View Post

Striking a balance: A review of Australia’s Cyber Security Strategy 2023-30

Anne-Louise Brown Commentary

Over the past several years, Australia has undergone a cyber security reckoning. Several high-profile breaches impacting millions of citizens has propelled cyber security into the public consciousness, with regional tensions heightening government fears in relation to state-based attacks on critical infrastructure. In response to these threats, in November 2023, the Australian Government released the 2023-30 Australian Cyber Security Strategy, which …

View Post

Ahead of the Threat(s)?

Parto Mirzaei Commentary

With the new Dutch International Cybersecurity Strategy for 2023-2028, the government of the Netherlands demonstrates responsibility and agency in the face of continuous cyber threats posed by states and criminals. It aspires to keep democratic and human rights and norms top of mind and seeks to preserve a globally open, free and secure internet. The strategy makes clear the government’s …

View Post

Countering Cyber Mercenaries

Nikolas Ott Opinions

The EU and its member states face a human rights and security crisis due to the use of cyber mercenaries, private entities that sell offensive cyber capabilities to governments. The Paris Peace Forum, the Paris Call for Trust and Security in Cyberspace, and a Franco-British initiative are some of the platforms that have proposed concrete actions and guidance for industry, …

View Post

Africa’s Cybersecurity Treaty Enters into Force

Nnenna Ifeanyi-Ajufo Commentary

The Malabo Convention has now entered into force. But with ratifications from only 15 of 55 AU member states – and none yet from any of Africa’s power countries, such as Egypt, Algeria, Nigeria, South Africa, Kenya, Morocco or Ethiopia – will the Convention be accorded the regional and international validation needed to become a viable instrument for regulating cybersecurity …

View Post

Why EU Cyber Policy Should Become Feminist

Jennifer Menninger & Veronika Datzer Opinions

The EU’s cyber policy and strategy has developed essential relevance to the EU’s security environment. This was highlighted in 2022’s Strategic Compass, which emphasises the importance of cybersecurity. In the grey zone between peace and armed conflict, state and non-state actors use cyber operations for espionage, ransom or sabotage. The 2022 ENISA Threat Landscape found a massive increase in cyberattacks …

View Post

Coordinated Vulnerability Disclosure: A Quick Win for Cyber Norms and Software Security

Alexandra Paulus & Bart Hogeveen Opinions

In 2015, UN member states committed themselves to fostering software supply chain security. But the issue has since been neglected in international forums, even as software supply chain compromises have severely impacted individuals, companies and societies. To begin to close this implementation gap, diplomatic action should focus on global promotion of processes of coordinated vulnerability disclosure (CVD). This would both …

View Post

South Korea’s Indo-Pacific Strategy Promotes Cyber Cooperation

So Jeong Kim Opinions

The South Korean government announced the Indo-Pacific Strategy of Freedom, Peace and Prosperity in December last year. This strategy pursues economic cooperation and prosperity in infrastructure, trade and supply chains, and focuses on cooperation and solidarity based on openness and inclusion, not competition. It’s encouraging that the strategy directly refers to supporting cyber capabilities, expanding official development assistance (ODA) and …

View Post

A Cybersecurity Strategy for the 21st Century

James A. Lewis Commentary

The Biden Administration’s ambitious new National Cybersecurity Strategy will significantly improve cyber defence. Written for cyberspace as it exists and operates now, it abandons the previous emphasis on deterrence, which has not worked, and focuses on resilience and regulation. It also shifts important security responsibilities to developers and providers of IT services and products, and creates new opportunities for close …

View Post

Striking the Right Balance: A Commentary on the Fourth Substantive Session of the OEWG on ICTs

Allison Pytlak & Andrea Salvi Commentary

The recent meeting of the OEWG on ICTs in New York was held amidst a climate of significant global cyber threats and geopolitical tensions. The meeting was successful in terms of attracting a high number of new proposals and broad participation from member states, which is particularly valuable in the current climate of multilateral uncertainty. However, the OEWG faces the …

View Post

Disrupting Ransomware

David Hickton Commentary

Governments around the world are making significant progress in disrupting and deterring cyber criminals from launching ransomware schemes, but far more is needed to properly address this evolving problem. It’s been nearly a decade since the United States Department of Justice indicted notorious Russian cyber criminal Evgeniy Bogachev for masterminding the notorious GameOverZeus malware scheme. By conservative estimates, Bogachev’s Business …