Daniel Stauffacher, President of ICT4Peace and Ambassador Paul Meyer have published an Op-ed on 23 July in the Neue Zürcher Zeitung called “Disarmament Negotiations for the Cyberspace are needed”. The English translation of the text can be found here.
The world is facing a new challenge – a modern arms race with no visible weapons and identifiable actors, which is characterized by a growing number of known and hidden attacks on websites of government agencies or infrastructures. It often remains unknown, who ran these attacks, whether by governments or non-state actors. The fact is that new technologies provide in cyberspace a new generation of offensive weapons. One of the major powers could soon decide to use cyberspace as a battlefield in order to decide an inter-state conflict. And with such, the vital question would be answered, whether an exclusively peaceful use of the cyber-space will continue to be possible or whether we are approaching its definitive militarization. No matter in which direction the journey goes, the consequences for international security will be substantial. The diplomatic and military elites of the leading cyber-powers are therefore required, as soon as possible, to develop a common approach, how to behave in the future in this unpredictable and dangerous environment. Should Governments not soon develop coherent strategies for international cooperation in this area, they could very soon be faced with a fait accompli.
The inter-state dimension of security in cyberspace is comparatively new, and its importance is generally not yet fully understood. So far, the discussion on international cyber-security has primarily focussed on the problems of crime, cyber-terrorism and the role of non-state actors. In the fight against criminals and terrorists, it was easier for States to find common ground for cooperation among themselves. But now it’s about their own behaviour – especially in cases of conflict. The States must therefore in their consultations go beyond issues of criminal and terrorist activity in cyberspace and try to define now also the limits of so-called “unacceptable state behaviour” in cyberspace. Currently, there is no general agreement. In such a grey area of international law states are largely free to decide on their own what constitutes an “acceptable” action. It is clear, however, that recently States carried out or supported activities which, while not expressly prohibited, can have a destabilizing effect.
The international community in discussing these issues is clearly lagging behind the military developments. There are, however some encouraging indications that such consultations at an international level are finally taking place. At the UN, more importance is being given to the question of responsible state behaviour in cyberspace. A first contribution to this debate was the report of the UN Group of Governmental Experts (GGE) on “Developments in the Field of Information and Telecommunications in the Context of International Security”. The GGE will continue its work in 2012 and 2013. Russia and China also proposed an International Code of Conduct for Information Security to the UN. In the framework of the Organization for Security and Cooperation in Europe (OSCE), of which Russia is also a member, and with US support, government officials are presently preparing in an informal working group, a first set of confidence building measures (CBMs) on a regional basis.
When assessing the possible steps of a preventive diplomacy for the security and peace in cyberspace, the international community can rely on the experience with confidence building measures (CBMs) in the area conventional weapons, for instance. First confidence building steps could be, for example, the publication of national cyberspace-specific doctrines and multilateral consultations. One could add the joint observation of “military cyber manoeuvres”, common situation reports and the establishment of communication links for consultations in case of conflicts in cyberspace. In addition, countries could formally renounce the first use of cyber weapons. At the international level also a catalogue could be worked out, which enumerates the measures and tools for self-defence that are legitimate.
Regarding this subject please also refer to the following two posts by the ICT4Peace:
ICT4Peace Foundation calls for an International Code of Conduct on Cyber-Conflict
Getting down to business: Realistic goals for the promotion of peace in cyber-space