Academia.eduAcademia.edu

Outline

Title
Abstract
References
All Topics
Political Science
Security Studies

Deterrence and Norms to Foster Stability in Cyberspace

Profile image of Mariarosaria TaddeoMariarosaria Taddeo
https://doi.org/10.1007/S13347-018-0328-0
visibility

description

7 pages

link

1 file

Abstract

Deterrence in cyberspace is possible. But it requires an effort to develop a new domain-specific, conceptual, normative, and strategic framework. To be successful, cyber deterrence needs to shift from threatening to prevailing. I argue that by itself, deterrence is insufficient to ensure stability of cyberspace. An international regime of norms regulating state behaviour in cyberspace is necessary to complement cyber deterrence strategies and foster stability. Enforcing this regime requires an authority able to ensure States compliance with the norms at an international level, run investigations into suspected State-run (or Statesponsored) cyber operations to define attribution, expose breaches of the norms, and impose adequate sanctions and punishments. These requirements define a political mandate for an authority that will have a deep impact on international relations and geo-political equilibriums. The UN Security Council has the necessary resources and the political and coercive power to meet these requirements. The time has come to embrace this power to consolidate and enforce an international regime of norms to regulate state behaviour in cyberspace. Problems, mistakes, and even failures are to be expected, but they must not hinder the process.

Related papers

Securing cyber space: the obligation of States to prevent harmful international cyber operations
Irene Couzigou

International Review of Law, Computers & Technology, 2018

The paper argues that the obligation of States to prevent harmful international activities perpetrated within their territory, or any other area under their exclusive control, applies to activities conducted in cyber space. Thus, a State is bound by an obligation to prevent detrimental cyber conduct committed from its territory or transiting through its territory, or any other area under its exclusive control, when it knows or should have known of the conduct, when the conduct contradicts the rights of another State, and when it may cause or is causing serious harm. Where a State is aware or should have been aware of the misuse of its territorial cyber infrastructure, the State must attempt to prevent or to react to the harmful transboundary operation, applying all reasonable measures. The content of the obligation of due diligence to prevent damaging crossborder cyber activities depends on the economic, financial and human resources of the State. The paper concludes that the obligation to preclude harmful international cyber operations constitutes only a first step in securing information and communication technology and should be sustained and improved by the introduction of a treaty on cyber security.

View PDFchevron_right
Regulating States Cyber-Behaviour: Obstacles for a Consensus
Marcelo Malagutti

Nação e Defesa, 2022

What are the leading obstacles to reaching a consensus on international norms that regulate state-sponsored cyber-offences? This type of operation increases swiftly, whilst issues related to international law go unnoticed, are poorly understood, or are manipulated, clouding the debate on norms of international conduct in cyberspace. This article analyses the main obstacles to regulating such cyber-offences. It argues that the main difficulties concern statecraft and state power promotion, not novelty or innovation speed, ideological or technological issues, as usually claimed. The analysis encompasses the applicability of the current rules of armed conflicts to the cyberspace context, the perspectives and positions regarding multilateral conventions, the option for bilateral or regional agreements and the normalisation of some cyber-activities as means of influencing consuetudinary law. It is shown that some nations advocate for maintaining the status quo that favours them, whilst others insist on the need for specific regulations.

View PDFchevron_right
Legal instability in cyberspace and OSCE’s mitigation role
Adina Ponta

Juridical Tribune, 2021

After the international legal community widely endorsed the application of international law to cyberspace, many open questions remain on the concrete interpretation of existing rights and obligations to the cyber realm. In pursuit of its mandate to promote human rights and conflict prevention, the OSCE can play a major role to support operationalization of international law and application of existing principles to cyberspace. This paper examines some key steps in the aftermath of the creation of norms of behavior, and transparency and confidence-building measures. After a brief analysis of the normcreation process, this piece identifies several pressing cybersecurity challenges on the international landscape, and offers suggestions for consolidating the voluntary non-binding norms States agreed upon. Using lessons learned from other domains, the analysis will focus on mechanisms of building further stability and transparency in cyberspace, in particular by reference to the due dil...

View PDFchevron_right
Enhancing International Cyber Security: A Key Role for Diplomacy
Sico van der Meer

Cyber aggression is an increasing threat to international security and stability. While national policies intended to deter cyber aggression may offer some solution in the short term, their effects in the long term are doubtful. National cyber-deterrence policies entail the risk of an ongoing cyber arms race and a cycle of escalation between potential cyber opponents. Diplomacy may offer fewer results in the short term, but it is more promising in the long term. Confidence-building measures and international norms and values may not be easy to reach, but in the end they could be more effective (and cheaper) than a single focus on national cyber-deterrence strategies. In the long term, cooperation between states to establish confidence and commonly accepted norms of behaviour in cyber space are the most promising ways available to achieve enduring cyber security and stability. Enhancing interstate cooperation , transparency and predictability of behaviour in cyberspace will reduce the risks of misperception, escalation and conflict.

View PDFchevron_right
Caution in the Cyber Domain: Deterrence and Restraint in Cyberspace
Ryan C Maness

There are few more critical questions in the field of cyber security than the issue of how to prevent malicious cyber actions and the utility of deterrence in the cyber domain. For many, deterrence will protect us from an uncertain cyber future. Yet, the proliferation of scholars and academics conceptually stretching an age old or nuclear era concept to the new domain prevents the development of logics that might be more applicable and progressive in this transformative digital age. Put simply, cyber deterrence is logically problematic, empirically unsupported, and impractical to put into practice in cyberspace. The most powerful states in the world, conventionally or in terms of cyber power, are constantly attacked and probed, yet their capabilities do not deter the adversary given the conditions of the cyber framework. Building more powerful systems, making clear the threats and consequences of actions, or extending the threats to conventional actions will not save deterrence and make it work. Instead the concept of restraint offers a more viable perspective by which to understand cyber conflict dynamics and perhaps offers a better way to manage future interactions. This article explores the evolution of the concept, its application to the cyber domain, the problems with its implementation and logic, and the policy implications of our inability to move beyond the concept. By giving up the crutch of deterrence, strategists can finally focus on the important tasks required in the cyber domain-defenses, hygiene, understanding restraint dynamics, and shared norms and institutions that might make a cyber future a safe one. A clear intellectual debt is owed to

View PDFchevron_right
Deterrence by Norms to Stop Interstate Cyber Attacks
Mariarosaria Taddeo

2017

View PDFchevron_right
Governing Cyberspace: Behavior, Power and Diplomacy
Bibi van den Berg

2020

Cyber norms and other ways to regulate responsible state behavior in cyberspace is a fast-moving political and diplomatic field. The academic study of these processes is varied and interdisciplinary, but much of the literature has been organized according to discipline. Seeking to cross disciplinary boundaries, this timely book brings together researchers in fields ranging from international law, international relations, and political science to business studies and philosophy to explore the theme of responsible state behavior in cyberspace. . Divided into three parts, Governing Cyberspace first looks at current debates in and about international law and diplomacy in cyberspace. How does international law regulate state behaviour and what are its limits? How do cyber superpowers like China and Russia shape their foreign policy in relation to cyberspace? The second focuses on power and governance. What is the role for international organisations like NATO or for substate actors like ...

View PDFchevron_right
K Mačák, ‘From Cyber Norms to Cyber Rules: Re-engaging States as Law-makers’, (2017) 30 Leiden Journal of International Law __ (forthcoming)
Kubo Macak

Several indicators point to a crisis at the heart of the emerging area of international cyber security law. First, proposals of internationally binding treaties by the leading stakeholders, including China and Russia, have been met with little enthusiasm by other states, and are generally seen as having limited prospects of success. Second, states are extremely reluctant to commit themselves to specific interpretations of controversial legal questions and thus to express their cyber opinio juris. Third, instead of interpreting or developing rules, state representatives seek refuge in the more ambiguous term 'norms'. This article argues that the reluctance of states to engage themselves in international law-making has generated a power vacuum, lending credence to claims that international law fails in addressing modern challenges posed by the rapid technological development. In response, several non-state-driven norm-making initiatives have sought to fill the void, including Microsoft's cyber norms proposals and the Tallinn Manual project. The article then contends that this emerging body of non-binding norms presents states with a critical window of opportunity to reclaim a central law-making position, similarly to historical precedents including the development of legal regimes for Antarctica and nuclear safety. Whether the supposed crisis will lead to the demise of interstate cyberspace governance or to a recalibration of legal approaches will thus be decided in the near future. States should assume a central role if they want to ensure that the existing power vacuum is not exploited in a way that would upset their ability to achieve their strategic and political goals.

View PDFchevron_right
A New Cybersecurity Diplomacy: Are States Losing Ground in Norm-making?
Stadnik Ilona

2018

The current state of affairs can be described as an intermediate phase in cybersecurity diplomacy: states have made considerable efforts to develop international cyber law, but it was proved impossible to agree on legally binding rules. The most likely scenario for now is that states will closely follow the initiatives of non-state actors and eventually include the most appropriate norms into intergovernmental discussions. At the moment, groups of like-minded states are diametrically opposed in their vision of cybersecurity and are not ready to give up their relative freedom of action in cyberspace for the sake of universal security and stability. In the absence of common rules of conduct, businesses are left to follow their own defined standards and rules of cybersecurity to reduce the costs of cyberattacks to a certain extent

View PDFchevron_right
The Limits of Deterrence in the Cyber World - An Analysis of Deterrence by Punishment
Alexander Ghionis

Cyber-deterrence has become a fashionable concept, and there has been a wealth of literature and polemic produced which seeks to simplify it, sell it as an applicable theory and fight for its insertion into national security strategies; most zealously in the United States. It is a grafting of the theory of nuclear deterrence which underpinned and ‘stabilised’ the Cold War. In the modern era of ‘new security challenges’, especially those threats posed through the cyber-domain (cyber-espionage, cyber-warfare, cyber-attacks, computer network exploits/ attacks, hacking and cyber-vandalism, theft of industrial/ state secrets, and so on) deterrence has enjoyed a renaissance. The argument is that deterrence by punishment as a theory worked under the auspices of the Cold War - when applied to cyber-warfare and the cyber-realm it becomes unfeasible, and in practice its ability to navigate and function within the virtual terrain is restricted. Its linearity and determinism mean that the underpinning assumptions of state-centrism, US/ Western state forms of rationality, and the omniscience implicit in ‘knowing your enemy’ do not, in the cyber-realm, fit (through the plurality of actors, range of targets and space for irrational actions or vandalism or folly) and therefore, centrally, the foundations which allow the theory to operate in reality cannot gain traction or make headway. As such, the theory is stranded.

View PDFchevron_right

References (28)

  1. Brodie, B. (1978). The development of nuclear strategy. International Security, 2(4), 65-68.
  2. Chadwick, A., & Howard, P. N. (Eds.). (2009). Routledge Handbook of Internet Politics. Routledge hand- books. London: Routledge.
  3. Crosston, M. (2011). World gone cyber MAD: How 'mutually assured debilitation' is the best hope for cyber deterrence. Strategic Studies Quarterly, 50(1), 100-116.
  4. Eilstrup-Sangiovanni, M. (2017). Why the world needs an international cyberwar convention. Philosophy & Technology. https://doi.org/10.1007/s13347-017-0271-5.
  5. Finlay, C. J. (2018). Just war, cyber war, and the concept of violence. Philosophy & Technology. https://doi. org/10.1007/s13347-017-0299-6.
  6. Floridi, L. (2016). Mature information societies-a matter of expectations. Philosophy & Technology, 29(1), 1-4. https://doi.org/10.1007/s13347-016-0214-6.
  7. Floridi, L., & Taddeo, M. (Eds.). (2014). The ethics of information warfare, Law, governance and technology series, volume (Vol. 14). Heidelberg: Springer.
  8. Freedberg, S. (2014). NATO Hews To Strategic Ambiguity On Cyber Deterrence. 2014.
  9. Harknett, R. J., & Goldman, E. O. (2016). The search for cyber fundamental. Journal of Information Warfare, 15(2), 81-88.
  10. Kugler, R. (2009). Deterrence of cyber attacks. In F. Kramer, S. Starr, & L. Wentz (Eds.), Cyberpower and national security (pp. 309-342). Washington, D.C.: National Defense University.
  11. Lan, T., Xin, Z., Raduege Jr., H., Grigoriev, D., Duggal, P., & Schjølberg, S. (2010). Global Cyber Deterrence Views from China, the U.S., Russia, India, and Norway. EastWest Institute.
  12. Lawson, E. (2017). Deterrence in cyberspace: a silver bullet or a sacred cow? Philosophy & Technology. https://doi.org/10.1007/s13347-017-0267-1.
  13. Libicki, M. (2009). Cyberdeterrence and cyberwar. The RAND Corporation.
  14. Lonsdale, D. J. (2017). Warfighting for cyber deterrence: a strategic and moral imperative. Philosophy & Technology. https://doi.org/10.1007/s13347-017-0252-8.
  15. Nye, J. S. (2011). Nuclear lessons for cyber security? Strategic Studies Quarterly, 5(4), 11-38.
  16. Owens, W. A., Dam, K. W., Lin, H., & National Research Council (U.S.), National Research Council (U.S.), and National Research Council (U.S.) (Eds.). (2009). Technology, policy, law, and ethics regarding U.S. acquisition and use of cyberattack capabilities. Washington, DC: National Academies Press.
  17. M. Taddeo
  18. Powell, R. (2008). Nuclear deterrence theory: the search for credibility. Digitally version. Paperback Re-Issue. Cambridge: Cambridge University Press.
  19. Ryan, N. J. (2017). Five kinds of deterrence. Philosophy & Technology. https://doi.org/10.1007/s13347- 016-0251-1.
  20. Taddeo, M. (2012). Information warfare: a philosophical perspective. Philosophy and Technology, 25(1), 105-120.
  21. Taddeo, M. (2014). Just information warfare (pp. 1-12). April: Topoi. https://doi.org/10.1007/s11245-014-9245-8.
  22. Taddeo, M. (2016). On the risks of relying on analogies to understand cyber conflicts. Minds and Machines, 26(4), 317-321. https://doi.org/10.1007/s11023-016-9408-z.
  23. Taddeo, M. (2017a). Deterrence by norms to stop interstate cyber attacks. Minds and Machines. https://doi. org/10.1007/s11023-017-9446-1.
  24. Taddeo, M. (2017b). The limits of deterrence theory in cyberspace. Philosophy & Technology. https://doi. org/10.1007/s13347-017-0290-2.
  25. Taddeo, M. (2018). How to deter in cyberspace. The European Centre of Excellence for Countering Hybrid Threats, 2018(6), 1-10.
  26. Taddeo, M., & Floridi, L. (2018). Regulate artificial intelligence to avert cyber arms race. Nature, 556(7701), 296-298. https://doi.org/10.1038/d41586-018-04602-6.
  27. UN Institute for Disarmament Research. (2014). Cyber stability seminar 2014: preventing cyber conflict.
  28. Yang, G.-Z., Bellingham, J., Dupont, P. E., Fischer, P., Floridi, L., Full, R., Jacobstein, N., et al. (2018). The Grand Challenges of Science Robotics. Science Robotics, 3(14), eaar7650. https://doi.org/10.1126 /scirobotics.aar7650.

Related papers

A Cyberwar of Ideas? Deterrence and Norms in Cyberspace
Tim Stevens

This article relates US efforts to develop strategic ‘cyber deterrence’ as a means to deter adversarial actions in and through global cyberspace. Thus far, interests-based cyber deterrence theory has failed to translate into effective US policy and strategy, due to a divergence between the operational idiosyncrasies of cyberspace and an over-reliance on Cold War models of deterrence. Even whilst explicit cyber deterrence strategy falters, the US is pursuing a norms-based approach to cyber strategy generally, and hopes to derive deterrent effects from its attempts to broker international agreements pertaining to the ‘rules of the road’ for the proper and productive use of cyberspace. The US is not the only norm entrepreneur in this policy space, however, and this article examines how a range of other state and non-state actors are complicating efforts to develop normative regimes that might reduce risks to and from cyberspace. The article concludes that a norms-based approach to cyber deterrence might engender deterrent effects at the state level but is unlikely to do so in the case of ‘rogue’ states and many non-state actors. States will continue, therefore, to develop punitive deterrence capabilities to respond to these actors.

View PDFchevron_right
Norms and Strategies for Stability in Cyberspace
Mariarosaria Taddeo

The Global Race for Technological Superiority: Discover the Security Implications, ISPI, 2020

Cyber attacks are escalating in frequency, impact, and sophistication. For this reason, it is crucial to identify and define regulations for state behaviour and strategies to deploy countering measures that would avoid escalation and disproportionate use of cyber means, while protecting and fostering the stability of our societies. To this end, strategies to deter cyber attacks and norms regulating state behaviour in cyberspace are both necessary; unfortunately neither is available at the moment. In this chapter, I offer a theory of cyber deterrence and a set of policy recommendations to fill this vacuum.

View PDFchevron_right
Norms of Responsible State Behaviour in Cyberspace
George Lucas

The International Library of Ethics, Law and Technology, 2020

Cyberspace has witnessed a 'militarisation' as a growing number of states engage in a variety of cyber operations directed against foreign entities. The rate of this militarisation has outstripped the diplomatic efforts undertaken to provide this unique environment with some 'rules of the road'. The primary mechanism for discussing possible norms of responsible state behaviour has been a series of UN Groups of Governmental Experts, which have produced three consensus reports over the last decade. The 2015 report recommended a series of principles and confidence-building measures to prevent conf1lict, but prospects for its implementation have receded as differences amongst states persist over how security concepts should be applied to cyberspace. Renewed efforts to promote responsible state behaviour will require greater engagement on the part of the private sector and civil society, both of which have a huge stake in sustaining cyber peace.

View PDFchevron_right
Defence, deterrence, and diplomacy: Foreign policy instruments to increase future cyber security
Sico van der Meer

Cherian Samuel & Munish Sharma (eds.), Securing cyberspace. International and Asian perspectives (Pentagon Press, New Delhi 2016) pp. 95-105., 2016

Predicting the future is hardly possible, but stating that cyber aggression – be it espionage, sabotage or even warfare – will be a continuing threat to international security and stability in the coming years seems a safe forecast. This chapter deals with the question of how states can cope with this forecast from a foreign policy perspective, focussing on cyber aggression conducted or sponsored by state actors. Defence and deterrence, which could be labelled passive deterrence and active deterrence as well, are probably the most ‘obvious’ counter-measures to international cyber aggression that a state could implement. This chapter especially analyses why defence and deterrence look like promising policies, but in practice face some difficulties in the cyber realm. Diplomatic efforts to create Confidence Building Measures (CBMs) and international accepted norms regarding cyberthreats could be more effective in actively addressing the core problems of international cyber aggression, but are little successful so far. The chapter argues that such multilateral diplomatic efforts are crucial for long-term cybersecurity and stability. Instead of an on-going ‘cyber arms race’, efforts could better be focussed on building mutual confidence and respect as well.

View PDFchevron_right
Deterrence is Not a Credible Strategy for Cyberspace
Michael Fischerkeller

Orbis, 2017

View PDFchevron_right

Related topics

  • International Relations
  • Strategic Studies
  • Computer Ethics
  • Cyber Conflict
  • Cyber Warfare
  • Philosophy of information
  • Cyber security / cyber warfare

    • Cited by

    Cybersecurity of Critical Infrastructure
    Eleonora Viganò

    The International Library of Ethics, Law and Technology, 2020

    This chapter provides a political and philosophical analysis of the values at stake in ensuring cybersecurity for critical infrastructures. It presents a review of the boundaries of cybersecurity in national security, with a focus on the ethics of surveillance for protecting critical infrastructures and the use of AI. A bibliographic analysis of the literature is applied until 2016 to identify and discuss the cybersecurity value conflicts and ethical issues in national security. This is integrated with an analysis of the most recent literature on cyber-threats to national infrastructure and the role of AI. This chapter demonstrates that the increased connectedness of digital and non-digital infrastructure enhances the trade-offs between values identified in the literature of the past years, and supports this thesis with the analysis of four case studies.

    View PDFchevron_right
    580 California St., Suite 400
    San Francisco, CA, 94104
    © 2025 Academia. All rights reserved