Reading Materials
-
An Augmented Summary of the Harvard, MIT and U. of Toronto Cyber Norms Workshop [PDF]
The Augmented Summary discusses the norms proposed at the first cyber norms workshop and the arguments on their behalf.
Panel 1: Evolution of Western Internet Governance: Norms, Values, Interests, Models & Institutions
- A cyberwar of ideas? Deterrence and norms in cyberspace [PDF]
Tim Stevens relates US efforts to develop strategic ‘cyber deterrence’ as a means to deter adversarial actions in and through global cyberspace. Even as explicit cyber deterrence strategy falters, the US is pursuing a norms-based approach to cyber strategy generally, and hopes to derive deterrent effects from its attempts to broker international agreements pertaining to the ‘rules of the road’ for the proper and productive use of cyberspace. The US is not the only norm entrepreneur in this policy space, however, and this article examines how a range of other state and non-state actors are complicating efforts to develop normative regimes that might reduce risks to and from cyberspace. The article concludes that a norms-based approach to cyber deterrence might engender deterrent effects at the state level but is unlikely to do so in the case of ‘rogue’ states and many non-state actors. - Contesting cyberspace and the coming crisis of authority [PDF]
In this chapter, Deibert and Rohozinski examine the increasing struggle for superiority and the competition for power, influence and control that defines the contestation of cyberspace. This contest over access has now burst into the open, both among advocates for an open Internet and those, mostly governments but also corporations, who feel it is now legitimate for them to exercise power openly. - Global Governance and the Spread of Cyberspace Controls [PDF]
In this article Ronald Deibert (Director, Citizen Lab) and Masashi Crete-Nishihata (Research Manager, Citizen Lab) examine international and global mechanisms and dynamics that explain the growth and spread of cyberspace controls. The article draws on on International Relations theory literature, and in particular constructivist approaches to provide a study of “norm regression” in global governance: the growth and spread of practices that undercut cyberspace as an open commons of information and communication.
Panel 2: Alternative Models and Challenges Posed by States to Western Governance
-
Russia, China and Global Governance [PDF]
The rationale for including this is that Russian and Chinese attitudes towards Internet governance need to be seen against the backcloth of their approaches to global governance more generally. This very accessible account by Charles Grant, produced by a respected London think-tank with an avowedly European focus, highlights some of the fundamental differences in Russian and Chinese approaches and the reasons for these. -
The United Nations and the Internet: It's Complicated
This article is written by Rebecca Mackinnon and published in the August 2012 edition of Foreign Policy magazine. It usefully highlights some of the key issues and constituencies involved in the forthcoming WCIT in Dubai and illustrates the point that this is about more than just a Cold War-style East-West divide. -
The Impact of China on Global Internet Governance in an Era of Privatized Control [PDF]
This paper by Séverine Arsène offers an interesting perspective on why China's perspective on Internet sovereignty may differ from that of Russia. China appears to see much greater potential to use its growing influence and capacities to shape the international cyber agenda in ways favourable to its concepts and interests. -
Security proposals to the ITU could create more problems, not solutions [PDF]
This report from the Center for Democracy & Technology looks at considerations this year by the ITU to extend its regulatory authority to the Internet. Several proposals have been made to revise the ITUʼs basic treaty to include provisions addressing the security of networks or information. These proposals have rightly raised controversy not only because of their implications for Internet freedom, but also because of concerns that ITU intervention could distract from or undermine other ongoing efforts by institutions better suited to address Internet security.
Panel 3: The Applicability of International Law to Cyberspace & Characterization of Cyber Incidents
-
No Legal Vacuum in Cyber Space
This short interview with International Committee of the Red Cross Legal Expert Cordula Droege explores the concept of “cyber warfare” and how international humanitarian law applies to cyber operations. -
The customary international law of cyberspace [PDF]
By Gary Brown, Keira Pollet (2012) - Cyber Security and International Agreements [PDF]
In this article Sofaer, Clark and Diffie examine the prospects for international agreements on cyber security to create a more secure cyber environment. They explore which areas of activity are more or less likely for inclusion in any such agreement, as well as the administrative structure of institutions necessary to implement them. While acknowledging the many barriers standing in the way of such agreements, they argue that international negotiation and agreement is essential for strengthening cyber security.
Panel 4: Law of Armed Conflict (LOAC) and Rules of Engagement (RoE) in Cyberspace
- The Tallinn Manual (forthcoming in paper form from Cambridge University Press in 2013)
This report was written at NATO’s invitation and compiles the views of an independent “international Group of Experts” who examine how existing international law norms apply to cyber warfare, both in terms of when States can resort to the use of force (the jus ad bellum) and how they actually conduct themselves in an armed conflict (the jus in bello or the Law of Armed Conflict (LOAC). Despite NATO involvement, the Tallinn manual is not an official document; rather, it represents only the personal opinions of its authors. - The Law of Cyber Attack [PDF] (forthcoming in the California Law Review)
This lengthy article by Oona Hathaway and others provides an up-to-date, detailed review of how existing international legal rules apply to cyber attacks, including the law of war, recent international efforts to directly regulate cyber-attacks, international bodies of law that may be used to indirectly regulate cyber-attacks, and domestic criminal law. It concludes that the existing legal responses are deficient and outlines key elements for a cyber-treaty as a more comprehensive solution to the emerging threat of cyber-attacks. - Direct Participation in Cyber Hostilities: Terms of Reference for Like-Minded States? [PDF]
By Jody M. Prescott - Transparency and confidence-building measures in cyberspace: Towards norms of behaviour [PDF]
By Ben Baseley-Walker - The Quest for Cyber Peace [PDF]
In The Quest for Cyber Peace, Jody Westby analyzes the laws of armed conflict and proposes, with rationales, amendments to these international agreements to provide for their extension to cyberspace.
Panel 5: Norms for Security, Resilience and Supply-chain Integrity in Core Telecommunications Infrastructure
- Communications Sector-Specific Plan: An Annex to the National Infrastructure Protection Plan (2010) [PDF]
By the Department of Homeland Security - New Threats, Old Technology: Vulnerabilities in Undersea Communications Cable Network Management Systems [PDF]
By Michael Sechrist - Huawei Routers [PDF]
German white hat hacker, Felix "FX" Lindner, describes security research on Huawei end-user and enterprise routers that: shows they are riddled with vulnerabilities ready for exploit; the company security process is shockingly substandard; and requires Chinese proficiency in areas like the debugger and its output necessitating support and operation by Chinese personnel. This presentation is a major pubic relations disaster for a Chinese national champion that has grown over an exceptionally short time into a global telecommunication equipment provider. - U.S. Lawmakers Press China's Huawei, ZTE [RTF]
By Siobhan Gorman, The Wall Street Journal - The Canadian Cyber Security Situation in 2011
Bell Canada's recent report finds that all sectors of the the critical infrastructure have been victims of e-spionage, and that current security practices are unable to cope with this threat. It recommended as a solution: "begins with upstream security services that ‘clean the pipe’ of toxic content at a safe distance; before reaching the enterprise network perimeter. Next-generation secure networks will be based upon the Reference Architecture and should include the deployment of multi-source collation, data Fusion and analysis capability using real-time global cyber threat intelligence." - Achieving International Cyber Stability
In a report for the Atlantic Council, Frank Kramer argues that International cyber stability can... be achieved by generating a three-legged stool of resilience, cooperation and transparency. For the United States, achieving these ends will require a three-part strategy of internal action to reduce vulnerabilities focused on key operational networks; collaborative activities with close allies and partners; and transparent interaction for the creation of norms, provision of assistance, and dialogue with others, including potential adversaries, to reduce risk. -
Mike Rogers and Dutch Ruppersberger, Investigative Report On The U.S. National Security Issues Posed By Chinese Telecommunications Companies Huawei And ZTE [PDF], Intelligence Committe of the US House of Representatives, October 8, 2012.
The threat posed to U.S. national-security interests by vulnerabilities in the telecommunications supply chain is an increasing priority given the United States' reliance on interdependent critical infrastructure systems; the range of threats these systems face; the rise in cyber espionage; and the growing dependence all consumers have on a small group of equipment providers. The Intelligence Committee conducted a year-long investigation of the Chinese telecommunications equipment vendors, Huawei and ZTE. The committee concluded that China has the means, opportunity, and motive to use telecommunications companies for malicious purposes and suggested “mitigation measures” cannot fully address the threat posed by Chinese telecommunications companies providing equipment and services to US critical infrastructure. The report describes the investigation of the two companies and concludes with a series of recommendations, which include excluding them from US telecommunications markets and, more generally, calling for vigilance about the influence of foreign states in the sector.
Panel 6: Cyber Security Awareness and Norm-development: Practical issues for Engaging Critical Private Actors
- Resilience and cyberspace: Recognizing the challenges of a global socio-cyber infrastructure [PDF]
By Chris Demchak
Panel 7: Alternative Lenses and Models for International Norms and Governance
- An e-SOS for Cyberspace [PDF]
This article by Duncan Hollis explores the range of existing cyberthreats in terms of timing, scale and indirect effects. It reviews existing regulatory responses to such threats, including the proscriptions of cybercrime and cyberwar rules. Given the difficulties technical attribution poses to holding bad actors accountable for violating such rules, this article examines alternative regulatory proposals, such as mandating minimum security requirements for those using cyberspace or a global multilateral treaty regulating permissible standards of behavior. After explaining how such proposals are unlikely to become a reality in the near term, Hollis concludes by proposing a smaller first step to regulating cyberthreats – acceptance of a duty to assist in cases of the most severe threats to mitigate the harm they cause and to deter future attacks.
Panel 8: Cyber Futures and Directions for Global Engagement
-
The Five Futures of Cyber Conflict and Cooperation [PDF]
Jason Healey has envisioned five possible cyber futures, whose respective likelihoods are primarily based on the emergent balance of cyber offense to defense. In terms of international relations theory, his approach can be characterized as "realist," that is, relations among states are based on their respective power. It therefore provokes questions as to what are the bases of potential international cyber norms, how will power relations constrain their development and acceptance, and how might norms change these projected futures. - Developments in the Field of Information and Telecommunication in the Context of International Security: Work of the UN First Committee 1998-2012 [PDF]
The United Nations Government Group of Experts (GGE) in the field of information and telecommunication is increasingly recognzed as an important venue for the discussion of "high end" information security threats and their relevance to international security. Its recommendation in early 2010, subsequently adopted by the UN General Assembly, that states discuss norms for behavior in international cyberspace sparked significant interest in possible cyber norms. In this paper, Eneken Tikk-Ringas reviews the history of the GGE and analyzes the challenges and obstacles to its progress in developing or promoting norms. -
Nuclear Lessons for Cyber Security? [PDF]
With regard to the cyber revolution and threats to national security arising from it, "analysts are still not clear about the lessons of offense, defense, deterrence, escalation, norms, arms control, or how they fit together into a national strategy." In his article, Nuclear Lessons for Cyber Security? Joseph Nye suggests several general lessons and then discusses a number of international lessons that can be learned from the nuclear experience. - Confidence-building and international agreement in cybersecurity [PDF]
By James A. Lewis - Achieving International Cyber Stability
In a report for the Atlantic Council, Frank Kramer argues that International cyber stability can... be achieved by generating a three-legged stool of resilience, cooperation and transparency. For the United States, achieving these ends will require a three-part strategy of internal action to reduce vulnerabilities focused on key operational networks; collaborative activities with close allies and partners; and transparent interaction for the creation of norms, provision of assistance, and dialogue with others, including potential adversaries, to reduce risk.
Back to top