Global Code: Power and the Weak Regulation of Cyberweapons
This chapter renders explicit what is submerged in previous analyses of cyberweapons regulation and governance: the operations of power in shaping this field of politics and policy. It addresses nascent attempts to regulate cyberweapons and explores the operations of power in the global information-technological assemblage that shape their development, possession and use. First, a short preamble sets out the conceptual foundations of the chapter in terms of both regime theory and power analysis in International Relations. There follow four outline case studies, each focusing on an aspect of cyberweapons regulation and governance previously established as problems for the development of a global cyberweapons regime. The first concerns productive power and the role of the NATO Tallinn Manual Process in constructing cyberweapons as legitimate military instruments. The second is the role of US structural power in incentivising cyberweapons markets, which undermines multilateral attempts to regulate dual-use technologies associated with cyberweapons. The third examines the Internet as a source of institutional power, arguing that the design of the Internet provides affordances for cyberweapons. The fourth addresses compulsory power and diplomatic relations between the great powers, which resolve to differing interpretations of sovereignty that constrain the emergence of a global cyberweapons regime.
KeywordsCybersecurity Cyberweapons Power Global governance Security regulation Regime Nonregime
- Ablon, L., Libicki, M. C., & Golay, A. A. (2014). Markets for Cybercrime Tools and Stolen Data: Hackers’ Bazaar. Santa Monica, CA: RAND Corporation.Google Scholar
- Arimatsu, L. (2012). A Treaty for Governing Cyber-Weapons: Potential Benefits and Practical Limitations. In C. Czosseck, R. Ottis, & K. Ziolkowski (Eds.), Proceedings of the 4th International Conference on Cyber Conflict; 5–8 June, Tallinn, Estonia (pp. 91–109). Tallinn: NATO CCD COE Publications.Google Scholar
- Barnett, M., & Duvall, R. (2005). Power in Global Governance. In M. Barnett & R. Duvall (Eds.), Power in Global Governance (pp. 1–32). Cambridge: Cambridge University Press.Google Scholar
- Betz, D. J., & Stevens, T. (2011). Cyberspace and the State. London: Routledge.Google Scholar
- Booth, K., & Wheeler, N. J. (2008). The Security Dilemma: Fear, Cooperation and Trust in World Politics. Basingstoke: Palgrave Macmillan.Google Scholar
- Boothby, B. (2016). Cyber Weapons: Oxymoron or a Real World Phenomenon to Be Regulated? In K. Friis & J. Ringsmose (Eds.), Conflict in Cyber Space: Theoretical, Strategic and Legal Perspectives (pp. 165–174). London: Routledge.Google Scholar
- Bourne, M. (2019). Powers of the Gun: Process and Possibility in Global Small Arms Control. In N. Hynek, O. Ditrych, & V. Stritecky (Eds.), Regulating Global Security. Basingstoke: Palgrave Macmillan.Google Scholar
- Buchanan, B. (2016). The Cybersecurity Dilemma: Hacking, Trust, and Fear Between Nations. New York: Oxford University Press.Google Scholar
- Clough, J. (2014). A World of Difference: The Budapest Convention on Cybercrime and the Challenges of Harmonisation. Monash University Law Review, 40(3), 698–736.Google Scholar
- Denning, D. (2000). Reflections on Cyberweapons Controls. Computer Security Journal, 16(4), 43–53.Google Scholar
- Dipert, R. (2014). The Essential Features of an Ontology for Cyberwarfare. In P. A. Yannakogeorgos & A. B. Lowther (Eds.), Conflict and Cooperation in Cyberspace: The Challenge to National Security (pp. 35–48). Boca Raton, FL: Taylor and Francis.Google Scholar
- Egelman, S., Herley, C., & van Oorschot, P. C. (2013). Markets for Zero-Day Exploits: Ethics and Implications. In Proceedings of the 2013 New Security Paradigms Workshop; 9–12 September, Banff, Canada (pp. 41–46). New York: Association for Computing Machinery.Google Scholar
- Farrell, H., & Glaser, C. L. (2017). The Role of Effects, Saliencies and Norms in US Cyberwar Doctrine. Journal of Cybersecurity, 3(1), 7–17.Google Scholar
- Foucault, M. (1995 ). Discipline and Punish: The Birth of the Prison. New York: Vintage Books.Google Scholar
- Grusin, R. (Ed.). (2015). The Nonhuman Turn. Minneapolis: University of Minnesota Press.Google Scholar
- Hayden, M. V. (2016). Playing to the Edge: American Intelligence in the Age of Terror. New York: Penguin Press.Google Scholar
- Hinck, G. (2018, January 5). Wassenaar Export Controls on Surveillance Tools: New Exemptions for Vulnerability Research. Lawfare. https://www.lawfareblog.com/wassenaar-export-controls-surveillance-tools-new-exemptions-vulnerability-research. Accessed March 8, 2018.
- Hurel, L. M., & Lobato, L. C. (2018). Unpacking Cybernorms: Private Companies as Norms Entrepreneurs. Journal of Cyber Policy, 3(1), 61–76.Google Scholar
- Hynek, N. (2017). Regime Theory as IR Theory: Reflection on Three Waves of ‘Isms’. Central European Journal of International and Security Studies, 11(1), 11–30.Google Scholar
- Inkster, N. (2016). China’s Cyber Power. London: Routledge.Google Scholar
- Koh, H. H. (2012, September 18). International Law in Cyberspace. Speech to USCYBERCOM Inter-Agency Legal Conference. Fort Meade, MD.Google Scholar
- Krutskikh, A., & Streltsov, A. (2014). International Law and the Problem of International Information Security. International Affairs [Mezdunarodnaia zhizn], 60(6), 64–76.Google Scholar
- Libicki, M. C. (2009). Cyberdeterrence and Cyberwar. Santa Monica, CA: RAND Corporation.Google Scholar
- Libicki, M. C., Ablon, L., & Webb, T. (2015). The Defender’s Dilemma: Charting a Course Toward Cybersecurity. Santa Monica, CA: RAND Corporation.Google Scholar
- Lin, H. (2016). Governance of Information Technology and Cyber Weapons. In E. D. Harris (Ed.), Governance of Dual-Use Technologies: Theory and Practice (pp. 112–157). Cambridge, MA: American Academy of Arts and Sciences.Google Scholar
- Ministry of Defence. (2013). Cyber Primer. London: Ministry of Defence.Google Scholar
- Muller, L. P. (2016). How to Govern Cyber Security? The Limits of the Multi-stakeholder Approach and the Need to Rethink Public-Private Cooperation. In K. Friis & J. Ringsmose (Eds.), Conflict in Cyber Space: Theoretical, Strategic and Legal Perspectives (pp. 116–129). London: Routledge.Google Scholar
- NATO. (2014, September 5). Wales Summit Declaration. Press Release. http://www.nato.int/cps/en/natohq/official_texts_112964.htm. Accessed March 9, 2018.
- NATO. (2016, July 8). Cyber Defence Pledge. Press Release. http://www.nato.int/cps/en/natohq/official_texts_133177.htm. Accessed March 9, 2018.
- Nye, J. S., Jr. (2014). The Regime Complex for Managing Global Cyber Activities. Waterloo, ON: Centre for International Governance Innovation.Google Scholar
- Office of the Director of National Intelligence (ODNI). (2017, January 6). Assessing Russian Activities and Intentions in Recent US Elections. Intelligence Community Assessment. https://www.nytimes.com/interactive/2017/01/06/us/politics/document-russia-hacking-report-intelligence-agencies.html. Accessed March 8, 2018.
- Pyetranker, I. (2015). An Umbrella in a Hurricane: Cyber Technology and the December 2013 Amendment to the Wassenaar Arrangement. Northwestern Journal of Technology and Intellectual Property, 13(2), 153–180.Google Scholar
- Rid, T. (2013). Cyber War Will Not Take Place. London: Hurst and Company.Google Scholar
- Schmitt, M. N. (Ed.). (2013). Tallinn Manual on the International Law Applicable to Cyber Warfare. Cambridge: Cambridge University Press.Google Scholar
- Schmitt, M. N. (Ed.). (2017). Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations. Cambridge: Cambridge University Press.Google Scholar
- Sofaer, A. D., & Goodman, S. E. (2000). A Proposal for an International Convention on Cyber Crime and Terrorism (Working Paper). Stanford, CA: Stanford University.Google Scholar
- Stevens, T. (2016). Cyber Security and the Politics of Time. Cambridge: Cambridge University Press.Google Scholar
- Taylor, M. (2012). Terrorism and Affordance: An Introduction. In M. Taylor & P. M. Currie (Eds.), Terrorism and Affordance (pp. 1–17). London: Continuum.Google Scholar
- US Department of Defense. (2015a). Cyber Strategy. Washington, DC: Department of Defense.Google Scholar
- US Department of Defense. (2015b). Law of War Manual. Washington, DC: Department of Defense.Google Scholar
- US Government. (2017). Vulnerabilities Equities Policy and Process for the United States Government. https://www.whitehouse.gov/sites/whitehouse.gov/files/images/External%20-%20Unclassified%20VEP%20Charter%20FINAL.PDF. Accessed March 8, 2018.
- von Heinegg, W. H. (2015). International Law and International Information Security: A Response to Krutskikh and Streltsov. Tallinn: CCD COE Publications.Google Scholar
- Zetter, K. (2014). Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon. New York: Crown Publishers.Google Scholar