On 21 March 2014, former Ambassadors Daniel Stauffacher (Switzerland) and Paul Meyer (Canada) from the ICT4Peace Foundation, were invited by Director-General Michael Moller, United Nations Office at Geneva for an Executive Briefing for Ambassadors and Permanent Representatives to the UN on the topic: “The Cyber Security Challenge: What Can be Done?”.
The presentation of Daniel Stauffacher you can find here, and of Paul Meyer here.
Concern about cyber security has been increasing rapidly within the international community. Hostile cyber operations by State and non-State actors have heightened the threat perception among many stakeholders. Although cyber-war has not happened yet, offensive cyber activity has occurred as part of wider conflicts: e.g. 2007 against Estonia, 2008 against Georgia, 2010 against Iran and 2013 against South Korea. In the contemporary context of the Syrian war and the crisis in Ukraine and Crimea, denial-of-service attacks have been reported. Cyber action can also create real damage in the physical world. The Stuxnet virus resulted in the destruction of equipment in Iran. Destruction and/or disruption of certain critical infrastructure such as power, transport, water, and the financial sector etc. are feasible.
It should be noted that cyber capabilities do not fit traditional security strategies because of the difficulty in attributing an attack, and the rapidly evolving technology produced by the private sector and civil society. For the present, it may be unrealistic to pursue arms control agreements, because we are dealing with multiple actors, both state and non-state, and the lack of commonly accepted definitions of a cyber weapon or cyber warfare.
In this light, ICT4Peace is calling for an urgent international discussion on the norms and principles of responsible state behavior in cyber space, including on the conduct of cyber warfare, and its possible exclusion or mitigation. ICT4Peace launched a project at the Seoul Conference on Cyberspace 2013, that would support processes such as the 2014 UN GGE and the preparation of Hague Conference on the Cyberspace in 2015. Under this ICT4Peace project an initial set of research will be carried out in 2014, under the leadership of Dr. Eneken Tikk, Senior Fellow for Cyber Security, IISS and Senior Advisor ICT4Peace Foundation. At the same time, and in order to establish a universal understanding of the norms and principles of responsible state behavior in cyber space, the international community needs to turn to the United Nations (such as UN General Assembly, UN Group of Governmental Experts on Cyberspace, the World Summit on the Information Society (WSIS), Geneva Plan of Action, Action Line C5 etc).
To promote global cyber stability and security, the international community should develop internationally agreed Confidence Building Measures (CBMs) in appropriate forums (e.g. Bilateral Agreements, the OSCE Working Group on CBMs, work at the ASEAN Regional Forum (ARF), UN GGE etc.). In order to support these efforts, ICT4Peace has published, with the support of the Swiss Government, a publication: “Confidence Building Measures and International Cybersecurity“.
Multi-stakeholder consultations such as the London – Budapest – Seoul – The Hague series of Conferences on Cyberspace should be continued to enhance political awareness and reach out to new constituencies.
There is some urgency in activating these efforts. Diplomacy has lagged behind developments in the politico-military sphere, which threaten to present the international community with a series of faits accomplis , that we might prefer to avoid. Cyberspace is a human creation and humans are currently shaping its nature – multilateral diplomacy can and should have a role in determining the character of this new domain.
A challenge is the lack of clarity about what cyber security entails and the confusing use of terminology associated with it. The term “cyber attack” is being attributed to everything from a sophisticated, destructive cyber payload like Stuxnet to a crude denial of service assault against a website. To some a “cyber weapon” is a frightening, if still non-existing armament, while to others it constitutes a piece of electronic surveillance kit that might be put to nefarious ends. We need to start exercising some discipline and precision as to our use of terms. Such clarity will also be a condition for agreeing to eventual arrangements governing this realm of international security.
The UN General Assembly ‘s 68th session adopted three major resolutions regarding cyber security, each one generated by a different committee, namely the First on “Developments in the field of information and telecommunications in the context of international security”; the Second on “Information and communications technologies for development” and the Third on “The right of privacy in the digital age”. All of these resolutions addressed cyber security-related themes, yet they did so from the respective perspectives of international security, development and human rights.
This fact speaks to the complexity and interrelationship of the issues associated with cyber security, but also underscores the challenge the UN and other multilateral bodies face in trying to come to terms with this multi-faceted subject. Part of the solution to this problem lies in its disaggregation. There is no unified field theory of cyber security and hence no comprehensive solution to the problems it generates.
In other words, if we are going to make progress in developing international cooperation on this intrinsically global public policy issue, we will need to delineate specific topics and focus on devising norms and measures relevant to these. Trying to bring into the process too many concerns and priorities is likely to proliferate counter-productive linkages and complicate problem solving in general. Less may be more when it comes to defining the object of our diplomatic efforts.
More output by ICT4Peace Foundation on cyber-security can be read here.