The presentation was prepared for the workshop of the Chatham House on 'Making the Connection:
Building Stability in Cyber and Space" (London, 7 May 2013)
3. Conflicting Understanding of Cyberspace:
An Obstacle for Common Norms
USA: Cyberspace
Russia, SCO:
Information Space
A global domain within the information
environment consisting of the interdependent
network of information technology
infrastructures, including the
Internet, telecommunications
networks, computer systems, and embedded
processes and controllers
U.S. Department of Defense (latest
edition 2012)
O.V. Demidov
Program Coordinator
PIR Center
Information space - the sphere of activity
connected with the
formation, creation, conversion, transfer, use, an
d storage of information and which has an effect
on individual and social consciousness, the
information infrastructure, and information itself.
Inf. space
Convention on International
Information Security (concept);
SCO Yekaterinburg Agreement
June 16, 2009
Cyber
Space
Germany: Cyberspace
The virtual space of all IT systems linked at data
level on a global scale. The basis for cyberspace is
the Internet as a universal and publicly accessible
connection and transport network which can be
complemented and further expanded by any
number of additional data networks. IT systems in
an isolated virtual space are not part of
cyberspace.
Cyber Security Strategy
for Germany, 2011
Russia – U.S. Bilateral on Cybersecurity.
Critical Terminology Foundations. EastWest Institute, 2011
An electronic domain through which
information is created, transmitted, received,
stored, processed and deleted
U.S-Russian Study Group: Cyberspace
4. Threats in Cyberspace: Classification
Malicious Activities in Cyberspace: Actor-Object
Classification
Object
Citizens
States and Proxy
Actors
Actor
O.V. Demidov
Program Coordinator
PIR Center
Russia: the Triad of threats in the
information space
Military and Political
Threats
Citizens
Cyber Crime
(Сitizens vs Citizens)
States and Proxy
Actors
Cyber Terrorism
(Сitizens vs States)
(States vs Citizens)
Cyber war
(States vs States)
?
Any universal classification?
Terrorism
Cybercrime
Formulated by UN GA Resolution
A/RES/54/49 on December 1, 1998
(adopted under Russia’s initiative)
Elements are interrelated and inseparable
Includes the issues of content
Does not provide understanding of technical
nature of threats
5. Soft Law Mechanisms and
Codes of Conduct for Cyberspace
Proposals
O.V. Demidov
Program Coordinator
PIR Center
Soft Law Mechanisms
Authors
1. Russia
2. The SCO and its
states
Russia supports the idea of a Code of Conduct for cyberspace as a
global UN-backed document with strong emphasis on content issues
1. Code of Conduct in the field of International Information Security
(drafted by Russia, Tajikistan, Uzbekistan and China on September 12,
2011)
2. In March 2013 China called for creating some code of conduct for
cyberspace in order to tackle the threat of cyberwar
3. USA
4. UN and the ITU
Since the end of 2012 actively support elaboration of “norms of
responsible behavior” in cyberspace.
Adaptation of the existing international law (jus in bello, jus ad bellum)
Support of the Tallinn Manual approach
Statement by the Secretary of State Hillary Clinton at the international
Conference on Cyberspace in Budapest on November 5, 2012
International private-state cooperation mechanisms: IMPACT-ITU
Alliance since 2011
(Russia refused, Group-IB and Kaspersky Lab participate)
The ITU: National Cybersecurity Strategy Guide: is not in demand in
Russia, as well as the ITU cybersecurity standards
Global Cybersecurity Culture: UN GA Resolution A/RES/64/211,
A/RES/58/199, A/RES/57/239 (just recommendations)
6. Legally Binding Mechanisms for Cyberspace
Proposals
O.V. Demidov
Program Coordinator
PIR Center
Proposals of legally binding acts
Authors
1. Russia
1. Convention on International Information Security (concept)
Presented on 11.2011 (Conference on Cyberspace)
Global scale as a UN act
Comprehensive nature (the triad of threats + the issues of cyber sovereignty)
2. Project of a universal UN Convention on international cybercrime (to be presented
probably in Seoul in October 2013)
To provide new level of cooperation and to avoid the flaws of the Budapest
Convention of CoE
Embraces only criminal segment of the Triad of threats
2. SCO and its separate
states
3. USA
4. UN and the ITU
1. The agreement of SCO on cooperation in the field of ensuring the international
information security signed on June 16, 2009
Laid terminological foundation in the field of IIS
First legally binding international document
No any particular mechanism of intergovernmental cooperation on countering
cyberthreats
Participate in CoE Convention and promote it as a potentially global mechanism
Oppose the initiatives of Russia and the SCO because of cyber sovereignty
component
2010: The ITU Secretary General Hamadoun Toure called to elaboration of a global treaty
on prevention of cyberwars
Concept of a “peace treaty before war”
Never promoted at the UN GA level
Political disputes between Russia, China, USA make the idea hardly feasible
7. Chatham House,
London, 07.05.2013
The International Law Applicable to Cyber Warfare
Issued by CCD COE International Group of Experts on March 28, 2013
Adaptation or a new vision of the international law of armed conflict?
States may not knowingly allow cyber infrastructure located in their territory
to be used for acts that adversely affect other States
The State itself is responsible for proxy actors acting under its direction
The prohibition on the use of force in international law applies fully to cyber
operations. Any cyber operation that caused harm to individuals or damage
to objects qualified as a use of force
An attack is a cyber operation that causes injury or death to individuals or
damage or destruction to objects or which interferes with the functionality of
cyber infrastructure in a manner that requires repair
Civilian hacktivists conducting cyber operations during an armed conflict
can become legitimate targets under certain circumstances
8. Chatham House,
London, 07.05.2013
An International Criminal Court or Tribunal for Cyberspace (ICTC)
Stein Schjolberg, Norwegian Judge, High Level Experts Group (HLEG), ITU, Geneva, Chairman
(2007-2008)
A United Nations court of law, established through a Resolution by the Security Council in
accordance with Chapter VII of the United Nations Charter
The idea of international criminal jurisdiction over individuals committing massive and wellcoordinated cyber attacks, which effectively equals to criminal jurisdiction over proxy actors in
cyber conflicts (including state vs state cyber wars with the use of proxy actors)
Two areas of jurisdiction:
1. “Core cybercrimes” (fraud, data interception, forgery, illegal access, etc.)
2. Massive and coordinated global cyber attacks against critical information
Infrastructures
“To prosecute … whoever by destroying, damaging, or rendering unusable critical communications
and information infrastructures, causes substantial and comprehensive disturbance to the
national security, civil defense, public administration and services, public health or safety, or
banking and financial services”.
No room for responsibility of a state actor for malicious activities in cyberspace – because of
the attribution problem
10. Chatham House,
London, 07.05.2013
Information on PIR Center program
“International Information Security and Global
Internet Governance”
net.pircenter.org
Contacts (Oleg Demidov)
demidov@pircenter.org