In this closing article, last in a set of three, I discuss some international treaties that may or may not apply to Cyber Security.
Again I would like to note that the answers I give are merely my opinion on the matter. This article is comprised of two questions.
Without further ado:
In how far can international codes of conduct in using the digital domain contribute to increase Cyber Security? Can we learn from experiences with existing codes of conduct such as in the area of non-proliferation?
Fading national borders and defacto international routing of data traffic are a property of cyberspace we can’t escape.
This makes international relations and codes of conduct essential, especially when considering fighting cyber crime. This calls for Law Enforcement Agencies and Justice departments of multiple countries to work together to stop criminal enterprises in their tracks.
International cooperation amongst law enforcement agencies in taking down cyber crime rings has been taking place for several years now, and although not nearly as successful as we'd hope, they did have some successes. For an excellent read on this subject, I recommend Joseph Menn's Fatal System Error.
As for Cyber Warfare and Cyber Conflict, there are various internationally accepted legal frameworks and cooperative initiatives that can provide some help with increasing security in Cyberspace. Consider the Law of Armed Conflict or the Universal Human Rights, both of which have received wide adoption and have led (and still lead) to increased cooperation among nation states. Connecting to existing initiatives in this area is therefore highly recommended.
Although Non-Proliferation has a similarly high adoption rate, using this as an example may very well give off the wrong idea because of the emotional 'weight' associated with nuclear weapons. Cyber weapons are not currently anywhere near the immediate physical threat that nuclear weapons pose, nor is it feasible to attempt to restrict development or trade of cyber weapons.
Cyber weapons consist of computer code and knowledge of the target system or application. Anyone with enough knowledge can create one, and all it takes is a computer. Connect that system to the internet and proliferation is both virtually immediate and unstoppable.
How can NATO and the EU give substance to the principles of Common Defence, Deterrence and the Solidarity clause when considering cyber threats? How can NATO and the EU improve the information exchange with regards to threat analyses?
Existing initiatives within NATO and the EU offer excellent opportunities in this regard. For instance, a better connection to the NATO’s Cooperative Cyber Defence Centre of Excellence (CCDCOE) in Tallinn, Estonia is a very good idea. The CCDCOE was founded and sponsored by a number of nations, but the Netherlands was not one of them.
It is still possible to become a sponsoring nation by signing its Memorandum of Understanding and after looking at its Mission statement revolving around cooperation, I highly recommend our government does so. Aside from this centre, NATO’s own C3 agency has various endeavors with regards to Cyber Security that we here in the Netherlands might be able to get an advantage out of.
All in all, it’s safe to consider that our best bet lies in engaging in cooperation with other culturally similar nations. Most western nations are as connected to the Internet as we are, and they share our understanding of how critical cyberspace is to us and our economies. Together we simply have a much better chance of improving our situation online.
About the author: Don Eijndhoven has a BA in Informatics (System & Network Engineering) with a Minor in Information Security from the Hogeschool van Amsterdam, The Netherlands. Among a long list of professional certifications he obtained are the titles CISSP, Certified Ethical Hacker, MCITPro and MCSE. He has over a decade of professional experience in designing and securing IT infrastructures. He is the CEO of Argent Consulting and often works as a management consultant or Infrastructure/Security architect. In his spare time he is a public speaker, works as a Project Manager for CSFI and acts as its Director of Educational Affairs in the EU region. He also blogs for several tech-focused websites about the state of Cyber Security and is a founding member of Netherlands Cyber Doctrine Institute (NCDI), a Dutch foundation that aims to support the Dutch Ministry of Defense in writing proper Cyber Doctrine.
Cross-posted from ArgentConsulting.nl