Verification in Cyberspace



Verification is one of the pillars of arms control and non-proliferation treaties as well as an important part of confidence building measures. It defines practical measures that enable treaty members to check the treaty compliance by observing, counting or monitoring specific actions and their accordance with the respective rules. In contrast to historical examples of former military technologies, cyberspace features some unique characteristics making it hard to apply established measures. The chapter describes these peculiarities and assesses distinguishing problems compared to selected verification measures for nuclear, biological and chemicals weapons technology. Yet, cyberspace is a human-made domain and adjusting its technical setting, rules and principles may help to reduce the threat of ongoing militarisation. Offering some alternatives, the chapter elaborates on suitable and measurable parameters for this domain and presents potentially useful verification approaches.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


Recommended Reading

  1. Krause, J. (1998). Strukturwandel der Nichtverbreitungspolitik: die Verbreitung von Massenvernichtungswaffen und die weltpolitische Transformation. Munich, Germany: Oldenbourg Verlag.Google Scholar
  2. UNIDIR. (2013). The Cyber Index - International Security Trends and Realities. Geneva: United Nations Institute for Disarmament Research (UNIDIR). Retrieved from
  3. Pawlak, P. (2016). Confidence-Building Measures in Cyberspace: Current Debates and Trends. In A.-M. Osula & H. Rogias (Eds.): International Cyber Norms: Legal, Policy & Industry Perspectives. Tallinn, Estonia: NATO CCD COE Publications.Google Scholar


  1. Ablon, Lillian; & Bogart, Andy. (2017). Zero Days, Thousands of Nights: The Life and Times of Zero-Day Vulnerabilities and Their Exploits. {RAND} Corporation.
  2. Amir, Elan. (2007). The Case for Deep Packet Inspection. IT Business Edge. Retrieved from
  3. Bazin, Aaron. (2013). Winning trust and confidence: A grounded theory model for the use of confidence-building measures in the joint operational environment. The University of the Rockies. Denver, ColoradoGoogle Scholar
  4. Bellare, Mihir; & Rogaway, Phillip. (2005). Introduction to Modern Cryptography. Retrieved from
  5. Boehme, Peter. (2008). The Verification Regime of the Chemical Weapons Convention. Retrieved July 4, 2018, from
  6. Bradner, Scott. (1999). Internet Engineering Task Force. Open Sources: Voices from the Open Source Revolution, vol. 1. O’Reilly & Associates, Inc.Google Scholar
  7. European Parliament and Council of the European Union. (2006). Directive 2006/24/EC.Google Scholar
  8. European Parliament and Council of the European Union. (2008). Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection . Retrieved from
  9. FireEye. (2013). APT1 - Exposing One of China’s Cyber Espionage Units. Retrieved from ttps://
  10. Granerud, Anders Olaus. (2010). Identifying TLS abnormalities in Tor. Gjøvik University College. Retrieved from
  11. Guerrero-Saade, Juan Andres; & Raiu, Constin. (2017). Walking in your enemy’s shadow: when fourth-party collection becomes attribution hell. In Virus bulletin conference. Kaspersky Lab.Google Scholar
  12. Hinck, Garrett. (2018). Wassenaar Export Controls on Surveillance Tools: New Exemptions for Vulnerability Research. Retrieved from
  13. IAEA. (1961). The agencys safeguards. International Atomic Energy Agency. Retrieved from
  14. IAEA. (2016). Iran and the IAEA: verification and monitoring under the JCPOA. International Atomic Energy Agency. Retrieved from
  15. Iansiti, Marco; & Lakhani, Karim R. (2017). The Truth About Blockchain. Harvard Busienss Review. Retrieved from
  16. Keohane, Robert O. (1984). After Hegemony: Cooperation and Discord in the World Political Economy. Princeton University Press. Princeton, New Jersey.
  17. Krasner, Stephan D. (Ed.). (1983). International Regimes. Ithaca, NY: Cornell University Press.Google Scholar
  18. NATO. (2013). The Tallinn Manual on the International Law Applicable to Cyber Warfare, NATO CCDCOE, Tallin 2013Google Scholar
  19. Neuneck, Götz. (2012). Confidence Building Measures - Application to the Cyber Domain. In Cyber Security Conference. Berlin. Retrieved from
  20. Neuneck, Götz. (2017). 60 Jahre nuklearer - Prometheus oder Sisyphos? Vereinte Nationen Magazin. Vol. 4/2017. Pages 170-176. BerlinGoogle Scholar
  21. Pawlak, Patryk. (2016). Confidence-Building Measures in Cyberspace: Current Debates and Trends. In A.-M. Osula & H. Roigas (Eds.) (pp. 129–153). Tallinn: NATO CCD COE Publications. Retrieved from
  22. Pimenta Rodrigues, Gabriel; de Oliveira Albuquerque, Robson; Gomes de Deus, Flávio; de Sousa Jr., Rafael; de Oliveira Júnior, Gildásio; García Villalba, Luis; & Kim, Tai-Hoon. (2017). Cybersecurity and Network Forensics: Analysis of Malicious Traffic towards a Honeynet with Deep Packet Inspection. Applied Sciences, vol. 7, no. 10, pp. 1082.
  23. Purdon, Ian; & Erturk, Emre. (2017). Perspectives of Blockchain Technology, its Relation to the Cloud and its Potential Role in Computer Science Education. Engineering, Technology & Applied Science Research, vol. 7, no. 6, pp. 2340–2344.Google Scholar
  24. Schneier, Bruce. (1996). Applied Cryptography - Protocols, Algorithms, and Source Code in C. Hoboken, NJ: John Wiley & Sons.Google Scholar
  25. Schneier, Bruce; & Kelsey, John. (1998). Cryptographic Support for Secure Logs on Untrusted Machines. In Proceedings of the 7th Conference on USENIX Security Symposium - Volume 7 (p. 4).Google Scholar
  26. Berkeley, CA, USA: USENIX Association. Retrieved from
  27. Secured Signing. (2018). Intro to Digital Signatures - The process & validity behind Digital Signature technology. Retrieved from
  28. Sherry, L.; & Internet Task Force. (1996). Supporting a networked community of learners. TechTrends, vol. 41, no. 4, pp. 28–32.Google Scholar
  29. Wassenaar. (2017). The Wassenaar Arrangement on export controls for conventional arms and dual-use goods and technologies - List of dual-use goods and technologies and munitions list. (2017). Wassenaar Arrangement Secretariat. Retrieved from
  30. Tucker, John B. (1998). Verification Provisions of the Chemical Weapons Convention and Their Relevance to the Biological Weapons Convention Biological Weapons Proliferation. Reasons for Concern, Courses of Action. Stimson Center Report, vol. 24. Retrieved from
  31. UN. (2011). Proposal of a Convention for international information security by Russia, China et. al. . Retrieved from!OpenDocument
  32. UNIDIR. (2013). The Cyber Index - International Security Trends and Realities. Geneva, Switzerland.Google Scholar
  33. Verizon. (2018). 2018 Data Breach Investigations Report . Retrieved from
  34. Wehberg, Hans. (1959). Pacta Sunt Servanda. The American Journal of International Law, vol. 53, no. 4, pp. 775.

Copyright information

© Springer Fachmedien Wiesbaden GmbH, ein Teil von Springer Nature 2019

Authors and Affiliations

  1. 1.TU Darmstadt, Science and Technology for Peace and Security (PEASEC)DarmstadtGermany
  2. 2.Science and Technology for Peace and Security (PEASEC) Department of Computer ScienceTechnische Universität DarmstadtDarmstadtGermany

Personalised recommendations