ICT4Peace on Peace and Security in Cyberspace at New Haven School of Jurisprudence Conference in Hangzhou, China.

Hangzhou, 29 October 2021

Activities, Cybersecurity High-Level Policy Briefings, ICT4Peace Call to Governments to commit to refrain from Offensive Cyber Operations against civilian Critical Infrastructure, ICT4Peace Proposal for a States Cyber Peer Review Mechanism, ICT4Peace proposal for an independent incident attribution mechanism

2. November 2021

After presenting on Emerging Security Issues in June 2019 ICT4Peace’s Daniel Stauffacher was invited again to participate at the 11th and 12th International Conference on the New Haven School of Jurisprudence in Hangzhou, China.

The conference – founded and led by Tulane Law Prof. Guiguo Wang – is co-hosted annually by Yale and Tulaine University Law Schools as well as the Zhejiang University’s Guanghua Law School in Hangzhou, China.

Over 40 Law School Professors and Scholars from Mainland China, Hong Kong, Australia, Singapore, India Pakistan, Austria, Thailand and Switzerland participated this two days conference. The Agenda of the Conference can be found here.

Daniel’s presentation focussed on Peace and Security in Cyberspace. His speech can be found here.

Daniel reiterated ICT4Peace’s Call to Governments to pro-actively and publicly confirm their commitment to respect the UN GGE norm of non-targeting of critical infrastructure.

To install some form of accountability for states’ foreign cyber operations he recalled the ICT4Peace proposal of a states led “Cyber Peer Review Mechanism” with business and civil society input.

He welcomed that several states participating in the UN Open Ended Working Group (UN OEWG) have proposed a “Programme of Action” (PoA) on cyber security. The negotiation of such a PoA should begin sooner rather than later. The ICT4Peace peer review mechanism proposal alongside other elements reinforcing or supplementing the original set of norms could be introduced into this process.

Further refinements of confidence-building measures (CBMs) to impart transparency and predictability could also figure in an eventual PoA. Confidence-building measures have long contributed to the reduction of mistrust amongst states in an adversarial relationship. See Paper by ICT4Peace. The UN GGE process has already yielded a number of CBMs and regional organizations such as the OSCE, the OAS and ASEAN have also generated several cyber security CBMs.

Tangible support for cyber security capacity building would also merit inclusion in any eventual PoA. In this regard, ICT4Peace has advocated for the OECD Development Assistance Committee (DAC) to make expenditure on capacity building eligible for Official Development Aid (ODA) credit.

Accountability and Attribution of cyber-attacks go together – the former cannot be achieved without the latter. It is understandable that sovereign states wish to retain attribution as a national prerogative, but given inherent bias, a purely national approach will lack credibility. We need to devise an independent mechanism to generate evidence-based attribution findings. ICT4Peace has made a proposal in this regard.