Chatham House Cyber+Space Conference June 2013 - International Norms for Cyberspace: Deadlocks to Resolve, Lessons to Learn
Upcoming SlideShare
Loading in...5

Chatham House Cyber+Space Conference June 2013 - International Norms for Cyberspace: Deadlocks to Resolve, Lessons to Learn



The presentation was prepared for the workshop of the Chatham House on 'Making the Connection:

The presentation was prepared for the workshop of the Chatham House on 'Making the Connection:
Building Stability in Cyber and Space" (London, 7 May 2013)



Total Views
Views on SlideShare
Embed Views



1 Embed 14 14


Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

Chatham House Cyber+Space Conference June 2013 - International Norms for Cyberspace: Deadlocks to Resolve, Lessons to Learn Chatham House Cyber+Space Conference June 2013 - International Norms for Cyberspace: Deadlocks to Resolve, Lessons to Learn Presentation Transcript

  • Chatham House, London, 07.05.2013 Oleg Demidov, Program Coordinator, PIR Center
  • Chatham House, London, 07.05.2013
  • Conflicting Understanding of Cyberspace: An Obstacle for Common Norms USA: Cyberspace Russia, SCO: Information Space A global domain within the information environment consisting of the interdependent network of information technology infrastructures, including the Internet, telecommunications networks, computer systems, and embedded processes and controllers U.S. Department of Defense (latest edition 2012) O.V. Demidov Program Coordinator PIR Center Information space - the sphere of activity connected with the formation, creation, conversion, transfer, use, an d storage of information and which has an effect on individual and social consciousness, the information infrastructure, and information itself. Inf. space Convention on International Information Security (concept); SCO Yekaterinburg Agreement June 16, 2009 Cyber Space Germany: Cyberspace The virtual space of all IT systems linked at data level on a global scale. The basis for cyberspace is the Internet as a universal and publicly accessible connection and transport network which can be complemented and further expanded by any number of additional data networks. IT systems in an isolated virtual space are not part of cyberspace. Cyber Security Strategy for Germany, 2011 Russia – U.S. Bilateral on Cybersecurity. Critical Terminology Foundations. EastWest Institute, 2011 An electronic domain through which information is created, transmitted, received, stored, processed and deleted U.S-Russian Study Group: Cyberspace
  • Threats in Cyberspace: Classification Malicious Activities in Cyberspace: Actor-Object Classification Object Citizens States and Proxy Actors Actor O.V. Demidov Program Coordinator PIR Center Russia: the Triad of threats in the information space Military and Political Threats Citizens Cyber Crime (Сitizens vs Citizens) States and Proxy Actors Cyber Terrorism (Сitizens vs States) (States vs Citizens) Cyber war (States vs States) ? Any universal classification? Terrorism Cybercrime  Formulated by UN GA Resolution A/RES/54/49 on December 1, 1998 (adopted under Russia’s initiative)  Elements are interrelated and inseparable  Includes the issues of content  Does not provide understanding of technical nature of threats
  • Soft Law Mechanisms and Codes of Conduct for Cyberspace Proposals O.V. Demidov Program Coordinator PIR Center Soft Law Mechanisms Authors 1. Russia 2. The SCO and its states  Russia supports the idea of a Code of Conduct for cyberspace as a global UN-backed document with strong emphasis on content issues 1. Code of Conduct in the field of International Information Security (drafted by Russia, Tajikistan, Uzbekistan and China on September 12, 2011) 2. In March 2013 China called for creating some code of conduct for cyberspace in order to tackle the threat of cyberwar 3. USA 4. UN and the ITU Since the end of 2012 actively support elaboration of “norms of responsible behavior” in cyberspace.  Adaptation of the existing international law (jus in bello, jus ad bellum)  Support of the Tallinn Manual approach  Statement by the Secretary of State Hillary Clinton at the international Conference on Cyberspace in Budapest on November 5, 2012  International private-state cooperation mechanisms: IMPACT-ITU Alliance since 2011 (Russia refused, Group-IB and Kaspersky Lab participate)  The ITU: National Cybersecurity Strategy Guide: is not in demand in Russia, as well as the ITU cybersecurity standards  Global Cybersecurity Culture: UN GA Resolution A/RES/64/211, A/RES/58/199, A/RES/57/239 (just recommendations)
  • Legally Binding Mechanisms for Cyberspace Proposals O.V. Demidov Program Coordinator PIR Center Proposals of legally binding acts Authors 1. Russia 1. Convention on International Information Security (concept)  Presented on 11.2011 (Conference on Cyberspace)  Global scale as a UN act  Comprehensive nature (the triad of threats + the issues of cyber sovereignty) 2. Project of a universal UN Convention on international cybercrime (to be presented probably in Seoul in October 2013)  To provide new level of cooperation and to avoid the flaws of the Budapest Convention of CoE  Embraces only criminal segment of the Triad of threats 2. SCO and its separate states 3. USA 4. UN and the ITU 1. The agreement of SCO on cooperation in the field of ensuring the international information security signed on June 16, 2009  Laid terminological foundation in the field of IIS  First legally binding international document  No any particular mechanism of intergovernmental cooperation on countering cyberthreats  Participate in CoE Convention and promote it as a potentially global mechanism  Oppose the initiatives of Russia and the SCO because of cyber sovereignty component 2010: The ITU Secretary General Hamadoun Toure called to elaboration of a global treaty on prevention of cyberwars  Concept of a “peace treaty before war”  Never promoted at the UN GA level  Political disputes between Russia, China, USA make the idea hardly feasible
  • Chatham House, London, 07.05.2013 The International Law Applicable to Cyber Warfare Issued by CCD COE International Group of Experts on March 28, 2013 Adaptation or a new vision of the international law of armed conflict?  States may not knowingly allow cyber infrastructure located in their territory to be used for acts that adversely affect other States  The State itself is responsible for proxy actors acting under its direction  The prohibition on the use of force in international law applies fully to cyber operations. Any cyber operation that caused harm to individuals or damage to objects qualified as a use of force  An attack is a cyber operation that causes injury or death to individuals or damage or destruction to objects or which interferes with the functionality of cyber infrastructure in a manner that requires repair  Civilian hacktivists conducting cyber operations during an armed conflict can become legitimate targets under certain circumstances
  • Chatham House, London, 07.05.2013 An International Criminal Court or Tribunal for Cyberspace (ICTC) Stein Schjolberg, Norwegian Judge, High Level Experts Group (HLEG), ITU, Geneva, Chairman (2007-2008)  A United Nations court of law, established through a Resolution by the Security Council in accordance with Chapter VII of the United Nations Charter  The idea of international criminal jurisdiction over individuals committing massive and wellcoordinated cyber attacks, which effectively equals to criminal jurisdiction over proxy actors in cyber conflicts (including state vs state cyber wars with the use of proxy actors)  Two areas of jurisdiction: 1. “Core cybercrimes” (fraud, data interception, forgery, illegal access, etc.) 2. Massive and coordinated global cyber attacks against critical information Infrastructures “To prosecute … whoever by destroying, damaging, or rendering unusable critical communications and information infrastructures, causes substantial and comprehensive disturbance to the national security, civil defense, public administration and services, public health or safety, or banking and financial services”.  No room for responsibility of a state actor for malicious activities in cyberspace – because of the attribution problem
  • Chatham House, London, 07.05.2013
  • Chatham House, London, 07.05.2013  Information on PIR Center program “International Information Security and Global Internet Governance”  Contacts (Oleg Demidov)