Session
Cybersecurity, Cybercrime & Online Safety
Cyberattacks, Cyberconflicts and International Security
Organizer 1: Priya Urs, University of Oxford
Organizer 2: Talita Dias, Chatham House - The Royal Institute of International Affairs
Speaker 1: Michael Karimian, Private Sector, Asia-Pacific Group
Speaker 2: TARIQ RAUF, Intergovernmental Organization, Intergovernmental Organization
Speaker 3: Pulkit Mohan, Civil Society, Asia-Pacific Group
Speaker 4: Priya Urs, Civil Society, Asia-Pacific Group
Tomohiro Mikanagi, Japanese Ministry of Foreign Affairs
Giacomo Persi Paoli, UN Institute for Disarmament Research
Marion Messmer, Chatham House
Talita Dias, Civil Society, Western European and Others Group (WEOG)
Priya Urs, Civil Society, Asia-Pacific Group
Talita Dias, Civil Society, Western European and Others Group (WEOG)
Round Table - 90 Min
A. What are the risks and potential consequences of cyber operations targeting civilian nuclear infrastructure? B. To what extent do existing international law and non-binding norms protect civilian nuclear systems and how can such legal and normative protections be strengthened? C. What policies and cybersecurity best practices, including multistakeholder efforts, are needed to implement legal and normative protections of civilian nuclear technologies online?
What will participants gain from attending this session? Participants will gain an understanding of the risks and potential consequences of cyber operations targeting civilian nuclear infrastructure, as well as the legal and practical challenges of protecting relevant systems. In particular, they will be exposed to concrete examples of such operations – from malware and ‘denial of service’ attacks to information operations – and their actual impact on individuals and other actors. Participants will also learn about the extent to which existing international legal and normative protections apply to these systems, the importance of upholding applicable protections, and ways in which they can be strengthened, including through multistakeholder coalitions. An interactive discussion of policy measures and cybersecurity best practices to implement existing rules and norms will allow participants to express their views and influence those policies and practices moving forward.
Description:
The convergence of cyber and nuclear risks poses a significant threat to national security and global stability. Cyberattacks targeting civilian and military nuclear systems have been reported in developed and developing countries around the world. Even the International Atomic Energy Agency (IAEA) has been the target of malicious cyber operations. The actual and potential risks of such attacks include the extraction of sensitive information about nuclear capabilities, malfunctioning of equipment, such as nuclear enrichment centrifuges, disruption of energy supplies, increased radiation levels, and potentially disastrous consequences for the environment and human life and health. This session will explore how existing rules of international law and non-binding norms of responsible State behaviour protect the cybersecurity of civilian nuclear infrastructure. It will examine whether the current legal and normative frameworks, along with cybersecurity policies and best practices, are adequate for this task. The session will kick off with a simulation of a cyberattack against a civilian nuclear system. This exercise will showcase the attack’s potential consequences and raise awareness of the need to uphold the applicable rules, norms, and best practices to safeguard civilian nuclear infrastructure against cyber threats. The session will then turn to the extent to which applicable rules and principles of international law protect such infrastructure, notably the prohibition of intervention in the affairs of other States, due diligence obligations, international human rights law, and nuclear-specific treaties, highlighting areas of interpretative consensus and gaps in protection. A discussion of relevant norms of responsible State behaviour, adopted by the United Nations Group of Governmental Experts on information and communications technologies, will follow. The session will conclude by addressing practical policy and cybersecurity measures needed to give effect to the existing legal and normative frameworks. Speakers include representatives from Microsoft, the Japanese Government, and the IAEA.
Chatham House Report, Cybersecurity at Civil Nuclear Facilities: https://www.chathamhouse.org/sites/default/files/field/field_document/2…
The session is expected to inform different stakeholders about the threats to the cybersecurity of civilian nuclear infrastructure as well their international legal and normative protections (e.g., which State and non-State behaviours are off-limits, limited, or required). This will raise awareness of the importance of strengthening existing legal and normative frameworks. The session will also enable speakers and participants to exchange views on and shape policy strategies and cybersecurity best practices needed to give effect to those frameworks. An outcome document prepared after the session will flesh out key legal and normative protections and outline a roadmap of policy recommendations and best practices for governments, international organisations, and the private sector to improve the cybersecurity of civilian nuclear systems. Emphasis will be placed on actions to protect the most vulnerable and marginalised groups, such as civilian populations in developing countries, women, children, and the elderly.
Hybrid Format: To facilitate interaction between onsite and online speakers and participants, the session will have a dedicated online moderator who will take online questions first. The onsite moderator will also invite questions from both online and onsite attendees, encouraging use of the ‘raise hand’ function to speak. To ensure that the speakers have understood the attendees’ questions/comments, particularly online, the moderator will summarise/clarify these as needed. To ensure the best possible experience for onsite and online participants, the session will have a dedicated Q&A. This will allow onsite and online speakers and participants to engage directly with one another, with the help of the onsite and online moderators. To increase participation during the session, an online survey tool (e.g. SurveyMonkey, Polis) will be used to collect the insights of all participants on the three policy questions at the end of the session. These views will feed into the session’s outcome document.