The international community is too often focused on responding to the latest cyber-attack instead of addressing the reality of pervasive and persistent cyber conflict. From ransomware against the city government of Baltimore to state-sponsored campaigns targeting electrical grids in Ukraine and the U.S., we seem to have relatively little bandwidth left over to ask what we can hope for in terms of 'peace' on the Internet, and how to get there. It's also important to identify the long-term implications for such pervasive cyber insecurity across the public and private sectors, and how they can be curtailed. This edited volume analyzes the history and evolution of cyber peace and reviews recent international efforts aimed at promoting it, providing recommendations for students, practitioners and policymakers seeking an understanding of the complexity of international law and international relations involved in cyber peace.
Author(s): Scott J. Shackelford, Frédérick Douzet, Christopher Ankersen
Edition: 1
Publisher: Cambridge University Press
Year: 2022
Language: English
Commentary: TruePDF
Pages: 288
Tags: Cyberterrorism: Prevention; Cyberspace: Government Policy; Law: International
Cover
Half-title page
Title page
Copyright page
Dedication
Contents
List of Contributors
Acknowledgments
Introduction
Outline of the Book
Part I Beyond Stability, toward Cyber Peace: Key Concepts, Visions, and Models of Cyber Peace
1 Cyber Peace: Is That a Thing?
1 Introduction
2 Contending Definitions
3 The Condition of Cyber Peace
4 Cyber Peace as Practices
5 Cyber Peace as Both Conditions and Practices
6 Honing the Concept of Cyber Peace
6.1 Unpacking the “Cyber” Element
6.2 Unpacking the “Peace” Element
7 Boundaries
8 Metaphors
9 A Final Thought
References
2 Domestic Digital Repression and Cyber Peace
Introduction
1 Repression and Digital Repression
2 The Impact of ICTs on State Repression
2.1 Threat Identification
2.2 Tactical Expertise
2.3 Responsive Repressive Agents
2.4 Infrastructure of Repression
3 New Thoughts on Digital State Repression and Cyber Peace
References
Part II Modalities: How Might Cyber Peace Be Achieved? What Practices and Processes Might Need to Be Followed in Order to Make It a Reality?
3 Information Sharing as a Critical Best Practice for the Sustainability of Cyber Peace
1 Introduction: Framing the Relationship between Information Sharing and Cyber Peace
2 How Information Sharing Works: Selected Operational Aspects of IS Platforms for “Best Practice” Mitigation of Cyber Risk
2.1 Defining Information Sharing
2.2 The DHS Cyber Information Sharing and Collaboration Program
2.3 Financial Services Information and Analysis Center (FS-ISAC)
2.4 Operationalizing IS as a Standardized Best Practice for Cybersecurity
3 Mitigation of Cyber Threats and Events through Information Sharing: Discussion
4 Characterizing the Relationship between Cyber Peace and Information Sharing: A Best Practice and Confidence-Building Measure that Leverages Polycentricity
4.1 Information Sharing as a Best Practice in Support of Cyber Peace
4.2 Beyond Best Practice: The Value of Information Sharing as a CBM
4.3 Leveraging Polycentricity for Effective IS
5 Summary and Conclusions
References
4 De-escalation Pathways and Disruptive Technology: Cyber Operations as Off-Ramps to War
1 Introduction
2 Toward Cyber Peace and Stability
3 When Do Crises Escalate?
4 The Logic of Cyber Off-Ramps
5 Hope amongst Fear: Initial Evidence
5.1 Research Design
5.2 Wargames as Experiments
6 Case Study Probe: The United States and Iran
6.1 Origins
6.2 Cyber and Covert Operations
6.3 The Summer 2019 Crisis
6.4 Assessing the Case
7 Conclusion: The Promise and Limit of Cyber Off-Ramps
References
5 Cyber Peace and Intrastate Armed Conflicts: Toward Cyber Peacebuilding?
1 Introduction
2 Toward a Comprehensive Cyber Peacebuilding Approach
3 The Four Pillars of Cyber Peacebuilding
3.1 Human Rights, a Call of Action to Update the Social Contract
3.2 Multistakeholder Cyber Peacebuilding
3.3 Redefining Stability in Cyberspace
3.4 Inclusion and Human-Centered Cybersecurity
4 Conclusions and Policy Implications
References
6 Artificial Intelligence in Cyber Peace
1 Introduction
2 Background and Characterization of AI
2.1 Information Security Overview
2.2 Defensive Information Security Measures
2.3 Offensive Information Security Measures
2.4 Information Security Linkage to Artificial Intelligence
3 Path toward AGI and Implications for Cyber Singularity
4 Shared Governance of a Global Service AI Corps
References
Part III Lessons Learned and Looking Ahead
7 Contributing to Cyber Peace by Maximizing the Potential for Deterrence: Criminalization of Cyberattacks under the International Criminal Court’s Rome Statute
1 Introduction
2 Background
3 Maximizing the Potential for Cyber Peace through Deterrence
4 Overarching Considerations as to ICC Prosecutions
5 The ICC’s Gravity Threshold
6 Proving Attribution through Admissible Evidence that Establishes Proof Beyond a Reasonable Doubt
7 The Rome Statute’s Substantive Crimes
8 Cyberattacks as War Crimes under the Rome Statute
9 Cyberattacks as Crimes Against Humanity under the Rome Statute
10 Cyberattacks as Genocide under the Rome Statute
11 Cyberattacks as the Crime of Aggression under the Rome Statute
12 Conclusion
References
8 Trust but Verify: Diverse Verifiers Are a Prerequisite to Cyber Peace
1 The Need for Verifiers in Cyberspace
2 Building Off of the Aviation Model
3 Background: Historical Incident Investigations
4 Investigating Domestic Incidents: The Need for a National Cybersecurity Board
4.1 Why Do We Not Already Have a Cyber NTSB?
4.2 Getting to a Cyber NTSB
4.3 What Could a Cyber NTSB Do for Peace?
5 A System for Reporting Near Misses
5.1 ASIAS: Telemetry Analysis
5.2 ASRS: Near Miss Reporting
5.3 Cyber Near Misses and What We Might Learn
5.4 The Contribution of a CSRS to Cyber Peace
6 An International Mechanism to Investigate and Attribute Cyber Incidents
Conclusion
Bibliography
9 Building Cyber Peace While Preparing for Cyber War
1 The Short History of Cyber Peace Building
1.1 How Cyberspace Became an International Security Issue in Multilateral Negotiations
1.2 A Multistakeholder Push to Reign in State Behavior
2 The Creation of Two Competing Processes at the UN: The Open-Ended Working Group and the Sixth Group of Governmental Experts
2.1 A Context of Heightened Strategic Competition
2.2 Overlapping Mandates and Subtle Differences
3 Bumpy Road to Cyber Peace
3.1 New Path(s) for Cyber Stability?
3.2 The Contest for Normative Influence
Conclusion
Part IV Reflections and Research Notes
10 Imagining Cyber Peace: An Interview with a Cyber Peace Pioneer
11 Overcoming Barriers to Empirical Cyber Research
1 Introduction
2 Barriers to Empirical Cyber Research
2.1 Cyber Decisions and Outcomes Are Difficult to Observe
2.2 Empirical Cyber Research Projects Frequently Require Expertise from Multiple Domains
2.3 Research May Only Be Possible in a Narrow Range of Contexts
3 Overcoming Barriers
3.1 Incentivize Interdisciplinary Research Teams
3.2 Partnerships Are Key
3.3 Publish Cyber-Related Data
References
12 Bits and “Peaces”: Solving the Jigsaw to Secure Cyberspace
1 Introduction
2 Defining Cyber Peace
3 Key Challenges on the Road to Cyber Peace
3.1 Access and Security in Cyberspace
4 The Ecosystem of Laws and Norms
5 Achieving Cyber Peace
6 Conclusion
References
13 Cyber Hygiene Can Support Cyber Peace
1 Office of Personnel Management
2 Democratic National Committee
3 “Mustang Panda”
4 WannaCry
5 NotPetya
6 Conclusion
References
14 Crowdsourcing Cyber Peace and Cybersecurity
1 Introduction
2 What Is Crowdsourcing?
3 Crowdsourcing Cybersecurity
4 What Is the CyberPeace Corps?
5 How Can Crowdsourcing Work in Cybersecurity?
6 Crowdsourcing Research
7 Serving Society
8 Creating an Impact
9 Call for Action
References
15 Advanced Persistent Threat Groups Increasingly Destabilize Peace and Security in Cyberspace
1 Introduction
2 Kinds of Attacks
2.1 Espionage
2.2 Critical Infrastructure Attacks
2.3 Interference in the Electoral Processes
2.4 Information System Attacks
2.5 Ransomware Attacks
3 “Cyber Hybrid Warfare”: An Emerging Threat to Cyber Peace
3.1 The Adaptation of International Legal Obligations and Norms to the Cyber Frontier
3.2 The Notion of “Effective Control”
3.3 Responsibility and Accountability v. Protection
Index
