Opinion on CCDCOE Comments on Digital Geneva Convention
August 28, 2017
This essay is a reply to the NATO CCD COE comments about a digital geneva convention found here.
The opinion of the NATO CCD COE researchers Tomáš Minárik and LTC Kris van der Meij in their independent review of the proposal of Digital Geneva Convention have both positive and negative aspects. I support the point of view that the agreement on new and holistic Digital Geneva Convention is currently unrealistic. However, I disagree that an amendment to the traditional Geneva Convention would be enough. How would the traditional Geneva Convention respond to cyber incidents during no conflict?
As Tomáš Minárik and LTC Kris van der Meij propose, there should be first realistic step in the implementation of the agreement. But new agreements, whatever they are called (not necessary Digital Geneva Convention), and mechanisms are necessary in the cyberspace.
Cyberspace is a totally different area. It is border-less, civilian-oriented and open. The Geneva Convention is a great agreement for a physical space when an attacker and victim are clear and the scope and area of actions are defined. But in cyberspace, a threat actor can easily hide destructive payloads. And as we saw in several cases, an attack could easily get out of control and spread across the globe. Moreover, the victim and attacker is often not easy to define. Because of this, many attack cases are unsolved, but attribution is assumed.
So cyberspace needs new agreements and, most importantly, a new mindset. Governments must stop covertly producing cyber weapons and plotting cyber attacks. And they must recognize the global virtue of cyber space. Otherwise the separation, which is an unavoidable destruction of the cyber space, will continue as we already observe on the example of Chinese Great Digital Wall and Russian RuNet 2020 program. But already in 2013 Eugene Kaspersky in his talk in Sydney warned about such harmful consequences.
As we argue in our research, the agreements and organisations in physical space do not map to cyberspace. Cyberspace can inherit the best practices from the initiatives in the physical space, but the overall approach must be different. Though it is not realistic at once, a document such as Digital Geneva Convention can serve as a clear roadmap.
What is realistic is an international effort that must continue developing the international cyber norms, what was started in the critical terminology foundation by EastWest Institute. Step by step these norms can form binding agreements. Also cyber norms will identify common values among nations and will help focus international efforts on protection of this specific items. I see that the Microsoft initiative can be an important contribution to the private-public partnership, which is crucial in the cyberspace. ITU IMPACT was a promising initiative but didn’t develop without the participation of major nation powers. Initiated by a strong independent private organization such as Microsoft, the private-public partnership can get new growth.