Advertisement

CSBMs for the Cyber Realm

  • Jürgen Altmann
  • Gian Piero Siroli
Living reference work entry

Abstract

Armed forces of many countries are preparing cyber warfare. Without limitations there is an arms race with a strong danger of escalation. As with other destabilizing weapon systems, arms control is advisable, but this meets difficulties. Cyber weapons are not as tangible and countable as tanks or combat aircraft. As long as cyber arms control is not in place, confidence (and security) building measures (C(S)BMs) can act as first steps in reducing threat perceptions and damping escalation. States have started considering CBMs, e.g., in the UN. The strongest measures are recommended in the Organization for Security and Co-operation in Europe (OSCE). These voluntary measures do not mention cyber forces explicitly, but they are included. The OSCE has a wealth of experience with CSBMs in the traditional military domains. Several of these measures could be transferred to the cyber realm, e.g., exchanges about the force structure and about policy and doctrines, contacts and visits, prior notification of exercises, inspections, and evaluation visits. With or without formal CSBMs, an international monitoring system for cyberspace would be useful. It would provide threat detection and attack early warning, support in emergencies, and reporting of vulnerabilities. Such an infrastructure would foster information sharing and collaboration toward acceptable norms for state behavior in the cyber sphere.

References

  1. Altmann J, Sauer F (2017) Autonomous weapon systems and strategic stability. Survival 59(5): 117–142.  https://doi.org/10.1080/00396338.2017.1375263CrossRefGoogle Scholar
  2. CFE (1990) Treaty on Conventional Armed Forces in Europe. http://www.osce.org/library/14087. Accessed 12 Dec 2017
  3. Charney S et al (2016) From Articulation to Implementation: enabling progress on cybersecurity norms. Microsoft, June. https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/REVmc8. Accessed Jan 2018
  4. China etc. (2015) Proposal of China, Kazakhstan, Kyrgyzstan, the Russian Federation, Tajikistan and Uzbekistan for an international code of conduct for information security. 13 January. http://www.un.org/ga/search/view_doc.asp?symbol=A/69/723. Accessed 12 Dec 2017
  5. China-Russia (2015) China-Russia cyber-security pact. 30 April. http://government.ru/media/files/5AMAccs7mSlXgbff1Ua785WwMWcABDJw.pdf. Accessed 12 Dec 2017. Unofficial English translation at http://cyber-peace.org/2015/12/04/inoffizielle-uebersetzung-des-nicht-angriffspakt-zwischen-russland-und-china-fuer-den-cyperspace/. Accessed 12 Dec 2017
  6. FIRST (Forum of Incident Response and Security Teams) (2017) https://www.first.org/. Accessed 12 Jan 2018
  7. Kempf O (2015) Introduction à la Cyberstratégie, 2nd edn. Economica, ParisGoogle Scholar
  8. Kramer FD, Starr SH, Wentz LK (eds) (2009) Cyberpower and national security. Potomac Books, DullesGoogle Scholar
  9. Lewis JA (2013) Cybersecurity and cyberwarfare: assessment of national doctrine and organization. In: Lewis JA, Neuneck G (eds) The cyber index – international security trends and realities. UN Institute for Disarmament Research, Geneva. http://www.unidir.org/files/publications/pdfs/cyber-index-2013-en-463.pdf. Accessed 12 Dec 2017Google Scholar
  10. Libicki MC (2009) Cyberdeterrence and cyberwar. RAND, Santa MonicaGoogle Scholar
  11. Lin H (2016) Attribution of malicious cyber incidents: from soup to nuts. J Int Aff 70(1):56–137Google Scholar
  12. McKay A, Neutze J, Nicholas P, Sullivan K (2015) International cybersecurity norms – reducing conflict in an Internet-dependent world. Microsoft. https://download.microsoft.com/download/7/6/0/7605D861-C57A-4E23-B823-568CFC36FD44/International_Cybersecurity_%20Norms.pdf. Accessed 12 Jan 2018
  13. Mele S (2013) Cyber-weapons: legal and strategic aspects. Version 2.0. Italian Institute of Strategic Studies ‘Niccolò Machiavelli’, Rome. http://www.strategicstudies.it/wp-content/uploads/2013/07/Machiavelli-Editions-Cyber-Weapons-Legal-and-Strategic-Aspects-V2.0.pdf. Accessed 12 Jan 2018
  14. Morgan PM (2010) Applicability of traditional deterrence concepts and theory to the cyber realm. In: National Research Council (ed) Proceedings of a workshop on deterring cyberattacks – informing strategies and developing options for U.S. policy. National Academies Press, Washington, DCGoogle Scholar
  15. Neuneck G (2013a) Assessment of international and regional organizations and activities. In: Lewis JA, Neuneck G (eds) The cyber index – international security trends and realities. UN Institute for Disarmament Research, Geneva. http://www.unidir.org/files/publications/pdfs/cyber-index-2013-en-463.pdf. Accessed 12 Dec 2017Google Scholar
  16. Neuneck G (2013b) Towards TCBMs in the cybersphere. In: Lewis JA, Neuneck G (eds) The cyber index – international security trends and realities. UN Institute for Disarmament Research, Geneva. http://www.unidir.org/files/publications/pdfs/cyber-index-2013-en-463.pdf. Accessed 12 Dec 2017Google Scholar
  17. Nye JS (2016) Deterrence and dissuasion in cyberspace. Int Secur 41(3):44–71CrossRefGoogle Scholar
  18. OSCE (Organization for Security and Co-operation in Europe) (2011) Vienna Document 2011 on confidence- and security-building measures. FSC.DOC/1/11. Organization for Security and Co-operation in Europe, Vienna, 30 November. http://www.osce.org/fsc/86597. Accessed 12 Dec 2017
  19. OSCE (Organization for Security and Co-operation in Europe) (2016) OSCE confidence-building measures to reduce the risks of conflict stemming from the use of information and communication technologies. Permanent Council Decision No. 1202. Organization for Security and Co-operation in Europe, Vienna, 10 March. http://www.osce.org/pc/227281. Accessed 12 Dec 2017. (Numbers 1 through 11 are repeated from the corresponding document of 2013, numbers 12 through 16 were added in 2016)
  20. OSCE (Organization for Security and Co-operation in Europe) (2017a) The global state of cyberspace. http://www.osce.org/cio/299291?download=true. Accessed 17 Dec 2017
  21. OSCE (Organization for Security and Co-operation in Europe) (2017b) Promoting peace in cyberspace: the OSCE experience. Video. http://www.osce.org/secretariat/cyber-ict-security. Accessed 14 Dec 2017
  22. Pawlak P (2016) Confidence-building measures in cyberspace? Current debates and trends. In: Osula AM, Roigas H (eds) International cyber norms: legal, policy & industry perspectives. NATO Cooperative Cyber Defence Centre of Excellence, Tallinn, pp 129–153. https://ccdcoe.org/sites/default/files/multimedia/pdf/InternationalCyberNorms_Ch7.pdf. Accessed 28 Jan 2018Google Scholar
  23. Schmitt MN (gen ed) (2017) Tallinn Manual 2.0 on the international law applicable to cyber operations, 2nd edn. Cambridge University Press, CambridgeGoogle Scholar
  24. UN (United Nations) (2015) Group of governmental experts on developments in the field of information and telecommunications in the context of international security. United Nations General Assembly, A/70/174, 22 July. http://www.un.org/ga/search/view_doc.asp?symbol=A/70/174. Accessed 12 Dec 2017. (Sections III Norms, rules and principles for the responsible behaviour of States, IV Confidence-building measures)
  25. UN (United Nations) (2017) Developments in the field of information and telecommunications in the context of international security. https://www.un.org/disarmament/topics/informationsecurity. Accessed 12 Jan 2018
  26. USA (2015) President Xi Jinping’s state visit to the United States, September 25. https://obamawhitehouse.archives.gov/the-press-office/2015/09/25/fact-sheet-president-xi-jinpings-state-visit-united-states. Accessed 12 Dec 2017
  27. US-Russia (2013) Fact Sheet: U.S.-Russian Cooperation on Information and Communications Technology Security. The White House, June 17. https://obamawhitehouse.archives.gov/the-press-office/2013/06/17/fact-sheet-us-russian-cooperation-information-and-communications-technol. Accessed 12 Dec 2017

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Experimentelle Physik IIITechnische Universität DortmundDortmundGermany
  2. 2.Physics and Astronomy DepartmentUniversity of BolognaBolognaItaly
  3. 3.CERNGenevaSwitzerland

Section editors and affiliations

  • Maurizio Martellini
    • 1
  1. 1.Landau Network OfficeFondazione Alessandro VoltaComoItaly

Personalised recommendations