Congratulations, you have reached the end of the module. In the concluding part, we will reflect on the key takeaways from this module.
- Cyber-attacks against critical systems and components of society can cause severe disruptions to a digitalised nation’s economy and security. A combination of high-impact operations conducted remotely, with relatively high deniability, make them suitable for hybrid warfare, especially in ‘peace-time’ (short of an open conflict).
- UN recognises the risks from increasing cyber-armament of states – that is, development of offensive cyber capabilities. Cyber is increasingly recognised by states as a new military domain, along with land, sea, air, and space. This, in turn, brings dangers of escalations of cyber-attacks into conflict with cyber, and other conventional means.
- Over two decades ago it became clear there is a need for certain ‘rules of the road’ related to the use of cyber-attacks, and their implications for international peace and security. Since 2004, the dialogue has been ongoing within the UN – and brought (some) results.
- The international framework of responsible state behaviour in cyberspace is based on the agreements of several rounds of the Group of Governmental Experts (GGE) and one Open-ended Working Group (OEWG), which were subsequently endorsed by the UN General Assembly. Even though non-binding, the framework creates a basis for predictability and holds states accountable for their actions in cyberspace.
- Within the framework, states have agreed that the existing international law and the UN Charter apply to cyberspace, and that the international humanitarian law applies in cases of conflict. The framework outlines a number of cyber-norms that define what states should and should not do, confidence building measures which encourage states to exchange information and cooperate in preventing misunderstanding that could lead to escalations, and capacity building principles. The framework also sets the next steps in the institutional dialogue under the UN.
- There are, however, many open issues to be resolved still. In particular, how the international law applies in terms of understanding of what constitutes armed attack in cyberspace, in which cases the right to self-defence applies – and how it can be operationalised, how to monitor the adherence of states to the agreed norms, how to hold countries accountable for cyber attacks having in mind great complexities with attribution, how to better engage other stakeholders, and whether new norms – or an international treaty – are needed.
- Several regional organisations have developed their own strategies and measures, that address regional specificities, and have found ways to ensure that states commit to the global framework. Africa, however, needs to enhance its regional cooperation on this matter.
- In practice, cyberspace is mainly owned, managed and used by the private sector, while civil society (including technical and academic community) possess in-depth understanding of how it works and impacts the society, and operates vast global communities that shape the development and use of the internet. It is therefore essential that other stakeholders are involved in shaping and implementing cyber-norms and agreements. Number of global and regional multistakeholder initiatives exist that are of particular relevance, such as the UN Internet Governance Forum, and the GFCE
- Cyber diplomacy is a key element for reaching global agreements, and implementing them. On the one hand, states have to develop cyber diplomacy capacities and structures within public institutions, and particularly the Ministries of foreign affairs. On the other, civil society and the private sector also needs to be involved and prepared for participating in global processes, and working with the officials on applicability of international law, and shaping and implementing norms and principles.
- Finally, it is important to note that cyber diplomacy is not only about cybersecurity, but needs to address challenges holistically. Cyber diplomats, therefore, should equally address digital aspects of economic development and human rights – and the cross-links between those three dimensions.
What are your main take-aways from this knowledge module – important points that are not included above?