Implications without borders
Along with fast technology developments and the dynamic of geopolitical competition, so does
grow global spending on cybersecurity. The recent global events such as pandemic and Russian
invasion in Ukraine have even more so accelerated the need to secure essential infrastractures
and protect the growing Digital Age and Industry 4.0. Protection of cyberspace is a legitimate
practice, according to legal scholars who argue that “cyber-attacks could fall under the banner of
Article 2.4 of the UN Charter according to which states ‘shall refrain in their international relations
from the threat or use of force against the territorial integrity or political independence of any state, or
in any other manner inconsistent with the Purposes of the United Nations” (European Union Institute
for Security Studies. 2017). And while there have been disagreements on countermeasures, there
is a general agreement on the need to create international norms (European Union Institute for
Security Studies. 2017). Nevertheless, cyberspace presents a complex range of characteristics that
require an equally complex approach. National states, leading technology companies, civil society,
norms and partnerships, these all factors need to be taken into account regarding cybersecurity.
To add on, cyberspace is being created by humans and thus requires both human and technical
measures to address any potential issues. Therefore diplomacy is an asset domain to global
cybersecurity and an essential input into a desirable multistakeholder approach.
An important element of cybersecurity is cooperation, as I will demonstrate below. States made a
choice to partner in cyberspace and establish fractioned coalitions based on shared visions,
benefits and strategies. The practice has proved that authoritarian countries are launching
cyberattacks against the world’s democracies, hence the importance for democratic governments
to work together – sharing information and best practices, and coordinating not just cybersecurity
protection but also defensive measures and responses. International cooperation will involve
measures to secure national interests. Currently, there is however a lack of understanding
observed regarding the national positions on cybersecurity and international law. Not much is
known about the positions of countries (UN OEWG In 2022 – DW Observatory n.d.). The portfolio of a cyber diplomat has therefore a broad agenda and should not be underestimated.
Partnerships to protect
Building cyber capacities is often both a push and a benefit from cooperation, gaining global
prosperity in the digital environment through an investment, along with being a countermeasure
to regular cyber attacks. The USA, China and Australia are familiar with such international practice,
which for the EU in particular became one of its top priorities (Tikk and Kerttunen 2020). Israel
extends its reach and scale of cyber expertise through partnerships with France, Singapore, the
UAE, the UK and the USA. Having established Unit 8200, a unit specifically dedicated to creative
experimentation, Israel engages the civilian technology sector in those partnerships as well
(Blessing and Austin n.d.).
Japan and Australia defined three main challenges during their 2019 Cyber Policy Dialogue:
emerging great power competition, transnational cyber threats and a lack of progress in global
governance. The two states expressed a shared commitment in advancing cooperation to
maintain multilateral consensus in cyberspace (Manantan, 2021). In 2019, Indonesia engaged in
ASEAN-Japan Cyber Online Exercise program. The program demonstrates a collaboration
between the states pursuing incident handling, capacity building, information sharing, building
information security awareness and building information security of each ASEAN member country
and Japan (Manantan, 2021). Through cyber diplomacy, Australia has brokered a series of bilateral
partnerships based on cyber Memoranda of Understanding, resulting in agreements with India
(2020), Indonesia (2018), Papua New Guinea (2018), Singapore (2020), and Thailand (2019), all of
which include capacity-building and information-sharing elements (EU Cyber Direct n.d.).
African Union (AU) Convention on Cyber Security and Personal Data was adopted in 2014 by the
23rd Assembly of Heads of State and Government. Since 2017, AU Commission has been tasked to organize a yearly conference in order to raise continental cybersecurity awareness and to provide necessary support to AU Member States to develop national cybersecurity frameworks including cyber strategies, adequate cyber legislations and incident response mechanisms (AUC, 2017). In 2018, the AU leaders agreed to work collaboratively on cyber realms among the AU member states, having preceded several regional workshops in collaboration with the US Department of State (EU Cyber Direct n.d.).
Indeed information sharing among allies and regional partners is a key tool in monitoring malign
actors. Note that while the developed countries proceed with cybersecurity developments and
measures relatively fast, developing countries in Sub-Saharan Africa are becoming a target of
both state and non-state hybrid threats and lack not only capabilities to protect their environment, but also early warning through information sharing. Indeed different are the levels of national cyber efforts even within a single region. See an example of Singapore being in top 20 in Global Security Index 2017 versus Vietnam being ranked 101st out of 195 (International
Telecommunication Union, 2017). Should global partnerships and conventions continue to grow
and perhaps present a way of investments in the future cyber stability, an insight into national
positions, efforts and even norms enforcements may need to be fostered through cyber
diplomats, who ensure open channels of communications.
Multishakeholder engagement
It appears as though the slowly-forming cyber coalition of democracies approaches cyberspace
as a common space (Ghernaouti-Hélie, 2010), which requires appropriate coordination,
cooperation and legal measures among all nations to function in a smooth way like other
domains. The consequences of global order and influence directly penetrate into the borderless
cyberspace, which is why IT experts and engineers alone will not ensure cyber stability. A
navigation through political, law and forensic aspects is necessary, as collective actions are
brought up to cyberspace. The cyber diplomat’s portfolio includes an outreach to non-state
actors, specifically tech companies, who have hands-on and often the first experience with new
cyber attacks and technological developments. Based on lessons learned, a collective knowledge
may not prevent a shock, but may prevent a surprise. Strategic intelligence and the need to share
can foster a strong web to counter unexpected cyber events in a multistakeholder manner. Given
the quickly evolving nature of the matter, flexibility and agility is a key behavior needed, that the
cyber diplomat alone may foster easier than a whole institution would.
Despite still facing several challenges on common understanding of norms, law or sovereignty,
perhaps the United Nations (UN) First Committee Open-ended Working Group (OEWG) 2021-2025, created to shape cyber diplomacy, will bring fruitful outcomes. A proposal initiated by France and Egypt The Programme of Action (PoA), supported by EU member states amongst others, represents an opportunity to put forward an alternative approach to state behavior in cyberspace based on multi-stakeholderism, capacity-building, and democratic norms. The PoA also mentions the intent to prioritize engagement with all stakeholders, including civil society, NGOs, regional organizations, private companies, and representatives of other U.N. processes. The opportunity for a diplomatic role here appears to be essential. Successfully executed cyber diplomacy will lead to shaping the global governance in order to prevent, minimize or penalize cyberattacks (EU Cyber Diplomacy 101, 2021).
Author: Aneta Jarmoliková
Bibliography:
European Union Institute for Security Studies., The EU Cyber Diplomacy Toolbox: Towards a Cyber
Sanctions Regime? (LU: Publications Office, 2017), https://data.europa.eu/doi/10.2815/399444.
“UN OEWG In 2022 – DW Observatory,” accessed March 22, 2022,
https://dig.watch/processes/un-gge.
Tikk and Kerttunen, Routledge Handbook of International Cybersecurity.
Jason Blessing and Greg Austin, “Assessing Military Cyber Maturity: Strategy, Institutions
and Capability,” n.d., 50.
Mark Bryan F. Manantan, “Advancing Cyber Diplomacy in the Asia Pacific: Japan and Australia,”
Australian Journal of International Affairs 75, no. 4 (07/2021): 432–59,
https://doi.org/10.1080/10357718.2021.1926423.
“EU Cyber Direct,” Horizon, accessed February 27, 2022,
https://eucyberdirect.eu/atlas.
“EU Cyber Diplomacy 101,” Eipa (blog), July 1, 2021,
https://www.eipa.eu/blog/eu-cyber-diplomacy-101/.