By Elizabeth Dominic
Cyber space has become a focal point of international relations. With most global powers having realized that cyber security is integral to their national security, cyber issues have found their place in foreign policy, resulting in the emergence of cyber diplomacy.
Cyber diplomacy is the use of traditional diplomatic tools including negotiations, formation of alliances, treaties, and agreements to resolve issues that arise in cyber space. The United Nations Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security (UN GGE) is one of the most high profile cyber diplomacy exercises at the global level. The UN GGE was formed subsequent to the adoption of digital security as an UN agenda, to examine threats emanating from cyberspace and to develop appropriate cooperative measures to address them. Several multilateral organizations such as NATO, ASEAN, BRICS, to name a few, are also increasingly serving as platforms for cyber diplomacy. The post will briefly explore the role of cyber diplomacy in enabling cybersecurity by analyzing the relevance of a few major cyber diplomacy efforts in developing a sustainable and stable cyberspace.
The Role of Cyber Diplomacy
Society’s increasing reliance on internet and digital technologies is accompanied with security challenges in the form of various malicious activities including hacking, espionage, cyber attacks, and cyber war. These challenges arise from a domain that lacks a formal, institutionalized regime to regulate and oversee the conduct of the actors. Unless there is a global consensus on regulating cyberspace, the potential to wreak havoc remains unbridled. Considering the transnational nature of cyberspace, a secure cyber environment can be established only through global engagement, dialogue, and cooperation, making cyber diplomacy the only possible means to achieve this goal. Diplomatic efforts to stabilize cyberspace have primarily focused on three areas: establishment of cyber norms, confidence building measures (CBMs), and capacity building.
Norms in Cyberspace
The increasing exploitation of cyberspace by states for political and military objectives mandates the need for norms that would lay down what states can and cannot do online. Cyber norms are voluntary guidelines adopted by the states that would promote stability in cyberspace. Establishing these norms would help in developing a shared understanding among states on how to work together in matters of mutual concern. Also, continued observation of these norms created through practice or formal agreements will help them gain legitimacy amongst other states gradually resulting in their evolution into international law. The norm suggesting that cyber enabled theft of intellectual property for commercial gain is unacceptable developed as a result of a US-China bilateral agreement, and is an example of a successful norm that has gradually gained recognition amongst other states and the G20.
Norms are non-binding guidelines for the conduct of relevant actors, with an element of good faith commitment and limited consequences in the event of non-compliance. Treaties, on the other hand, are binding agreements that are readily enforceable. Although norms seem weaker than treaties, they can have a powerful impact. When nuclear weapons were developed, they were simply considered a more powerful form of traditional weapons until norms against their use developed, making their use unthinkable in ordinary circumstances. Creating norms could, over time, help in establishing benchmarks for acceptable behavior in cyber domain.
Challenges to Norm Creation
Developing cybersecurity norms is extremely challenging due to the unique nature of cyberspace, diverse interests of the parties, and the broad scope of issues involved. The use of contrasting terms – cyber security and information security – by the US and its allies and the Sino-Russian bloc respectively indicates the difference in what is perceived as a threat by the groups. While the former focuses on the protection of data and hardware from unauthorized access, the latter focuses on the content of the information, which goes against the idea of Open Internet advocated by the former. Unless these radically incompatible perceptions on the very concept of security in cyberspace are reconciled, the process of norm creation is likely to be stalled.
Confidence Building Measures in Cyberspace
While norms help in establishing acceptable behavior in cyberspace, the difficulty in forming cyber norms calls for an alternative means to diffuse distrust and misunderstandings among states. CBMs have emerged as the solution. CBMs are measures adopted at regional and global levels that enhance transparency and facilitate exchange of information, which would help states to assess each other’s activities and understand their intentions and thereby reduce the risk of a cyber war. For instance, the practice of transparency enables states to distinguish between defensive and offensive cyber investments by enhancing situational awareness and building common understanding.
Furthermore, CBMs are instrumental in ensuring effective compliance with norms. The norm according to which states should not knowingly allow their territories to be used for unlawful acts using information and communication technologies (ICTs) requires states to employ all their instruments to ensure this. However proving such knowledge is difficult. In such instances, information exchange and cooperation during investigations helps in determining compliance. Such CBMs also aid states in implementing the norm by enhancing capacity. In the absence of CBMs, cyber norms will merely provide an illusion of stability.
Capacity Building in Cyberspace
All states do not stand on an equal footing in terms of their cyber capacities, especially new entrants to the cyber domain. However it is necessary to ensure that all states have at least the baseline capacity that would enable them to participate in the development and implementation of norms and CBMs and to protect their critical information infrastructure. The UN GGE 2015 also recognized the link between compliance with norms and CBMs and capacity building. Cyber diplomacy can help in enhancing the human, institutional, technological and legal capacities of states through formal and informal agreements.
The Way Forward
Development of cyber norms has proven to be difficult. With the breakdown of the UN GGE, the only venue that brought together the Sino-Russian and the Western blocs for norm discussion, prospects for the formation of norms in the near future appear to be slim.
CBMs seem to be the most promising avenue to establish stability in the cyber domain since they do not require the states to agree on a shared set of principles, but instead focus on fostering cooperation despite the differences as states have a shared interest to establish stability. Bilateral engagements amongst states would be the ideal platform to deepen cooperation and establish CBMs. A few of the more successful bilateral agreements between the opposing global powers have resulted in the development of effective CBMs such as real time communication and assistance to compensate for limited trust.
With effective implementation of CBMs, there is hope for gradual development of norms, by establishing trust and eliminating misunderstandings, and thereby a safe and secure cyberspace.
Elizabeth Dominic is a Programme Officer at the Centre for Communication Governance at National Law University Delhi