to present the work of the Global Commission on the Stability of Cyberspace (GCSC). GCSC Commissioner Wolfgang Kleinwächter briefed EURODIG participants on the work and progress of the Commission in recent months, including the two norms on protecting the public core of the Internet and the electoral infrastructure. He also informed about the ongoing discussions on other norms, including how to deal with vulnerabilities in hard- and software and how to promote a holistic approach in global Internet negotiations. EURODIG participants asked questions how the broader public can participate in GCSC discussion and how the proposed norms can be translated into concrete commitments for state and non-state actors.
Sign up to the weekly newsletter!
Want to receive these updates on a weekly basis? Sign up here to receive our weekly newsletter on the work of the Global Commission on the Stability of Cyberspace (GCSC), its members and developments in the field of international cyber policy.
The GCSC in the News
The op-ed by the GCSC Commissioner Jonathan Zittrain was published on 3rd June 2018 in The New York Times
Last month the F.B.I. issued an urgent warning: Everyone with home internet routers should reboot them to shed them of malware from “foreign cyberactors.”
Putting aside the strangeness that for once power-cycling a device could perform an effective exorcism upon it, the episode reveals more than just the potential for disruption of internet access for people using equipment they never expect to have to physically manage. It also underscores how unprepared we are to manage downstream-networked devices and appliances — the “internet of things” — that are vulnerable to attack.
The op-ed by the GCSC Special Advison Amb. Sorin Ducaru was published on 4th June 2018 in the Defense One
It’s no surprise that NATO Secretary General Jens Stoltenberg and U.S. President Donald Trump spent much of their recent White House meeting talking about boosting alliance members’ spending; that’s been a focus of Trump’s since the campaign trail, and a target of NATO members since 2014. But it’s not the only, nor the most recent and urgent of the alliance’s pledges. That would be the two-year-old Cyber Defense Pledge.
The interview with the GCSC Chair Monica M. Ruiz, was published on 14th June 2018 by the Hewlett Foundation
The debate on international peace and security issues in cyberspace is at a critical juncture. The issues we’re deliberating today will probably decide what happens in the next decade, at least, of international cybersecurity, and also how individuals experience cyberspace’s most important infrastructure, the internet. After the failure of the UN Group of Governmental Experts (GGE) to reach a consensus report in 2017, governments took some “cooling-off time” to evaluate the present situation and to consider the way forward. There are several ideas being discussed at both the global and regional levels.
Retired National Security Agency Deputy Director Richard H. Ledgett and Christopher Painter, the U.S. Department of State’s former top cybersecurity official, have joined the Palo Alto Networks Public Sector Advisory Council to advise the company on the security and technical challenges facing the world’s governments and advance the company’s cybersecurity strategy.
After consultation with a panel of highly respected judges, we’re delighted to reveal the IFSEC Global influencers 2018 – cybersecurity category.
The op-ed by the GCSC Commissioner Wolfgang Kleinwächter was published on 18th June 2018 in CircleID
In cyberspace, Europe risks becoming sandwiched between US and Chinese Cyberpower policies. Social networks, search engines, smartphones, eTrade platforms — key sectors of today’s digital economy — are dominated both by the US and Chinese giants: Alibaba and Amazon, Google and Baidu, Facebook and Weibo, Apple and Huawai. And it is also clear, that the 2020s global political agenda will be determined by issues like cyberwar and digital trade where the United States of America and the Peoples Republic of China will be the main competitors. Insofar EURODIG was a good opportunity to discuss the role of Europe in this forthcoming very complex cyber powerplay.
The article by Gavin Wilde was published on 18th June 2018 in International Policy Digest
In several key aspects, the “information space” can exercise more organic sovereignty than the U.S. or Russia could impose upon it. Professor Joseph Nye of Harvard—a preeminent international relations theorist and former U.S. Assistant Secretary of Defense—proclaimed in 2011 that “states will remain the dominant actor on the world stage, but they will find [it] far more crowded and difficult to control.”
The article by Sophie Tatum, mentioning the GCSC Co-Chair Michael Chertoff, was published on 26th June 2018 in ABC News
The report is set to be announced at an event Tuesday with Minnesota’s Democratic Sen. Amy Klobuchar, former Homeland Security Secretary Michael Chertoff and former acting CIA Director Michael Morell, according to a press release.
The op-ed by the GCSC Commissioner Virgilio Almeida was published on 26th June 2018 in Valor
At a recent ceremony at the University of Lisbon, the Secretary-General of the United Nations (UN), António Guterres, emphasized the need for global action to minimize the risk of cyber war for civilians. In his speech, he said: “Episodes of cyber warfare between states already exist. The worst is that there no is regulatory scheme for this type of war and it is not clear how the Geneva Convention or international humanitarian law applies to it”. And the secretary general went even further by saying: “I am absolutely convinced that, unlike the great battles of the past, with barrage of artillery or aerial bombardment, the next war will begin with a massive cyber attack to destroy the military capacity … and to paralyze basic infrastructures like electrical networks “.
The article featuring the GCSC Commissioner Christopher Painter was published on 27th June 2018 in Digital News Asia
“A lot of times you know when governments are communicating with each other we have to go through all these channels and one of the things that FIRST allows is a lot of informal communication very quickly with respect to incidents,” clarified Christopher Painter, Global Commission on the Stability of Cyberspace Commissioner, and formerly with the US State Department.
The op-ed by Bruce E. Cain and the GCSC Commissioner Frederick Douzet was published on 27th June 2018 in The American Interest
Even if President Trump is ultimately successful on the Korean front, there are many reasons to worry about the wisdom of developing cyber tools as offensive weapons. Not the least of which is that the cyber and nuclear threats are sometimes linked.
The article by David Winder was published in June 2018 inSC Media
Internet Society Chief Internet Technology Officer, Olaf Kolkman says that IPv6 is “increasingly seen as a competitive advantage, a market differentiator and an essential tool for forward-looking Internet applications and service providers of all kinds.” But the question for enterprise security teams remains, just how secure is IPv6?
Some of them have been used in the past to varying degrees and with varying levels of effectiveness but not in a consistent and strategic way. Some, like kinetic responses, are highly unlikely to be used unless a cyber event causes death and physical injury similarly to a physical attack. Others admittedly take a while to develop and deploy, but we have to have the political willingness to use them decisively in the appropriate circumstances and in a timely manner.
The op-ed by by the GCSC Commissioner Christopher Painter was published in June in the Foreign Service Journal
The need for U.S. diplomacy, working in conjunction with other instruments of national power, is clear. Because cyberspace threats are almost always international, as is the technology itself, an unprecedented level of international coordination, engagement and cooperation is required both to counter threats and to embrace and drive the economic and social opportunities that cyberspace offers. This diplomatic effort must also be cross-cutting because security, economic and human rights issues in cyberspace are often interdependent.
International Cyber Affairs
The article by Robert Potter was published on 29th June 2018 in the News Lens
We could then have further significant debates: Who has the power to categorize and police this behavior? What level of media ownership by other states is acceptable? These debates will eventually distil into effective, international norms. But until malicious activity can be reliably identified without undercutting them, those norms are unlikely to progress.
The article by Robert Potter was published on 27th June 2018 in the Asia and the Pacific Policy Society
Australia maintains the traditional view of a common Internet. While this norm remains highly praiseworthy, it does not capture the reality of contemporary influence operations.
This article, written by Peter Feaver and Will Inboden, was published on 26th June 2018 in Foreign Policy
Sometimes the most significant legislative measures get the least attention at the time of passage. That may be the case with the Cyberspace Solarium Commission mentioned in the National Defense Authorization Act that was passed on June 18 by the U.S. Senate. Tucked into the bill crafted and sponsored by Sen. Ben Sasse (R-Neb.), the commission may not garner many headlines, but it could galvanize a strategic paradigm shift.
The article by Olivia Beavers was published on 26th June 2018 in The Hill
The committee also passed a version that removed a House section that would’ve required President Trump’s cyber policy to clarify “the applicability of international laws and norms, including the law of armed conflict” as it relates to cyber.
Private-Sector Initiatives for Cyber Norms: A Summary
The article referring to the GCSC was published on 25th June 2018 in Lawfare
In good news, where the Group of Experts failed, others are trying to fill in the gaps. Since last summer, proposals for new norms of responsible behavior in cyberspace have sprung from many corners. States continue to make bilateral agreements; China has been particularly active in this practice. But, Tim Maurer has noted, the proposals that are best suited to help shape global governance have come from corporations and civil society groups, not states.
The article by Joseph Marks was published on 18th June 2018 in the Nextgov
During the Obama administration, officials won broad international endorsements for a slate of norms, including that nations would not cyberattack each other’s critical infrastructure or cyber emergency responders and would cooperate with other nations’ cyber law enforcement investigations.
The article by Adam Segal was published on 11th June 2018 in the Council on Foreign Relations
Some experts argue deterrence is difficult, if not impossible. In the canonical book on the topic, Cyberdeterrence and Cyberwar, Martin Libicki noted nearly a decade ago that “attribution, predictable response, the ability to continue attack, and the lack of a counterforce option are all significant barriers.” Others, like Richard Harknett and Michael Fischerkeller contend that since adversary cyber forces are actively contending with one another, “if the United States is to shape the development of international cyberspace norms, it can do so only through active cyber operations.” Michael Sulmeyer more recently agreed, writing that deterrence is the wrong strategy entirely and the United States should not “change the calculations of adversaries” but rather “focus on disrupting their capabilities.”
The SCO’s Qingdao Declaration was published on 11th June 2018 in the FirstPost
The Member States call on the international community to put more effort into creating a peaceful, secure, open and structured information space based on cooperation. They emphasise the central role of the UN in developing universal international rules and principles as well as norms for countries’ responsible behaviour in the information space and advocate the establishment of a working mechanism within the framework of the UN based on a just geographical distribution in order to develop standards, rules or principles for countries’ responsible behaviour in the information space and to formalise them by adopting the corresponding UN General Assembly resolution.
The article by Adam Segal was published on 6th June 2018 in the Council on Foreign Relations
Against the background of seemingly ceaselessly proliferating cybersecurity incidents, debates about the need for international norms regulating malicious code capable of jeopardising economic, social and potentially human systems have gained increasing traction over the past few years. However, consensus on how to regulate cyberweapons appears hard to come by.
The article by James van de Velde was published on 6th June 2018 in The Cipher Brief
The United States risks falling behind some adversaries in a new era of ‘Mutually Assurance Disruption.’ If we don’t move to a relationship that is indeed mutually threatening (and thus mutually restraining), we may very well create the very instability we want to avoid. It would be akin to thinking that in order to deter nuclear war with the former Soviet Union, the United States should pledge to never build nuclear weapons.
The article was published on 4th June 2018 in The Parliament
UK S&D group deputy Clare Moody said her group’s priorities on cyber defence were clear: “Better cooperation at European level, particularly given the development of the DSM.”
But, she stressed, “To do this effectively we also need to work cooperatively with our allies such as Nato and other countries who, like us, are keen to see the application of international law and norms in cyberspace to protect us.”