Cyber Dynamics and World Order: Enhancing International Cyber Stability
Irish Studies in International Affairs, Royal Irish Academy, Forthcoming
Posted: 12 Oct 2018
Date Written: June 18, 2018
In summary, this article explores the nexus between disorder today and international security cyber issues given that the changing geostrategic environment is seen as a key impediment to progress in forums such as the latest UN GGE following the group’s failure to achieve consensus.
The article first examines the effect of current world order dynamics on international cyber stability developments such as the development and implementation of cyber norms and CBMs. State competition and self-interest can often have greater influence on state practice than norms. A number of trends such as intensifying major power rivalry, rising nationalism as well as challenges to the rule of law and international human rights obligations are making it more difficult to find common ground on state behaviour in cyberspace. This difficulty is exacerbated by different conceptions of world order and conceptual understandings of cybersecurity, including disruptive state behaviour in multilateral cyber efforts. Given calls for reform of the multilateral order and recognition of multi-polarity, scholars must continue to consider the potential impact of these developments on cyber conflict and stability. This includes, for instance, the need for more states to become involved in shaping the agenda. Furthermore, while concerns about terrorism and fake news have heightened globally in recent years, those states which understand cybersecurity/information security as including risk to their political, military, social and cultural landscapes in addition to risk to infrastructure are particularly worried about social stability and Internet control. Key concerns thus include whether these trends could lead to further legislative changes that are used to effect illegitimate content control transcending international human rights obligations. Moreover, how should capacity building be conducted where values do not align? The article concludes that such differences between states on Internet sovereignty and information control are not likely to change in the near future.
The second section outlines the ways in which the nature of cyber capabilities and their intentional misuse can impact the current order. First, cyber capabilities are conceptually challenging for traditional security strategies such as deterrence and arms control which are still being developed by states. Examples of these factors include: 1) the speed and complexity of technological change in the field of cyber which challenge policy-makers’ development of timely policies and doctrine; 2) ongoing preparation of the “battlefield” and intelligence gathering can obfuscate a state’s intentions; 3) states continue to differ about seeking clarity on international law and norms, where some states argue that this adds stability but others contend it is a militarisation of the field; 4) there are more state and non-state actors involved in this field compared to other areas like the nuclear domain; and 4) difficulties in restricting the spread of these dual-use capabilities add more complexity. Moreover, since attribution of cyber incidents can often be difficult and time consuming, this means that it can be hard to develop effective deterrence and retaliation strategies. Frameworks for state responses and consequences for attributed attacks are still being developed, which means that the current system is not highly stable.
Second, given the palpable levels of dissatisfaction with the current Western-centric order, states are now more willing to increasingly engage in cyber-enabled influence operations and low-level activity below the threshold of armed conflict to bring about change in the post-1945 international security architecture. Liberal democracies are particularly vulnerable to these types of activities. Since state espionage and political influencing will most likely continue, states must develop more robust cyber defences and strengthen the resilience of their citizenry to these types of operations. In addition, while Russian activities are currently worrisome, analysts should continue to consider the intentions of other regimes such as China given the country’s ambitions in order building. Furthermore, several national strategies understand cyber operations to include information and influence operations.
The article finally specifies other next steps to continue making progress and create a regime for international cyber stability. It considers the potential for other multilateral and regional efforts to promote common views and universalise norms beyond the UN GGE. States recognise the importance of cooperation in this field given their future visions for the digital economy and economic growth. Nevertheless, the implementation of the 11 voluntary norms in the 2015 GGE consensus report will take time, particularly where more state actors and experts are now involved. States continue to differ about their understanding of cybersecurity, and geopolitical developments do not currently seem to provide the requisite levels of political willingness.
It is important to continue the ongoing work in implementing international agreements, including national, bilateral and like-minded efforts as well as the endeavours of regional bodies and informal mechanisms. States sometimes find that bilateral and like-minded efforts could be easier to make progress, rather than international or regional mechanisms that are currently falling short. For instance, the coordinated joint United States-United Kingdom statement regarding acceptable behaviour related to Russian malicious cyber activities could extend to a larger group of like-minded nations. However, states must ultimately ensure that like-minded endeavours (such as the coordination of international attribution) do not cause further uncertainty and fragmentation “insulting to global norms”.
The recent coordination of international attribution is an example of like-minded groups sending a deterring message and agreeing on acceptable state behaviour. It also provides an example of bigger picture world order trends identified by intelligence communities whereby a future international environment of competition and cooperation among major powers could result in ad-hoc approaches to global challenges undermining existing international institutions.
Regional activities may further assist in pushing progress over time beyond the GGE by focusing upon implementation of norms and CBMs as well as capacity building in support of these efforts. Regional bodies such as the OSCE, OAS and ARF have already made progress in building common understanding and this work should continue by implementing CBMs to reduce risk over the short to medium term. There is also space to promote and find synergies between such regions in the near future. Lastly, this article finds that academia, research institutes and track 1.5/track diplomatic mechanisms have the potential to make progress where formal mechanisms are currently ineffective.
Keywords: world order, global cybersecurity, cyber capabilities, influence operations
Suggested Citation: Suggested Citation