How can we address the accountability of civilian hackers and cyber mercenaries in modern conflicts? The rise of volunteer cyber participants in the Ukrainian conflict reveals significant gaps in the legal and ethical standards. This opinion piece argues that existing international laws are inadequate for managing the complex roles of these actors and calls for urgent reform. By examining the …
The Role of Private Entities in Hybrid Warfare
Hybrid warfare, a complex strategy blending conventional military tactics with cyber, political, and economic pressures, poses a significant challenge to global security. Private entities, particularly those overseeing critical infrastructure (CI) and critical information infrastructure (CII), such as energy and telecommunications, have become both prime targets and essential defenders against such threats. Adversaries increasingly aim to exploit vulnerabilities within private sectors …
Striking a balance: A review of Australia’s Cyber Security Strategy 2023-30
Over the past several years, Australia has undergone a cyber security reckoning. Several high-profile breaches impacting millions of citizens has propelled cyber security into the public consciousness, with regional tensions heightening government fears in relation to state-based attacks on critical infrastructure. In response to these threats, in November 2023, the Australian Government released the 2023-30 Australian Cyber Security Strategy, which …
Ahead of the Threat(s)?
With the new Dutch International Cybersecurity Strategy for 2023-2028, the government of the Netherlands demonstrates responsibility and agency in the face of continuous cyber threats posed by states and criminals. It aspires to keep democratic and human rights and norms top of mind and seeks to preserve a globally open, free and secure internet. The strategy makes clear the government’s …
Countering Cyber Mercenaries
The EU and its member states face a human rights and security crisis due to the use of cyber mercenaries, private entities that sell offensive cyber capabilities to governments. The Paris Peace Forum, the Paris Call for Trust and Security in Cyberspace, and a Franco-British initiative are some of the platforms that have proposed concrete actions and guidance for industry, …
Africa’s Cybersecurity Treaty Enters into Force
The Malabo Convention has now entered into force. But with ratifications from only 15 of 55 AU member states – and none yet from any of Africa’s power countries, such as Egypt, Algeria, Nigeria, South Africa, Kenya, Morocco or Ethiopia – will the Convention be accorded the regional and international validation needed to become a viable instrument for regulating cybersecurity …
Why EU Cyber Policy Should Become Feminist
The EU’s cyber policy and strategy has developed essential relevance to the EU’s security environment. This was highlighted in 2022’s Strategic Compass, which emphasises the importance of cybersecurity. In the grey zone between peace and armed conflict, state and non-state actors use cyber operations for espionage, ransom or sabotage. The 2022 ENISA Threat Landscape found a massive increase in cyberattacks …
Coordinated Vulnerability Disclosure: A Quick Win for Cyber Norms and Software Security
In 2015, UN member states committed themselves to fostering software supply chain security. But the issue has since been neglected in international forums, even as software supply chain compromises have severely impacted individuals, companies and societies. To begin to close this implementation gap, diplomatic action should focus on global promotion of processes of coordinated vulnerability disclosure (CVD). This would both …
South Korea’s Indo-Pacific Strategy Promotes Cyber Cooperation
The South Korean government announced the Indo-Pacific Strategy of Freedom, Peace and Prosperity in December last year. This strategy pursues economic cooperation and prosperity in infrastructure, trade and supply chains, and focuses on cooperation and solidarity based on openness and inclusion, not competition. It’s encouraging that the strategy directly refers to supporting cyber capabilities, expanding official development assistance (ODA) and …
A Cybersecurity Strategy for the 21st Century
The Biden Administration’s ambitious new National Cybersecurity Strategy will significantly improve cyber defence. Written for cyberspace as it exists and operates now, it abandons the previous emphasis on deterrence, which has not worked, and focuses on resilience and regulation. It also shifts important security responsibilities to developers and providers of IT services and products, and creates new opportunities for close …