3.2. Cybersecurity and Governance of the Digital Domain

Chair: Anne-Marie Buzatu

Panellists: Mr Reto Haeni; Dr Camino Kavanagh; Dr Gustav Lindstrom

Rapporteur: Teresa Hatzl, Geneva Centre for the Democratic Control of Armed Forces

The panel discussion “Cybersecurity and Governance of the Digital Domain” aimed at analyzing current challenges to peace and security in cyberspace. Indeed, there are various difficulties, ranging from jurisdictional obstacles to challenging the traditional Westphalian system. Non-State actors play an ever-growing importance in the digital domain. The question is how States respond to this and what is the actual role and responsibility of non-State actors in the digital domain?

How are new threats, such as the misuse of ICTs by violent extremist organizations and groups, changing our perception and expectation of security in the digital domain? What is needed to effectively address and prevent the misuse of ICTs by those organizations and groups?

Already in the 1990s, experts at the UN congress on the implication of technology for international security forecasted major challenges. It was noted that the international community was ill-equipped to address these challenges appropriately; and it seems that report proved its point. States around the globe are still facing various difficulties with regard to cyberspace. Violent extremism constitutes one of the more recent ones. However, the fact that these groups are using information and communication technologies (ICTs) to spread their narratives and messages comes as no surprise; albeit the level of magnitude and sophistication were quite unexpected.

Governments around the world have adopted different approaches to address violent extremism. Measures include content regulation and counter-narratives, cooperation on regional and international level and alternative messaging. States further created new institutions, such as the Europol Internet Referral Unit, with the aim to enhance cooperation between States and the private sector. However, the effectiveness of these approaches has yet to be examined. Nonetheless, cooperation between States, the private commercial sector and civil society organizations was urged. It was noted that this would not require reinventing the wheel, but channeling synergies and expertise and facilitating cooperation between the different stakeholders.

What is the role and responsibility of the private sector in cyberspace? What is a government’s responsibility for private sector actions, if any?

It was noted that the private sector holds multiple roles in the digital domain; it acts as both provider of ICT services as well as user thereof. It was further stressed that technology apparently outpaced law making. Consequently, various challenges were arising, such as jurisdictional gaps that transnational cyber criminals are benefiting from. In this context, it was noted that cyber crime is likely to expand more rapidly for two reasons: Firstly, professional cyber criminals are more organized and better trained these days. Consequently, they know how to operate at low risk with high impact. Secondly, growing internet connectivity and affordable digital devices are facilitating criminal activities. Therefore, protecting and securing ICT systems was not only in the interest of the private sector but also in the interest of governments, especially because most critical infrastructure nowadays strongly depends on secure ICT systems.

Regarding the role of governments, it was noted that until governments agree to common norms and standards, and – even more important – how to apply them, the private commercial sector is likely to fill this vacuum by voluntarily restraining its own behavior. In the context of violent extremism, this means that social media companies regulate content according to their own terms of service, which poses new human rights challenges.

It was concluded that today’s challenges in cyberspace can only be solved in cooperation between the different stakeholders, in particular between governments and the private commercial sector. Latter is a key actor because it possesses the know-how and creativity to drive change.

Can one identify priority shifts in national security strategies due to emerging cybersecurity threats, such as violent extremism online?

As a starting point, it was noted that one way to address emerging cybersecurity threats is to develop national cybersecurity strategies. It was highlighted that a number of States have developed national cybersecurity strategies; ranging from Bangladesh to Trinidad & Tobago. Consequently, it was argued that developing national cybersecurity strategies does not depend on the size of a State or its resources, but rather indicates that States primarily consider cyberspace beneficial for them and therefore develop such strategies. It was noted that this also resonates with the general approach taken by States in formulating their respective national cybersecurity strategies, i.e. to emphasize the inherent benefits and opportunities of cyberspace. Though one cannot necessarily identify a shift in national security strategies due to violent extremism, there are nevertheless concepts that can be found in most strategies, such as the protection of critical infrastructure, the prevention of cyber crime, and offensive vs reactive cyber capabilities. However, it was noted that violent extremism is not the only challenge States are facing in the near future. Internet of Things, cloud computing, encryption and the physical vulnerability of cyber infrastructure are issues that deserve greater consideration.

Conclusion

The panel discussion can be summarized as following:

  • The digital domain is an opportunity for society. Nevertheless, discussions rather focus on challenges in that respect; and indeed there are myriad of them.
  • Any tool can be used for good and for bad – and the digital domain is no exception thereof. However, there are many different measures every single person can consider in order to enhance cybersecurity, e.g. by changing passwords regularly. On an institutional level, developing national cybersecurity strategies is considered as such a preventive measure.
  • In order to address emerging cyber threats effectively and sustainably, channeling synergies and resources is vital. This can only be achieved through successful and innovative public-private partnerships.