Upload
boston-global-forum
View
76
Download
0
Embed Size (px)
Citation preview
The Dynamics of International Cyber Conflict
The Boston Global ForumEthics on the Code of Conduct in Cyberspace
Ryan C. Maness, PhDNortheastern University
September 23, 2016
Cyberwar?
• Recent actions in cyberspace make it appear as if we are experiencing a dangerous breakout trend
• Many analysts have framed these violations a representing an era of ever more sophisticated and dangerous cyber conflict
• The reality is more banal
Deterrence is an antiquated strategy
• There can never be a form of deterrence in the cyber world because these incidents can be anonymous and quickly destructive, preventing deterrence considerations from operating
• A system of deterrence is unrealistic in cyber operations because credibility is lacking (willpower, secrecy of tactic) and actors cannot retaliate due to the uncontrollable nature of the weapon.
• Cyber maneuvers to demonstrate resolve and credibility are also limited because of the potential of displayed capabilities to be replicated back on the originator, and the high likelihood of collateral damage.
There is restraint by states
• States have been restrained from using cyber weaponry because:
• 1) the reproducibility of the tactic• 2) cyber weapons are not simple to design• 3) deception present in both the offensive and defensive
domains • 4) the chances of collateral damage• 5) the high potential for diffusion of the conflict by dragging in
third parties through alliances or friendship bonds• 6) blowback since cyber weapons used to great effect will
demand repercussions
Cyber is a battle of information
• We are seeing the rise of cyber espionage and crime, not cyber war
• If the day to day danger are these constant attempts to steal or manipulate information, and not use overt cyber weaponry, how do we structure a code of ethics?
• An obvious answer is to counter the rise of digital espionage and crime, by government and non-state actors by establishing norms of behavior
Cyber is a battle of information
• The reality of cyber espionage and crime suggests an urgent need for more rules in cyberspace. One goal should be to rethink how we store critical information.
• The need for basic cyber hygiene is amply illustrated by Chinese espionage with OPM, the Russian information hacks of the DNC and DNCC, and the probable non-state initiated Yahoo hack
• SCACA hacks such as Stuxnet, Ukrainian power grid hack are exceptions not the rule
The development of norms• Some strides have been made in norm creation• Behind these developing norms is the accepted
international norm of limiting harm to civilians. • The off-limits status of critical infrastructure fits this
normative construct because the main impact of such an attack would be borne by civilians
• Liberal democracies need to find common ground with the large authoritarian cyber powers, China and Russia – Critical infrastructure, intellectual property theft– Current problems: cyber proxies and plausible deniability
Clean up our house first, and fast
• To reinforce a norm of cyber safety, states have to be willing to make investments
• We need: – more cyber hygiene (internal training on how to
deal with potential threats) – a reformulation of the critical infrastructure that
runs important systems, and – greater cooperation between the public and
private sectors.
Attribution not just technical
• Russia and China are able to deny responsibility because of the plausible deniability of the connections to their governments and proxies (Fancy Bear, Cozy Bear, Guccifer 2.0, PLA groups, etc.)
• Need to name and shame in a political context • Diplomacy in curbing cyber action before
escalation and retaliation
Proposed action plans
• Cooperate with the UNESCO-UCLA Chair in Global Learning and Global Citizenship Education deploy a application for practicing the Ethics code of Conduct for Cyber Peace and Security ( ECCC ).
• Build up a Cybersecurity Center in Nha Trang, Vietnam to support for cybersecurity in Southeast Asia as a pilot project in supporting developing countries in their cybersecurity challenges.
Proposed action plans
• Move discourse away from war – The war discourse inflates the threats in this
domain and distracts from critical problems• Promote cyber hygiene • Regulate Industry – There is no regulation as to the claims these
industries make– Cyber security firms must be clear about their
abilities and promises just as any industry must be