This article was originally published by the European Council on Foreign Relations (ECFR).
The top down UN GGE process appears dead in the water. International norms and laws for responding to cyber attacks must now be built from the bottom up.
Rules must be binding, violations must be punished, and words must mean something. The UN GGE failed on all three accounts.
In 2004, the United Nations established a Group of Governmental Experts with the aim of strengthening the security of global information and telecommunications systems (UN GGE). To date the UN GGE has held five sessions, which are widely credited for successfully outlining the global cybersecurity agenda and introducing the applicability of international law to state behaviour in cyberspace.
However, during the UN GGE’s fifth session in June 2017, fundamental disagreements emerged between the Group’s 25 members, particularly on the right to self-defence and the applicability of international humanitarian law to cyber conflicts. In the end, the fifth and possibly last session concluded without the release of a consensus report. With no plans to pick up the pieces, the question now is, where do we go from here?
This article was originally published by Pacific Forum CSIS on 16 May 2017.
The Wannacry virus that attacked computers around the world last week is one more reminder of the growing threat posed by vulnerabilities in cyberspace. Over 100,000 networks in over 150 countries were infected by the malware; the actual ransoms paid appear to have been limited, but the total cost of the attack – including, for example, the work hours lost – is not yet known. Experts believe that this is only the most recent in what will be a cascading series of attacks as information technologies burrow deeper into the fabric of daily life; security specialists already warn that the next malware attack is already insinuated into networks and is awaiting the signal to begin.
Cyber threats are climbing steadily up the list of Asia-Pacific security concerns. Experts reckon that cyber crime inflicted $81 billion in damage to the Asia Pacific region in 2015 and the number of such incidents is growing. Online radicalization and other content-related issues pose expanding threats to the region, challenging national narratives and in some cases undermining government legitimacy and credibility. The networks and technologies that are increasingly critical to the very functioning of societies are vulnerable and those vulnerabilities are being distributed as regional governments are more intimately connected and more deeply integrated in economic communities. One recent study concludes that an ASEAN digital revolution could propel the region into the top five digital economies in the world by 2025, adding as much as $1 trillion in regional GDP over a decade. This growth and prosperity are threatened by proliferating cyber threats.
This article was originally published by the S. Rajaratnam School of International Studies (RSIS) in December 2016.
Many cities around the world are exploring the use of Smart CCTVs as advances in Artificial Intelligence (AI) offer operational value for homeland security. However, cybersecurity and overreliance could impede the technology’s potential.
Following recent terrorist incidents, Germany’s Interior Minister announced in August 2016 that CCTV cameras at airports and train stations will be enhanced with facial recognition technology. Likewise, the New York Police Department has developed the Domain Awareness System that uses similar technology to track and monitor potential suspects.
Globalisation increases the exposure of cities to myriad transnational threats even as growing urbanisation is putting the strain on law enforcement by increasing the densities of population, property and critical infrastructure to be safeguarded in each precinct. These inherent challenges in protecting cities – population and economic centres that make attractive soft targets – necessitate the early warning and identification of threats. Smart CCTVs support this function as the third eye of cities by complementing the vigilance of police officers and the community.
This article was originally published by the Finnish Institute of International Affairs (FIIA) on 20 December 2016.
Russia´s new Information Security Doctrine follows the line adopted in previous strategic documents whereby Russia is perceived as a besieged fortress. The doctrine identifies a number of external threats to Russia’s information space and calls for intensified monitoring of the Russian segment of the internet, Runet.
On 5 December 2016, President Vladimir Putin signed a new Information Security Doctrine of the Russian Federation, replacing the Information Security Doctrine published in 2000. The Doctrine is one of the strategic planning documents and, as such, it expresses the official view about the management of national security in the information sphere. Rhetorically, the text resembles the National Security Strategy, adopted in December 2015, which signalled a heightened sense of threat towards Russia, and underlined the importance of maintaining strategic stability. Consequently, the spirit of the new Doctrine is sharper, almost bellicose in tone, and the threats are described in more concrete terms.
The information sphere is defined in a broader sense than in the previous doctrine. The key term in this regard is “informatization”, which refers to social, economic and technical processes for adopting and expanding information technology in society and the country as a whole, and for securing access to information resources. This change indicates recognition of the role of the information sphere in technological development but, most importantly, regards it as a tool to change the fabric of society. The Doctrine describes how this tool is used in the interests of Russia’s national security, and calls for an increased role for internet and information security management and the domestic production of information technology.
This article was originally published by the S. Rajaratnam School of International Studies (RSIS) on 7 November 2016.
The so-called Islamic State (IS) is the most innovative terrorist group the world has seen. In the backdrop of its loss on the ground, IS is expanding its cyber capabilities to conduct more cyber-attacks and hacking. This and its migration into the ‘darknet’ will make IS more dangerous than before.
TERRORIST AND non-state actors have used different modes and mediums to spread their message and communicate with their comrades. The dawn of the Internet has also provided such groups with unparalleled opportunities to establish communications and operational links that were not possible before. Starting from websites, terrorist groups moved to more interactive mediums like chatrooms and forums. It was social media platforms, such as Facebook and Twitter that truly revolutionised how militants, terrorists and non-state actors communicated with each other, recruited sympathisers and supporters and disseminated their propaganda.