30 Matching Annotations
  1. Dec 2020
    1. yber is a domain dominated by covertness and surprise. It is not the kind of thing you can parade on May Day, allowing Western observers to photograph and count. These attributes are antithetical to transparency and create a ceiling for transparency that no reasonable state will go beyond

      This is all true. But, transparency is not only about what weapons/capabilities you have - but also about if you have them, how you may use them, what are the limitations, what is the control mechanism... There are many aspects of transparency that don't endanger operations, but may increase predictability. We had this clash of views when I was in DC to present our map of countries with capabilities, when he argued this. I agree there is a ceiling, but not that 'transparency is dead'. ||Jovan|| ||MariliaM||

    2. Transparency does not deter, and unilateral transparency does not improve stability

      This is also a too narrow view, focused on US-Russia-China. Transparency of some lead states can be a guide to other states, entering this game. Stability is not only about US-Russia-China. 'Western values' are important even if opponents don't follow them. ||Jovan|| ||MariliaM||

    3. external reason

      What could be the external reason to incentivize countries to adhere? One possibility is that stakes are getting higher as we depend more on digital, and (big) states may become more cautious. Again this is too US-Russia-centric. Many other states joining the game now might be more cautious about norms if they see others adhering. ||Jovan|| ||MariliaM||

    4. Norms are not implemented; they are observed

      I suppose with 'observed' he referred to 'adhered to'? While I agree that formality in impementation is not the essence, but we need to find ways for everyone to adhere, I don't think GGE/OEWG discussions about implementation are about formality, but essence - and discussing means that could make states to adhere. ||Jovan|| ||MariliaM||

    5. A decade ago, analysts speculated that as states made greater use of offensive cyber operations, there could be escalation to a larger and more damaging conflict, given the covert nature of cyber action, the difficulty (then) of attribution, and the potential for unintended consequences and collateral damage. While there have been a few instances of unintended consequences and collateral damage, such as NotPetya, these did not lead to escalation of conflict. We can now reject the initial hypothesis of miscalculation and escalation as inaccurate.

      "There were no escalations in the past, thus we can disregard escalations in future..." This is so wrong, in my opinion, even on the level of logical flaw. Conditions are rapidly changing. Risk = threat x asset x vulnerability; each of those components have radically changed (and still is): more countries with more sophisticated capabilities x everything being connected x vulnerable everything. Chances of miscalculation, if nothing, are growing. Not least, we can't observe everything from the US-Russia prism as James usually does - there are other countries around the world, other war-torn regions... there, cyber is a new means, and misperception and miscalculation are very possible.

      Worth adding another good peace on stability and escalation which justifies the opposite: https://tnsr.org/2020/09/the-escalation-inversion-and-other-oddities-of-situational-cyber-stability/ But even without going into details of that text, James' logic here is deeply flawed.

      ||Jovan|| ||MariliaM||

    6. U.S. opponents do not want stability; they want change

      I am not an expert in war studies/international peace, but stability, to me, doesn't equal status quo ie. change doesn't equal instability. US opponents do want change in global relations, and they use cyber-means for that - that was well put; but this doesn't mean they don't want/need stability as well - I don't think anyone of the big ones is up to any destabilization and conflicts among them. ||Jovan|| ||MariliaM||

    7. Five Cyber Strategies to Forget in 2021

      Debatable set of conclusions by James Lewis on cyber-stability. I am quite disappointed with some logic used there. Some comments throughout the text. Let me know if you share the feeling. ||Jovan|| ||MariliaM||

    Created with Sketch. Visit annotations in context

    Created with Sketch. Tags

    Created with Sketch. Annotators

    Created with Sketch. URL

    1. News about establishment of the Britain's National CyberForce. There are some solid facts but also concerns that cyber-offensive capabilities won't provide deterrence. Cyber defense is the best deterence.

      ||davidr||||VladaR||

    2. “in all my operational experience, I saw absolutely nothing to suggest that the existence of Western cyber capabilities, or our willingness to use them, deters attackers.” A former British spy chief agrees. “The reality is that non-military uses of offensive cyber are massively over-played.” Outside wartime, he says, such operations “will always be niche and ephemeral, though occasionally useful for sending messages”.

      limited usability of cyber offensive capabilities as deterrence.

      ||VladaR||

    Created with Sketch. Visit annotations in context

    Created with Sketch. Tags

    Created with Sketch. Annotators

    Created with Sketch. URL

  2. Oct 2020
    1. Finally, a Programme of Action has no ending date:

      Important: PoA has no ending date

    2. First, it offers a process that is inclusive and open to all UN member states, unlike the UNGGE. While the OEWG is more inclusive, it is slower to deliver substantial results, notably due to the diversity of capacities and maturities among the participating states. A PoA, by contrast, allows for concrete discussions and progress within working groups devoted to specific issues. In that sense, a PoA on Cyber could actually combine the best of two words.

      WG as mechanism may be helpful

    3. Usually, a Programme of Action comprises two sets of provisions: objectives and recommendations and rules for monitoring their implementation.

      Mechanism for monitoring of implementation is particularly important part of the PoA

    Created with Sketch. Visit annotations in context

    Created with Sketch. Tags

    Created with Sketch. Annotators

    Created with Sketch. URL

    1. Submissionby

      Notably missing: US, China, Russia, Brazil, India, but also Australia and Canada (so far)

    2. open, secure, stable, accessible and peaceful cyberspace

      Not the same wording as China and others use, though

    3. relevant multi-stakeholder initiatives

      Opening space for contributions by other fora like Paris Call

    4. could consider if additional norms could be developed over time

      Creating space for possibly developing new norms in future

    5. implementation is currentlyone of our biggest challenges

      Though not all parties would agree on this

    6. The OEWG and 6thGGE could work toagree the modalities of aProgramme of Action,

      I think the proposal comes too late in the work of the current GGE and OEWG to allow those to discuss modalities - even if all parties would agree for the PoA, which is not likely.

    7. acquis

      Acquis - a term increasingly used by the Europeans (probably borrowed from the EU acquis) to denote the current set of norms, CBMs and CB measures agreed thus far. GGE Chair also used the term to emphasise that the acquis is the base, that shouldn't be re-opened. Another word to add to our Speech Generator, for France and EU partners at least

      ||Pavlina||||AndrijanaG||||MariliaM||

    8. recognize the full applicability of International Law to cyberspace.

      Thus, the signatories in a way recognise the full applicability of IL - we can reflect this in our mapping ||Pavlina||||AndrijanaG||

    9. Programme of Action for advancing responsible State behaviour in cyberspace

      France with 40 other countries (Western Alliance mainly still) publishes the proposal for a Programme of Action, which would replace GGE and OEWG after their mandate.

      Good coverage of what this could mean is at https://directionsblog.eu/a-new-un-path-to-cyber-stability/

      ||Jovan||||Pavlina||||MariliaM||||AndrijanaG||

    Created with Sketch. Visit annotations in context

    Created with Sketch. Tags

    Created with Sketch. Annotators

    Created with Sketch. URL

    1. US and some other countries to politicize the issue of data security

      Re. TikTok. Interestingly, now China is (nominally) becoming in favour of free flow of data, while US and EU are calling for data sovereignty? Link with WTO? ||Jovan||||MariliaM||

    2. China supports the work of the UN OEWG and UN GGE and hope that these processes will make further progress

      China supports GGE and OEWG, yet no clear connection between those and the rule-making on data security is made: is this a suggested follow-up, a parallel process, part of the two?

    3. data security

      China frames cybersecurity debates as 'data security' also in the UN 1st Committee now, after their Global Initiative on Data Security (which has no reference to any UN process whatsoever)

      We may update our Speech Generator database with these new Chinese lingo and positions

      ||Jovan||||AndrijanaG||||Pavlina||||MariliaM||

    4. develop a set of international rules on data security

      China calls to 'develop new rules', on data security. Indeed, none of the existing rules are about 'data security'!

    Created with Sketch. Visit annotations in context

    Created with Sketch. Tags

    Created with Sketch. Annotators

    Created with Sketch. URL

  3. Sep 2020
    1. ||VladaR|| This statement by Russia has a few elements:

      • confidence-building on the working/expert level
      • practical solutions
      • borrowing experience and expertise from the USA-Russia cooperation in the nuclear disarmament field.
      • while moving bilaterally - also proposing global agreement.

      ||sorina|| ||StephanieBP|| ||AndrijanaG||

    Created with Sketch. Visit annotations in context

    Created with Sketch. Tags

    Created with Sketch. Annotators

    Created with Sketch. URL

    1. development and security

      Development component is emphasized in the security context. This buys support of various developing countries.

    2. data security

      Framing of cyber(in)security as data security. On one hand, disconnecting from other ongoing processes, which allows placing other items in; on the other - would it be also more appealing to the 'opponents' which raise security of data over 5G networks as the key concern?

    3. boosting users' confidence

      Indeed, user confidence in digital products and services is enhanced with secure and stable supply chain. Unexpected but well placed argument.

    4. new development of international division of labor

      Interesting phrase to support global supply chain and technological inter-dependence

    Created with Sketch. Visit annotations in context

    Created with Sketch. Tags

    Created with Sketch. Annotators

    Created with Sketch. URL