Academia.eduAcademia.edu

Outline

Title
Abstract
Introduction
Conclusion
References
All Topics
Law
International Law

Legal instability in cyberspace and OSCE’s mitigation role

Profile image of Adina PontaAdina Ponta

2021, Juridical Tribune

https://doi.org/10.24818/TBJ/2021/11/3.01
visibility

description

19 pages

link

1 file

Abstract

After the international legal community widely endorsed the application of international law to cyberspace, many open questions remain on the concrete interpretation of existing rights and obligations to the cyber realm. In pursuit of its mandate to promote human rights and conflict prevention, the OSCE can play a major role to support operationalization of international law and application of existing principles to cyberspace. This paper examines some key steps in the aftermath of the creation of norms of behavior, and transparency and confidence-building measures. After a brief analysis of the normcreation process, this piece identifies several pressing cybersecurity challenges on the international landscape, and offers suggestions for consolidating the voluntary non-binding norms States agreed upon. Using lessons learned from other domains, the analysis will focus on mechanisms of building further stability and transparency in cyberspace, in particular by reference to the due dil...

Related papers

A Cyberwar of Ideas? Deterrence and Norms in Cyberspace
Tim Stevens

This article relates US efforts to develop strategic ‘cyber deterrence’ as a means to deter adversarial actions in and through global cyberspace. Thus far, interests-based cyber deterrence theory has failed to translate into effective US policy and strategy, due to a divergence between the operational idiosyncrasies of cyberspace and an over-reliance on Cold War models of deterrence. Even whilst explicit cyber deterrence strategy falters, the US is pursuing a norms-based approach to cyber strategy generally, and hopes to derive deterrent effects from its attempts to broker international agreements pertaining to the ‘rules of the road’ for the proper and productive use of cyberspace. The US is not the only norm entrepreneur in this policy space, however, and this article examines how a range of other state and non-state actors are complicating efforts to develop normative regimes that might reduce risks to and from cyberspace. The article concludes that a norms-based approach to cyber deterrence might engender deterrent effects at the state level but is unlikely to do so in the case of ‘rogue’ states and many non-state actors. States will continue, therefore, to develop punitive deterrence capabilities to respond to these actors.

View PDFchevron_right
A New Cybersecurity Diplomacy: Are States Losing Ground in Norm-making?
Stadnik Ilona

2018

The current state of affairs can be described as an intermediate phase in cybersecurity diplomacy: states have made considerable efforts to develop international cyber law, but it was proved impossible to agree on legally binding rules. The most likely scenario for now is that states will closely follow the initiatives of non-state actors and eventually include the most appropriate norms into intergovernmental discussions. At the moment, groups of like-minded states are diametrically opposed in their vision of cybersecurity and are not ready to give up their relative freedom of action in cyberspace for the sake of universal security and stability. In the absence of common rules of conduct, businesses are left to follow their own defined standards and rules of cybersecurity to reduce the costs of cyberattacks to a certain extent

View PDFchevron_right
CYBERSPACE AND INTERNATIONAL LAW
Paolo Bargiacchi

International Workshop at Dokuz Eylul University (Izmir, Turkey), 2020

Malicious or hostile cyber operations in interstate relations are increasingly common and are widely recognized as (un)conventional security threats. Many States undertake or sponsor cyber operations against other States. Some remain below the threshold of use of force while some may qualify as an unlawful use of force and trigger the application of the UN Charter. In both cases we need a common understanding on which rules and principles of international law apply to States' cyber conducts. In international fora such as the latest UN-mandated Group of Governmental Experts on Advancing responsible State behaviour in cyberspace in the context of international security, States are trying to define a common legal framework to apply international law in cyberspace. The paper will briefly outline the main issues concerning the interpretation and application of international law in cyberspace. It will also focus on the latest expansive theories claiming the right to anticipatory defense from imminent kinetic or cyber threats of armed attack in order to assess the impact for international law and interstate relations in the geophysical world and in the cyberspace should this modern law of self-defense became a general practice accepted as law by the international community of States. In this case, an in-depth revision of the current rules of the UN Charter on the use of force might occur in the next decades.

View PDFchevron_right
Norms and Strategies for Stability in Cyberspace
Mariarosaria Taddeo

The Global Race for Technological Superiority: Discover the Security Implications, ISPI, 2020

Cyber attacks are escalating in frequency, impact, and sophistication. For this reason, it is crucial to identify and define regulations for state behaviour and strategies to deploy countering measures that would avoid escalation and disproportionate use of cyber means, while protecting and fostering the stability of our societies. To this end, strategies to deter cyber attacks and norms regulating state behaviour in cyberspace are both necessary; unfortunately neither is available at the moment. In this chapter, I offer a theory of cyber deterrence and a set of policy recommendations to fill this vacuum.

View PDFchevron_right
The Sound of Silence: International Law and the Governance of Peacetime Cyber Operations
Barrie Sander

T. Minárik et al. (eds), 11th International Conference on Cyber Conflict: Silent Battle, 2019

In an age of cyber insecurity, anxieties about the silence of States concerning the applicability of international law to peacetime cyber operations have been growing. Concerns have focused on the reluctance of States to agree cyber-specific multilateral treaties and to publicly clarify the customary international rules applicable to hostile cyber operations. Taking these concerns as its point of departure, this paper argues for greater specificity in evaluating the silence of States in the cyber context by distinguishing between three distinct types of peacetime security threats: cyber attacks, cyber espionage, and cyber information operations. Cyber attacks and cyber espionage are technical security threats which involve breaking into and targeting information and communications technologies. The primary distinction between the two is in the nature of the payload to be executed􏰍 while a cyber attack􏰎s payload is destructive, a cyber espionage payload ac􏰏uires information non-destructively. Cyber information operations are content-based security threats which involve harnessing the power of online information to cognitively target human intelligence. Relying on this typology, this paper highlights how State silences concerning the application of international law to peacetime cyber operations are not uniform, but vary in terms of their targets, scope and rationale depending on the particular security threat under examination. It is suggested that these variations not only reveal an important dimension of the politics of international law, but are also salient to how the silence of States in different cyber contexts may be evaluated. Contrary to the tendency to automatically cast State silences in a negative light, this paper reveals that silences can perform different and sometimes constructive functions that are yet to be fully acknowledged or appreciated.

View PDFchevron_right
Cyberspace, Sovereignty and International Order, ISN, 2014.
Andrew N . Liaropoulos

It is now well-established that the rapid evolution of cyberspace has impacted upon almost every aspect of our lives. The dramatic increase in the speed, volumes and range of communications that it offers has undoubtedly changed the ways that individuals interact with each other, how companies deliver services and, crucially, how we are governed. But there is also a darker side to cyberspace which poses a growing number of challenges to individual and collective security.

View PDFchevron_right
Cyberspace in a State of Flux: Regulating cyberspace through International Law
Maxron Holder

Groningen journal of international law, 2022

Cyberspace continues to become increasingly integral to our way of life. It has brought with it many benefits but has recently become a domain used for misdeed, as was evident from the recent WannaCry ransomware, the Stuxnet virus issue, and the much-publicized US 2016 Election hacking. These incidents have caused the issue of cyberspace to be on the international agenda, but there is a lack of consensus among the various nations on how cyberspace should be regulated. The article analyzes the legal status of cyberspace by first embarking on a discussion on what is cyberspace, followed by a discussion on recent notable cyberattacks. It is against this backdrop that: (1) the legal status of cyberspace in domestic law is analyzed; (2) the application of the existing rules of international law to cyberspace are considered; (3) the problems with the Budapest Convention on Cybercrime are discussed; and (4) proposals for a new Convention on cybersecurity at the UN level in light of the Tallinn Manual, and the Budapest Convention of Cybercrime are made.

View PDFchevron_right
Building confidence in the cybersphere: a path to multilateral progress
Theresa Hitchens

Journal of Cyber Policy

View PDFchevron_right
Exercising State Sovereignty in Cyberspace: an international cyber-order under construction? in 8th International Conference on Information Warfare and Security, Denver Colorado, 25-26 March 2013
Andrew N . Liaropoulos

Cyberspace is erroneously characterized as a domain that transcends physical space and thereby is immune to state sovereignty and resistant to international regulation. The purpose of this paper is to signify that cyberspace, in common with the other four domains (land, sea, air and outer space) and despite its unique characteristics, is just a reflection of the current international system, and thereby is largely affected by the rules that characterize it. The issue of state sovereignty in cyberspace is critical to any discussion about future regulation of cyberspace. Although cyberspace is borderless and is characterized by anonymity and ubiquity, recent state practices provide sufficient evidence that cyberspace, or at least some components of it, are not immune from sovereignty. The increasing use of Internet filtering techniques by both authoritarian regimes and democracies is just the latest example of attempting to control information flows. Cyberspace is non‐territorial, but in sharp contrast to the land, sea, air and outer space, cyberspace is not a part of nature, it is human‐made and therefore can be unmade and regulated. States have continuously emphasized their right to exercise control over the cyber‐infrastructure located in their respective territory, to exercise their jurisdiction over cyberactivities on their territory, and to protect their cyber‐infrastructure against any trans‐border interference by other states or by individuals. As a result, states are filtering and monitoring cyber‐bytes. Over the past years, there is a growing number of states that is publishing national cyber‐policies and establishing cyber‐centers that aim to protect the national cyber‐infrastructure and control their citizens’ access to information. The issue of state sovereignty in cyberspace raises critical questions about the need to regulate the cyber domain and gradually reach an international cyber‐order.

View PDFchevron_right
The Contest Of Rules: US, China, Russia Rival In Setting The Norms Of Behavior In Cyberspace
Alexandra Kulikova

The shift of cyberspace governance discussions towards a normative framework demonstrates states’ efforts to formulate ‘rules of the game.’ Recent multinational and bilateral agreements on cyberspace governance fall under the domain of non-binding soft law, in which norms agreed upon are not set in stone. As fundamental differences exist amongst individual states’ visions of cyber governance (for example views on state sovereignty in cyberspace), and with the uncertainties a rapidly developing cyberspace brings, hard laws often imply commitments that are difficult to honor. Non-binding agreements and norms leave room to maneuver as seen in the recent UN Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security report and talks between the US and China.

View PDFchevron_right

References (89)

  1. 2018, https://www.mkm.ee/sites/default/files/kyberturvalisuse strateegia_2022_eng.pdf; "Strategic Review of Cyber Defence," Repulique Francaise -Secrétariat Général de la Défense et de la Sécurité Nationale, February 2018, http://www.sgdsn.gouv.fr/ uploads/2018/03/revue-cyber-resume-in-english.pdf; "Dutch National Cyber Security Agenda," The Netherlands' Ministry of Justice and Security, April 2018, https://www.enisa.europa.eu/topics/ national-cyber-security-strategies/ncss-map/national-cyber-security-strategies-interactive- map/strategies/national-cyber-security-strategy-1; "The UK National Cyber Security Strategy 2016- 2021," HM Government, 2016, https://assets.publishing.service.gov.uk/government/uploads/system/ uploads/attachment_data/file/567242/natio nal_cyber_security_strategy_2016.pdf; "National Cyber Strategy of the United States of America," The White House, September 2018, Istanbul Final Declaration and Resolution on Cyber Security," OSCE Parliamentary Assembly, June 29-July 3, 2013, https:// www.oscepa.org/meetings/annual-sessions/2013-istanbul-annual- session/2013-istanbul-final-declaration/1652-15; "U.N. Document A/69/723, International Code of Conduct for Information Security", in Letter from the Permanent Representatives of China, Kazakhstan, Kyrgyzstan, the Russian Federation, Tajikistan and Uzbekistan to the United Nations Secretary-General, January 9, 2015, https://digitallibrary.un.org/record/786846/files/A_69_723- EN.pdf. [all accessed 15.06.2021].
  2. 10 For e.g. the "U.N. General Assembly, Resolution 73/266, Advancing Responsible State Behaviour in Cyberspace in the Context of International Security", A/RES/73/266, December 22, 2018, https://undocs.org/pdf?symbol=en/A/RES/73/266; "London Process", formally called "Global Conference on Cyber Space", Global Forum on Cyber Expertise, https://www.thegfce.com/about/gccs; [accessed 15.06.2021].
  3. 11 For e.g., the two international Codes of Conduct for information security developed by the Shanghai Cooperation Organization, the Budapest Convention on Cybercrime sponsored by the Council of Europe, the Tallinn Manuals developed under the auspices of NATO Cooperative Cyber Defence Centre of Excellence (CCD CoE). See infra15.
  4. Ben Baseley-Walker, "Transparency and Confidence-Building Measures in Cyberspace: Towards Norms of Behaviour," Confronting Cyberconflict (2011): 33, https://citizenlab.ca/cybernorms2012/ BaseleyWalker2011.pdf. [accessed 15.06.2021].
  5. 13 Baseley-Walker, "Transparency and Confidence-Building," 32.
  6. For e.g., the agreement on detailed interpretation of major principles of international law during the 1975 Final Act of the Helsinki Conference on Security and Cooperation in Europe, the CBMs contained in the 1986 Stockholm Accord, and numerous election assistance and monitoring efforts. Baseley-Walker, "Transparency and Confidence-Building," 36; Velimir Radicevic, "Promoting Cyber Stability between States: OSCE Efforts to Reduce the Risks of Conflict Stemming from the Use of Information and Communication Technologies (ICTs) in the Context of Global and Regional Security," OSCE Yearbook, ed. IFSH (2018): 201.
  7. Pawlak et al., "Cyber Conflict Uncoded", note 34 above; Heli Tiirmaa-Klaar, "Two Generations of EU Cybersecurity Strategies," in Handbook on Cybersecurity: The Common Security and Defence Policy of the European Union, ed. Jochen Rehrl (Directorate for Security Policy of the Federal Ministry of Defence of the Republic of Austria, 2019), 18-26. "U.N. Document A/68/98*, Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security," June 24, 2013, http://www.un.org/ga/search/view doc.asp?symbol=A/68/9, [hereinafter GGE 2013 report]; "GGE 2015 report", note 18 above. [accessed 15.06.2021].
  8. 43 Hitchens and Gallagher, "Building Confidence in the Cybersphere," 9.
  9. There are still concerns that its clarification offers opportunities for States to allege more breaches of international law and increase the frequency of countermeasures, which ultimately hamper stabilization of this international law principle in cyberspace. Eric T. Jensen and Sean Watts, "A Cyber Duty of Due Diligence: Gentle Civilizer or Crude Destabilizer?," Texas Law Review 95 (2017): 1573.
  10. Once the United States and China adopted a norm against commercial cyberespionage, both Germany and the United Kingdom undertook their own bilateral negotiations with China, and later the entire G-20 followed suit.
  11. Finnemore and Hollis, "Constructing Norms for Global Cybersecurity," 472.
  12. Radicevic, "Promoting Cyber Stability between States," 207.; "OSCE PC Decision 1106," note 39 above.
  13. For e.g., in contrast to the GGE wording, such as "States should consider" and "States could", the OSCE used terms such as "will" and "shall", committing States to certain legal issues. "GGE 2013 report", note 42 above (Section IV, para 26c).
  14. Hitchens and Gallagher, "Building Confidence in the Cybersphere," 7. 50 Id., 5.
  15. Niklas Bremberg, "European Regional Organizations and Climate-related Security Risks: EU, OSCE and NATO," SIPRI Insights on Peace and Security no. 1 (2018): 13, https://www.sipri.org/ publications/2018/sipri-insights-peace-and-security/european-regional-organizations-and-climate- related-security-risks-eu-osce-and-nato. [accessed 15.06.2021].
  16. 52 "Perspectives of the UN & Regional Organizations on Preventive and Quiet Diplomacy, Dialogue Facilitation and Mediation. Common Challenges & Good Practices," Workshop Report OSCE (February 2011), https://peacemaker.un.org/sites/peacemaker.un.org/files/Perspectiveson PreventiveandQuietDiplomacy_OSCE2011_0.pdf [accessed 15.06.2021].
  17. 53 Hitchens and Gallagher, "Building Confidence in the Cybersphere," 2.
  18. Radicevic, "Promoting Cyber Stability between States," 211.
  19. Id., 209; The nominal implementation rate across all CBMs by participating States is high, each State having implemented at least one measure.
  20. In sum, in 2002, a North Korean freighter, transited the Arabian Sea without flying a flag and with a newly painted hull that obscured its name and home port. U.S. intelligence officials asked Spanish marines to board and search the ship as a "stateless" vessel. On board, they discovered missiles
  21. Radicevic, Velimir. "Promoting Cyber Stability between States: OSCE Efforts to Reduce the Risks of Conflict Stemming from the Use of Information and Communication Technologies (ICTs) in the Context of Global and Regional Security." In OSCE Yearbook, edited by IFSH (2018): 201-212.
  22. Schmitt, Michael N. ed. Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations. Cambridge: Cambridge University Press, 2017. doi:10.1017/9781316822524.
  23. Stockburger, Peter Z. "From Grey Zone to Customary International Law: How Adopting the Precautionary Principle May Help Crystallize the Due Diligence Principle in Cyberspace" in NATO CCD CoE Publications, eds. T. Minárik, R. Jakschis, and L. Lindström (2018): 245-262.
  24. Tiirmaa-Klaar, Heli. "Two generations of EU cybersecurity strategies." In Handbook on Cybersecurity: The Common Security and Defence Policy of the European Union, edited by Jochen Rehrl, 18-26. Directorate for Security Policy of the Federal Ministry of Defense of the Republic of Austria, 2019.
  25. Bannelier, Karine. "Cyber Diligence: A Low-Intensity Due Diligence Principle for Low- Intensity Cyber Operations?" Baltic Yearbook of International Law 14 (2014): 1-15.
  26. Bannelier, Karine, and Theodore Christakis. "Cyber-Attacks: Prevention-Reactions: The Role of States and Private Actors." Les Cahiers de la Revue Défense Nationale (2017): 7-86.
  27. Baseley-Walker, Ben. "Transparency and Confidence-Building Measures in Cyberspace: Towards Norms of Behaviour." Confronting cyberconflict no. 4 (2011): 31-40. https://citizenlab.ca/cybernorms 2012/Baseley Walker2011.pdf.
  28. Berkes, Antal. "Human Rights Obligations of the Territorial State in the Cyberspace of Areas Outside Its Effective Control." Israel Law Review 52, no. 2 (2019): 197-231.
  29. Besson, Samantha. "Due Diligence and Extraterritorial Human Rights Obligations - Mind the Gap!" ESIL Reflections 9, no. 1 (2020): 1-9. https://esil-sedi.eu/wp- content/uploads/2020/04/ESIL-Reflection-Besson-S.-3.pdf.
  30. Bremberg, Niklas. "European Regional Organizations and Climate-related Security Risks: EU, OSCE and NATO." SIPRI Insights on Peace and Security no. 1 (2018). https://www.sipri.org/publications/2018/sipri-insights-peace-and-security/european- regional-organizations-and-climate-related-security-risks-eu-osce-and-nato.
  31. Corn, Gary P., and Robert Taylor. "Sovereignty in the Age of Cyber." American Journal of International Law Unbound 111 (2017): 207-212. doi:10.1017/aju.2017.57.
  32. Eichensehr, Kristen. "The Cyber-Law of Nations." Georgetown Law Journal 103, no. 2 (2015): 317-380.
  33. Finnemore, Martha, and Duncan B. Hollis. "Constructing Norms for Global Cybersecurity." American Journal of International Law 110, no. 3 (2016): 425-479.
  34. Heupel, Monika. "How do States Perceive Extraterritorial Human Rights Obligations? Insights from the Universal Periodic Review." Human Rights Quarterly 40, no. 3 (2018): 521-546.
  35. Hitchens, Theresa, and Nancy W. Gallagher. "Building Confidence in the Cybersphere: A Path to Multilateral Progress." Journal of Cyber Policy 4, no. 1 (2011): 4-21. http://doi.org/10.1080/23738871.2019.1599032.
  36. Hollis, Duncan B, and Matthew C. Waxman. "Promoting International Cybersecurity Cooperation: Lessons from the Proliferation Security Initiative (PSI)." Temple University Beasley School of Law, Legal Studies Research Paper no. 3 (2018): 1-14.
  37. Jensen, Eric Talbot. "The Tallinn Manual 2.0: Highlights and Insights." Georgetown Journal of International Law 48 (2017): 735-778.
  38. Jensen, Eric T., and Sean Watts. "A Cyber Duty of Due Diligence: Gentle Civilizer or Crude Destabilizer?" Texas Law Review 95 (2017): 1555-1577.
  39. Kilovaty, Ido. "An Extraterritorial Human Right to Cybersecurity." Notre Dame Journal of International and Comparative Law" 10, no.1 (2020): 35-55.
  40. Roguski, Przemyslaw. "Application of International Law to Cyber Operations: A Comparative Analysis of States' Views." Policy brief (2020): 1-48.
  41. Schmitt, Michael N. "Grey Zones in the International Law of Cyberspace." The Yale Journal of International Law Online 42, no. 2 (2017).
  42. Schmitt, Michael N. "Peacetime Cyber Responses and Wartime Cyber Operations Under International Law: An Analytical Vade Mecum." Harvard National Security Journal 8, no. 2 (2017): 239-282.
  43. Schmitt, Michael N., and Liis Vihul. "Respect for Sovereignty in Cyberspace." Texas Law Review 95, no. 7 (2017): 1639-1671.
  44. Shackelford, Scott J., Scott Russell, and Andreas Kuehn. "Unpacking the International Law on Cybersecurity Due Diligence: Lessons from the Public and Private Sectors." Chicago Journal of International Law 17, no.1 (2016):1-50.
  45. Moynihan, Harriet. "The Application of International Law to State Cyberattacks: Sovereignty and Non-Intervention." Chatham House Research Paper (2019). https://www.chathamhouse.org/sites/default/files/ publications/research/2019-11-29- Intl-Law-Cyberattacks.pdf.
  46. Pawlak, Patryk, Eneken Tikk, and Mika Kerttunen. "Cyber Conflict Uncoded: The EU and conflict prevention in cyberspace." EUISS Brief 7 (2020).
  47. Pawlak, Patryk and Thomas Biersteker eds. "Laws of gravitation. Due diligence obligations in cyberspace." In EU Cyber Sanctions and Norms in Cyberspace. Chaillot Paper 155 (2019). https://www.iss.europa.eu/sites/ default/files/EUISSFiles/cp155.pdf.
  48. Ponta, Adina. "Cyber Operations Against Medical Facilities During Peacetime." Lawfare Blog, May 1, 2020. https://www.lawfareblog.com/cyber-operations-against- medical-facilities-during-peacetime.
  49. Ponta, Adina, "Hostile Cyberoperations Against Medical Facilities and Their Impunity." Jurist Legal News and Research, May 22, 2020. https://www.jurist.org/commentary/ 2020/05/adina-ponta-hospital-hostile-cyber operations/.
  50. Ponta, Adina. "Security and Human Rights Challenges of Cyber Due Diligence." Harvard International Law Journal Online (2020). https://harvardilj.org/2020/06/ security-and-human-rights-challenges-of-cyber-due-diligence/.
  51. Ruhl, Christian, Duncan Hollis, Wyatt Hoffman, and Tim Maurer. "Cyberspace and Geopolitics: Assessing Global Cybersecurity Norm Processes at a Crossroads." Carnegie Endowment for International Peace Working Paper (2020): 1-25. https://carnegieendowment.org/files/Cyberspace_and_Geopolitics.pdf.
  52. Schmitt, Michael. "The Netherlands Releases a Tour de Force on International Law in Cyberspace: Analysis." Just Security, October 14, 2019. https://www.justsecurity.org/ 66562/the-netherlands-releases-a-tour-de-force-on-international-law-in-cyberspace- analysis/.
  53. Przemyslaw Roguski. "Application of International Law to Cyber Operations: A Comparative Analysis of States' Views." The Hague Program for Cyber Norms Policy brief, March 2020, https://www.thehaguecybernorms. nl/research-and-publication- posts/application-of-international-law-to-cyber-operations-a-comparative-analysis-of- states-views.
  54. Wright, Jeremy. "Cyber and International Law in the 21 st Century." Chatham House Royal Institute (2018). https://www.gov.uk/government/speeches/cyber-and- international-law-in-the-21st-century. IV. Legal and public documents
  55. "Annex to General Assembly Resolution 56/83 of December 12, 2001, corrected by document A/56/49 (Vol. I) /Corr.4." Responsibility of States for Internationally Wrongful Acts, 2001, https://legal.un.org/ilc/texts/ instruments/english/draft_articles/ 9_6_2001.pdf
  56. "Cybersecurity Strategy. Republic of Estonia 2019-2022." Ministry of Economic Affairs and Communications. February 2018. https://www.mkm.ee/sites/default/files/ kyberturvalisuse_strateegia _2022_eng.pdf.
  57. "Declaration by the High Representative Josep Borrell, on behalf of the EU, on malicious cyber activities exploiting the coronavirus pandemic." Press Release 26/120, April 30, 2020. https://www.consilium.europa.eu/en/press/press-releases/2020/04/30/ declaration-by-the-high-representative-josep-borrell-on-behalf-of-the-european-union- on-malicious-cyber-activities-exploiting-the-coronavirus-pandemic/.
  58. "Dutch National Cyber Security Agenda." The Netherlands' Ministry of Justice and Security. April 2018. https://www.enisa.europa.eu/topics/national-cyber-security- strategies/ncss-map/national-cyber-security-strategies-interactive-map/strategies/ national-cyber-security-strategy-1.
  59. European Court of Human Rights. López Ostra v. Spain, Application no. 16798/90 (2004).
  60. European Court of Human Rights. Osman v. The United Kingdom, Case no. 87/1997/871/1083 (1998).
  61. "Global Conference on Cyber Space (GCCS) 2017." Internet Society, November 23-24, 2017. https://www. internetsociety.org/events/gccs-2017/.
  62. "G-8 Declaration Renewed Commitment for Freedom and Democracy." G-8 Summit of Deauville, May 2011. https://www.nato.int/nato_static/assets/pdf/pdf_2011_05/ 20110926_110526-G8-Summit-Deauville.pdf.
  63. "G-20 Leaders' Communique´." Antalya Summit, November 15-16, 2015. http://www.mofa.go.jp/files/00011 1117.pdf.
  64. International Court of Justice. Case Concerning Pulp Mills on the River Uruguay (Argentina v. Uruguay), April 20, 2010.
  65. International Court of Justice. Judgement Certain Activities Carried Out by Nicaragua In the Border Area (Costa Rica V. Nicaragua), December 16, 2015.
  66. "International Covenant on Economic, Social and Cultural Rights." Adopted and opened for signature, ratification and accession December 16, 1966, U.N.G.A Resolution 2200A (XXI) (entered into force Jan. 3, 1976). https://www.ohchr.org/en/ professionalinterest/pages/cescr.aspx.
  67. International Tribunal for the Law of the Sea. Request for Advisory Opinion submitted to the Seabed Disputes Chamber, Responsibilities and Obligations of States Sponsoring Persons and Entities with Respect to Activities in the Area, February 1, 2011.
  68. "London Process", formally called "Global Conference on Cyber Space." Global Forum on Cyber Expertise accessed June 28, 2020. https://www.thegfce.com/about/gccs.
  69. "Maastricht Principles on the Extra-Territorial Obligations of States in the area of Economic, Social and Cultural Rights." (2011). https://www.ciel.org/wp- content/uploads/2015/05/Maastricht_ETO_ Principles_21Oct11.pdf.
  70. "National Cyber Strategy of the United States of America." The White House. September 2018. https://www. whitehouse.gov/wp-content/uploads/2018/09/National- Cyber-Strategy.pdf.
  71. "OSCE Permanent Council Decision 1039." April 26, 2012. https://www.osce.org/ pc/90169.
  72. "OSCE Permanent Council Decision 1106." December 2013. http://www.osce.org/pc /109168.
  73. "OSCE Permanent Council Decision 1202." March 10, 2016. http://www.osce.org/pc /227281.
  74. "Perspectives of the UN & Regional Organizations on Preventive and Quiet Diplomacy, Dialogue Facilitation and Mediation. Common Challenges & Good Practices." Workshop Report OSCE (2011). https://peacemaker. un.org/sites/peacemaker.un.org/ files/PerspectivesonPreventiveandQuietDiplomacy_OSCE2011_0.pdf.
  75. Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, Official Journal of the European Union, L 119/1 (April 27, 2016).
  76. Speech, President Kersti Kaljulaid. "President of the Republic at the opening of CyCon 2019." May 29, 2019. https://www.president.ee/en/official-duties/speeches/15241- president-of-the-republic-at-the -opening-of-cycon-2019/index.html.
  77. "Stay Smart. Stay Safely Connected." Cybersecurity Tech Accord. (May 2020). https://cybertech accord.org/.
  78. "Strategic Review of Cyber Defence." Repulique Francaise -Secrétariat Général de la Défense et de la Sécurité Nationale. February 2018. http://www.sgdsn.gouv.fr/uploads/ 2018/03/revue-cyber-resume-in-english.pdf.
  79. "The UK National Cyber Security Strategy 2016-2021." HM Government, 2016. https://assets.publishing. service.gov.uk/government/uploads/system/uploads/attachment_data/file/567242/natio nal_cyber_security_strategy_2016.pdf.
  80. "The 9 Principles." Paris Call, December 11, 2018. https://pariscall.international/ en/supporters.
  81. "U.N. Document A/56/10." International Law Commission: Prevention of Transboundary Harm from Hazardous Activities with commentaries, Article 3, commentary (9) (2001). https://legal.un.org/ilc/texts/instruments/english/ commentaries/9_7_2001.pdf.
  82. "U.N. Document A/68/98*." Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security. June 24, 2013. http://www.un.org/ga/search/view_ doc.asp?symbol=A/68/9.
  83. "U.N. Document A/69/723, International Code of Conduct for Information Security." in Letter from the Permanent Representatives of China, Kazakhstan, Kyrgyzstan, the Russian Federation, Tajikistan and Uzbekistan to the United Nations Secretary- General, January 9, 2015. https://digitallibrary.un.org/record/78684 6/files/A_69_723- EN.pdf.
  84. "U.N. Document A/70/174. Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security.", July 22, 2015. https://undocs.org/A/70/174.
  85. "U.N. Document CCPR/C/21/Rev.1/Add. 1326." International Covenant on Civil and Political Rights. General Comment No. 31." Human Rights Committee (HRC), May 2004. http://docstore.ohchr.org/Self Services/Files Handler.ashx?enc=6QkG1d%2 FPPRiCAqhKb7yhsjYoiCfMKoIRv2FVaVzRkMjTnjRO%2Bfud3cPVrcM9YR0iW6T xaxgp3f9kUFpWoq%2FhW%2FTpKi2tPhZsbEJw%2FGeZRASjdFuuJQRnbJEaUhby 31WiQPl2mLFDe6ZSwMMvmQGVHA%3D%3D.
  86. " U.N. Document E/C.12/2000/4." CESCR General Comment No. 14: The Right to the Highest Attainable Standard of Health (Art. 12) August, 11, 2000.
  87. "U.N. General Assembly, Resolution 73/266, Advancing Responsible State Behaviour in Cyberspace in the Context of International Security." A/RES/73/266 (December 22, 2018). https://undocs.org/pdf?Symbol=en/A/ RES/73/266.
  88. "U.N. Reports of International Arbitral Awards, 2006 Permanent Court of Arbitration." Trail smelter case (United States v. Canada). https://legal.un.org/riaa/cases/ vol_III/1905-1982.pdf.
  89. "2013 Istanbul Final Declaration and Resolution on Cyber Security." OSCE Parliamentary Assembly, June 29-July 3, 2013, https://www.oscepa.org/meetings/ annual-sessions/2013-istanbul-annual-session/2013-istanbul-final-declaration/1652-15.

Related papers

K Mačák, ‘From Cyber Norms to Cyber Rules: Re-engaging States as Law-makers’, (2017) 30 Leiden Journal of International Law __ (forthcoming)
Kubo Macak

Several indicators point to a crisis at the heart of the emerging area of international cyber security law. First, proposals of internationally binding treaties by the leading stakeholders, including China and Russia, have been met with little enthusiasm by other states, and are generally seen as having limited prospects of success. Second, states are extremely reluctant to commit themselves to specific interpretations of controversial legal questions and thus to express their cyber opinio juris. Third, instead of interpreting or developing rules, state representatives seek refuge in the more ambiguous term 'norms'. This article argues that the reluctance of states to engage themselves in international law-making has generated a power vacuum, lending credence to claims that international law fails in addressing modern challenges posed by the rapid technological development. In response, several non-state-driven norm-making initiatives have sought to fill the void, including Microsoft's cyber norms proposals and the Tallinn Manual project. The article then contends that this emerging body of non-binding norms presents states with a critical window of opportunity to reclaim a central law-making position, similarly to historical precedents including the development of legal regimes for Antarctica and nuclear safety. Whether the supposed crisis will lead to the demise of interstate cyberspace governance or to a recalibration of legal approaches will thus be decided in the near future. States should assume a central role if they want to ensure that the existing power vacuum is not exploited in a way that would upset their ability to achieve their strategic and political goals.

View PDFchevron_right
Deterrence and Norms to Foster Stability in Cyberspace
Mariarosaria Taddeo

Deterrence in cyberspace is possible. But it requires an effort to develop a new domain-specific, conceptual, normative, and strategic framework. To be successful, cyber deterrence needs to shift from threatening to prevailing. I argue that by itself, deterrence is insufficient to ensure stability of cyberspace. An international regime of norms regulating state behaviour in cyberspace is necessary to complement cyber deterrence strategies and foster stability. Enforcing this regime requires an authority able to ensure States compliance with the norms at an international level, run investigations into suspected State-run (or Statesponsored) cyber operations to define attribution, expose breaches of the norms, and impose adequate sanctions and punishments. These requirements define a political mandate for an authority that will have a deep impact on international relations and geo-political equilibriums. The UN Security Council has the necessary resources and the political and coercive power to meet these requirements. The time has come to embrace this power to consolidate and enforce an international regime of norms to regulate state behaviour in cyberspace. Problems, mistakes, and even failures are to be expected, but they must not hinder the process.

View PDFchevron_right
Cyber norms: technical extensions and technological challenges
Alexandra Kulikova

Journal of Cyber Policy, 2022

Since the late 1990s, the UN has been home to debates and negotiations on the rules, norms and principles of states' responsible behaviour in cyberspace. As these discussions matured over years, they have been taken further to different fora and have been embedded in various stakeholder initiatives. In early 2021, the Open-Ended Working Group on Developments in the Field of ICTs in the context of international security (OEWG) and the UN Group of Governmental Experts on advancing responsible state behaviour in cyberspace in the context of international security (GGE) presented their respective consensus reports, the result of over two years work. It is not only the content of this work per se that is of interest - both in what has been achieved and which parts of these mandates were less successful. These processes, historically due to the two-decades-long GGE efforts, are shaping more than just the states' commitments around cyber strategies. They help build an overarching normative environment shifting priorities in cyber risk management and contribute to the development of voluntary tech-norms, while doing this out of sync with the implications of the emerging technologies for state as well as non-state actors' accountability in cyberspace. https://www.tandfonline.com/doi/full/10.1080/23738871.2021.2020316

View PDFchevron_right
Norms of Responsible State Behaviour in Cyberspace
George Lucas

The International Library of Ethics, Law and Technology, 2020

Cyberspace has witnessed a 'militarisation' as a growing number of states engage in a variety of cyber operations directed against foreign entities. The rate of this militarisation has outstripped the diplomatic efforts undertaken to provide this unique environment with some 'rules of the road'. The primary mechanism for discussing possible norms of responsible state behaviour has been a series of UN Groups of Governmental Experts, which have produced three consensus reports over the last decade. The 2015 report recommended a series of principles and confidence-building measures to prevent conf1lict, but prospects for its implementation have receded as differences amongst states persist over how security concepts should be applied to cyberspace. Renewed efforts to promote responsible state behaviour will require greater engagement on the part of the private sector and civil society, both of which have a huge stake in sustaining cyber peace.

View PDFchevron_right
Development of international norms and confidence building measures in cyberspace
Teofan Axinte

2019

Development of international norms and confidence building measures in cyberspace.Cyber operations can be described as operatives that run through a computer using a data system. These operations may have different purposes, to infiltrate a system, to collect, export, destroy, exchange information. There are numerous targets in real life that can be destroyed by these cyber attacks, infrastructure, industry, telecommunications or financial system can be hamped by these operations.The word "cyber" has managed to attract people's attention more and more in recent years. If we put the word "cyber" in front of any other term, we will be able to accomplish a new term for a new millennium. In the media and in public speeches more and more often appear as cyber attack, cyber warfare, cyber security and cyber crimes, these words lead to a new speech, debates and new analyses. Cyberspace is a complex area that requires a new expertise and a creative approach that can provide solutions to existing problems. Cyberspace influences more and more existential areas such as national security, international relations, political and legal field.Cyber activities and cyberspace are quite difficult to understand due to the complexity of the informational system and computer networks. The law plays an important role in many moments defining certain key concepts, cataloding certain behaviors, regulating the activities and obligations of the authorities or different actors. Decision makers and actors will try to avoid most of the time the specific warnings provided by law.In cyberspace, nothing is predictable, being a far too complex field in which the balance of power between states is balanced, and non-State actors play an increasing role. Cyberspace empowers the weak ones and leaves the technically advanced states particularly vulnerable. Moreover, due to specific characteristics of the internet, traditional Confidence Building Measures reffering to specific weapons, to geographic areas or to any kind of verification and control are not feasible. We also can assume that the development of CBMs for cyberspace is a very difficult task to complete because states do not have the monopoly or control over production and import of malicious sofware.

View PDFchevron_right

Related topics

  • International Law
  • Human Rights
  • Political Science
    • 580 California St., Suite 400
    San Francisco, CA, 94104
    © 2025 Academia. All rights reserved