IGF 2020 WS #346 A Recipe for Deterrence in Cyberspace

Information

Session

Thematic Track:

Topic(s):

Organizer 1: Private Sector, Western European and Others Group (WEOG)
Organizer 2: Private Sector, Western European and Others Group (WEOG)

Speaker 1: Douzet Douzet, Civil Society, Western European and Others Group (WEOG)
Speaker 2: Joanna Świątkowska, Civil Society, Eastern European Group
Speaker 3: Kathryn Jones, Government, Western European and Others Group (WEOG)
Speaker 4: Elonnai Hickok, Civil Society, Asia-Pacific Group

Format:

Break-out Group Discussions - Flexible Seating - 90 Min

Description:

This session will provide a discussion of the central challenges and opportunities related to states establishing policies and regimes to deter malicious activity in cyberspace. The potential of such deterrence postures relies in large part on cooperation with industry and civil society groups, as well as other governments, to establish credible attributions as well as meaningful response options sufficient to discourage bad actors. Discussion will build on recent developments and scholarship on the topic, including the establishment of the European Union’s cyber deterrence regime and the Joint Statement on Advancing Responsible State Behavior in Cyberspace that was signed by 27 governments this past autumn. Speakers will include representatives from government and international organizations leading these efforts, as well as academics and members of think tanks evaluating what could make such efforts successful. Agenda: • 5 minutes – Opening remarks from moderator setting the stage for the discussion, introducing recent policy initiatives intended to establish deterrence policies and regimes. The moderator will also introduce a guiding question that groups of participants will be tasked with answering following a presentation from the speakers: i) “To establish effective deterrence policies, who should be held accountable for cyberattacks, states, individuals or organizations? Why?” ii) “Which actors/stakeholders will be important to include in establishing effective deterrence policies and regimes?” • 35 minutes – Opening remarks from speakers, sharing their perspectives on current efforts at deterrence in cyberspace, both unilateral and multinational, and what kind of multistakeholder cooperation will be necessary for such efforts to be successful. The moderator will ask pointed follow-up questions to set up the subsequent discussion. • 20 minutes – Moderator directs participants, online and off, to collaboratively discuss in pre-established groups, the two questions introduced at the outset of the session. • 10 minutes – Groups each quickly present their responses to the two focus questions introduced at the outset, as well as the rationale behind their conclusions. • 20 minutes – Speakers are provided an opportunity to respond to the suggestions and answers provided by respective groups to the focus questions, following which participants will be encouraged to ask questions of the speakers. **Note: While they will exist as two distinct sessions, this discussion of deterrence will seek to build directly on another proposed session, Attributing attacks: political, technical & legal dimensions, as deterrence efforts will be so closely linked to effective attribution claims. Attendees will be encouraged to join both sessions, adding further depth and nuance to the discussion.

Issues:

Amidst escalating geopolitical tensions and government investment in offensive military capabilities in cyberspace, as well as the use of such capabilities by third parties and criminal actors, nations are exploring how to establish a meaningful deterrent against malicious behavior online. However, unlike other domains of conflict, it can be difficult to determine responsibility for cyberattacks or to know what appropriate responses might be when the same attack or response may have varying impacts in different contexts and when states have such radically different ICT infrastructure. Central to this discussion will be questions about what constitutes an appropriate deterrent response in cyberspace – including possible kinetic actions – whether deterrent responses should be targeted against responsible governments, organizations or individuals, and what types of coalitions and structures are needed for countries to establish an effective deterrence posture in cyberspace. Despite the challenges, effective deterrence remains an essential ingredient in promoting stability online and discouraging the continued escalation of sophisticated attacks, requiring cooperation and coordination across stakeholder groups.

Policy Question(s):

Cybersecurity policy, standards and norms i) What kind of coalition will be necessary to establish meaningful deterrence in cyberspace? ii) What types of response options will deter malicious behavior online, and who should be held responsible for such activity in order to deter it (states, organizations, individuals)? iii) How will deterrence policies and approaches online need to differ from state to state?

Expected Outcomes:

Participants will walk away with a foundational understanding of the essential policy questions and challenges for establishing deterrence in cyberspace, as well as what kind of cooperative structures will help make such efforts more effective. Participants, including speakers, who are working in this issue space directly will benefit from the diversity of global perspectives in the room that will help address specifically who should be included in establishing deterrence policies and who should be held responsible for malicious behavior online under such policies.

Relevance to Internet Governance: Recent years have seen a dramatic spike in sophisticated attacks in cyberspace. Bringing stability to the online world, and turning the tide against this trend, will require shifting the balance of costs and benefits currently driving such attacks so that malicious actors are deterred from pursuing them. From coordination to attribution, and imposing sanctions and other response options, credible deterrence will require cooperation and support from many different stakeholder groups and clarity about expectations and responsibilities for all parties involved.

Relevance to Theme: Trust in the online world is inherently linked to the confidence among citizens everywhere that malicious activity, and especially the most sophisticated and significant attacks, are effectively discouraged and that when such activity occurs, those responsible can and will be held to account. Successfully deterring such activity is a complicated challenge with important implications and roles for all stakeholder groups in order to promote the security and stability of the online world.

Discussion Facilitation:

Organizers will leverage the multiple avenues the IGF makes available to socialize this interactive session to include a wide audience of interested stakeholders, highlighting central questions and relevant policies to prospective attendees to set up a rich discussion in advance. Participants will also be encouraged to attend the session on attribution as well (if accepted), to add additional depth to the discussion in this session on deterrence. The majority of the time in the session will be set aside for small group discussion of central questions, as well for attendee questions for speakers.

Online Participation:

Usage of IGF Official Tool.

SDGs:

GOAL 16: Peace, Justice and Strong Institutions
GOAL 17: Partnerships for the Goals