The recent collapse of United Nations negotiations on cyberwarfare should worry everyone concerned with preventing the next world war, Dan Svantesson writes.
The tension on the Korean peninsula is higher than it has been for decades. There was recently a border standoff between India and China. Expansionist thinking again guides Russia, and there is a genuine fear that the invasion of parts of Ukraine was merely a first step. The conflicts in Syria, Yemen, and Israel continue. And the South China Sea is seeing a threatening build-up of military presence.
In the light of all this, the world is perhaps closer to World War 3 than it has been since the height of the Cold War. Yet, despite all this ‘noisy’ tension that gets so much media attention, the greater threat to peace might actually stem from much more silent conflicts – conflicts occurring in Cyberspace. And in June 2017, events unfolded that significantly increased the risk of cyber conflicts.
Since 2004, negotiations have been taking place within the United Nations aimed at developing an agreement regarding how international law applies to cyberwarfare. The work was carried out within the UN Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security (GGE). GGE consists of representatives from 25 countries, including from the five permanent UN Security Council Member States.
However, on 23 June 2017, work of the GGE came to a disappointing end. Reportedly, several matters were in contention, including the right to respond to internationally wrongful acts, the right to self-defense under Article 51 of the UN Charter, the potential applicability of international humanitarian law to the ICT context, and a perceived lack of focus on cooperation as a solution to potential disputes.
Neither the GGE negotiations nor their collapse, have managed to attract much reaction in the media. However, the collapse is bad news and should have us very worried indeed.
So why should we be concerned about cyber conflicts? First and most obviously, cyber-attacks can have devastating effects. Importantly, it seems society is getting increasingly vulnerable every day as more and more services and activities are moved online without sufficient attention being directed at protecting those services and activities from potential attacks.
The second, and even more serious aspect is what I refer to as the ‘Cyber-to-Kinetic dilemma’ (C2K dilemma) – the risk of a cyber-attack sparking a series of reactions taking the world to kinetic war. I am by no means the first to point to the risk of an equivalent of the shot of Sarajevo that sparked World War One coming in the form of a cyber-attack, and addressing the C2K dilemma is a central concern that has now been made all the more difficult with the abandonment of the GGE negotiations.
The collapse of the GGE negotiations does not change the fact that urgent action is required on this topic. Consequently, it is possible that the UN will manage to reconfigure its work resulting in a new working group structure carrying on the work. Should this not happen, however, other international bodies need to step forward and provide a structure for further dialogue.
Any such work must tackle tremendously difficult issues such as the ‘attribution problem’ —the difficulty of identifying attackers so as to be able to identify responsible state actors. It must also take account of the need for sophisticated jurisdictional rules, going beyond mere territoriality.
The work that lies ahead must be carried out recognising the multifaceted nature of cyber conflicts. And it must go beyond the mere interpretation of existing norms.
The reality is that we urgently need a framework specifically for addressing cyber conflicts and it should be clear that solutions will not be found merely by attempts at interpreting how the current instruments apply in the cyber environment.
The time has come to recognise that in applying, for example, Article 51 of the UN Charter to the online environment, our task is not just to dream up some vaguely plausible explanation as to what amounts to an “armed attack” online, because “armed attacks” cannot occur online. In applying a provision like Article 51 online, it is not the words of that provision that matter. What matters is the underlying thinking – the underlying principles – expressed via the wording of the norm in question.
So much work lies ahead. One thing is, however, clear; if want a chance of peace in the ‘real’ offline world, we must remain serious about giving cyber-peace a chance.