November 25, 2019, Commission in the News

Download Publication Download Document

The original article by Wolfgang Kleinwächter was published by the Frankfurter Allgemeine on 22 November 2019

(Translated with Google Translate)

Attacks on the Net are commonplace, the international community must do something about it: pleading for a collective standard to strengthen security, trust and digital cooperation. A guest contribution.

The invention of the Internet fifty years ago led to great astonishment. Borders of time and space disappeared, dreams of a net democracy and a new digital economy were born. Today, it is more about negative effects on democracy and – about war and peace. Largely unnoticed by the general public, a state arms race has unfolded in cyberspace that can bring the world to the brink of disaster.

Around thirty states now have offensive cyber weapons. The smoldering conflict in the Gulf region is a test field of the cyberwar. Drones perform attack operations. Viruses and DDOS attacks paralyze computerized control systems of national infrastructures. What was once science fiction is part of modern warfare. The Chinese People’s Liberation Army has its own Cyber troops, Russia maintains troll factories. In the United States, the NSA’s Cyber ​​Command is also responsible for offensive operations, such as the attack on the troll factory in St. Petersburg during the 2018 American congressional elections. NATO cites “Cyber” as a “5th Dimension”, in addition to land, air, sea and space. Iran, North Korea and Israel are part of the cyber race. The militarization of the Internet is under way.

The Target of the Attacks: Chaos and Confusion

Attacks in cyberspace differ significantly from the wars we know and have defined in international law. There is neither a definition of cyberwar nor cyberweapons. Is the placement of malware in a nuclear power plant a use of force within the meaning of Article 2.4 of the UN Charter? And if so, does such a cyber attack legitimize the right to self-defense, the so-called “hack back”, as enshrined in Article 51? While it is easy to identify an incoming aircraft, a computer worm often does not know where it comes from.

The goal of an offensive cyberattack, unlike a bombing, is not death and destruction, but chaos and confusion. The damage that can be inflicted on an opponent by the temporary shutdown of the power supply is out of all proportion to the bombardment of a neighborhood. The attack with malicious software like WannaCry on the data center of an airport or hospital can not be compared to a tank attack. The consequences are nevertheless disastrous. What can one do against such a threat? The “Global Commission on the Stability of Cyberspace”, which was founded in 2017 at the Munich Security Conference, has now presented its final report to the Paris Peace Forum initiated by French President Emanuel Macron.

Eight Norms for Cybersecurity

Ensuring world peace in cyberspace should not be left to governments, says the Commission. International standards are necessary for both states and non-state actors. The Commission, headed by former politicians such as Marina Kaljurand, former Foreign Minister of Estonia, Latha Reddy, former Deputy National Security Advisor to the Indian Prime Minister, and Michael Chertoff, former US Secretary of Homeland Security under President George W. Bush, and including experts from business, the science and technology communities and civil society, proposes a total of eight norms, which as a whole constitute the framework necessary to keep cyberspace stable and peaceful.

Out of the eight norms, those that protect the public core of the Internet stand out. An attack on critical Internet infrastructure, including servers, the domain system, IP addresses, Internet protocols, cables, and satellites, could be devastating. The mysterious “Sea Turtle” attack of January 2019 on the root server in Sweden with previously hijacked Lebanon (.lb) and United Arab Emirates (.ue) country domains has exposed the vulnerability of the network to billions of Internet users for its daily functioning of course. The guesswork of who is behind this attack continues. Actually, no government can have an interest in a malfunction of the Internet, as it harms everyone equally: Americans as well as Russians or Chinese.

Protection of the Public Core

If you want to bring more stability into cyberspace, so the Commission, you have to start where there are common interests. The Internet Public Core Norm is designed to ban any attack on core components of the Internet, whether they are carried out by governments or non-state actors. This standard certainly has the potential for a stand-alone treaty, and the negotiation of such an agreement, which requires the involvement of non-state actors, could also be the starting point of a new generation of international treaties, embedded in the multi-stakeholder governance model for the Internet.

Politically, a contract to protect the public core of the Internet would be comparable to the Briand-Kellogg Pact of 1928. This treaty of war was used after 1945 to legally condemn the war crimes of Germany and Japan. A cyberwar can not be won, a delegate in the UN General Assembly recently argued, so it should not be run. And you should ostracize it before it breaks out.

The proposed norm for strengthening cyber hygiene also has a lot of potential. The biggest security risk in cyberspace is the carefree end user. Here is the comparison to the public health care. Of course, governments are responsible for formulating and enforcing codes of conduct. But nothing is gained without their daily practice. Other proposals include the prohibition of interference in elections and referendums or the obligation to eliminate software and hardware vulnerabilities. Private companies are urged not to participate in offensive cyber attacks by governments.

At the December UN General Assembly, cybersecurity will be discussed in two committees. The Internet working group set up by UN Secretary-General Antonio Guterres has recommended drafting a Declaration on strengthening security, trust and digital cooperation by October 2020. Next week, the fourteenth UN Internet Governance Forum will begin in Berlin, where five thousand delegates from all over the world will discuss how cyberspace can be designed freely, openly and securely.

Read the original article here.