Firebreaks, Firewalls, And ‘Windows Of Opportunity’ In Cyber Norms – Analysis
By Observer Research Foundation
By Moliehi Makumane*
The norms, rules, and principles of responsible state behaviour are not unlike firewalls and firebreaks. Firewalls and firebreaks are the first line of defence if a fire breaks out; to prevent the spread of the fire, an actual wall is erected to separate buildings or subdivide them to protect the structure of a building even if the structures on either side of the firewall collapse. It buys time, till eventually the fire is put out. Similarly, a firebreak is a gap in vegetation or other combustible material that acts as a barrier to slow or stop the progress of a wildfire. In cyberspace, both firewalls and firebreaks are important; however, a Silicon Review article argued that prevention offered by a firewall sometimes fails so a firebreak is also required: Detection and response.
The importance of the norms, rules, and principles of responsible state behaviour have recently been re-emphasised by the consensus reports of the UN Open Ended Working Group and the UN Group of Governmental Experts (GGE) for their potential to reduce threats to international peace, security, and stability and prevent conflict in the Information and Communications Technology (ICT) environment. They also contribute to its peaceful use to enable the full realisation of ICTs to increase global social and economic development. In that sense, we could say that they serve the same purpose in inter-state relations as firewalls and firebreaks.
However, at the same time, emerging and existing threats in inter-state relations in the cyber domain are only increasing. These ‘little fires’ require a comprehensive approach consisting of both internal and external state actions. This is the advantage of the UN GGE’s 11 norms, which in their implementation build firewalls and firebreaks to address not just the cyberthreats but the threats at the intersection of different domains, and in some cases, those amplified by the cyber domain.
The consensus reports also acknowledge that there are and will be differences in how these threats manifest in regions and subregions. In this case, the norms also provide a ‘window of opportunity’. In crisis management, the window of opportunity extends from the trigger event to a small gap when the emergency containment measures cease to be effective, and the crisis unfolds. The trigger events of cyberattacks happening all over the world are another class of small fires. Member states have an opportunity to, based on the guidance provided for the implementation of norms, take reasonable steps, including developing national and regional ICT policies, coordination mechanisms, and incident management centres. That said, this is applicable to all countries: No one is ever done when it comes to cybersecurity.
There are important lessons that will be learnt from the implementation of these norms in the Global South, including the intersection between the framework of responsible state behaviour in cyberspace and sustainable development. This shifts the narrative from a purely peace and security issue to an issue that deals with economic and social empowerment. From the protection of critical infrastructure of key developmental sectors like education and energy to international cooperation for cyber capacity building that prioritises safety of women and children online, direct benefits for the attainment of sustainable development will be a key incentive for norms implementation. This will be an important shift and it may contribute to more countries engaging more substantially and productively in the discussions.
There are weak signals of emerging threats related to new technologies and the debate will shift more substantially towards the elaboration of new norms. The effectiveness of norms to address threats will be measured by how we implement the existing 11. The Cyber Policy Portal is an important dashboard to see how countries engage with the norms.
It is important to increase the dialogue space; there is significant potential in the Global South-South trilateral and regional organisations for this. The Non-Aligned Movement’s (NAM) paper to the Open-Ended Working Group signified an important step. The NAM inputs, amongst others, gave practical relevance to the principle of common but differentiated responsibility in cybersecurity. The rationale is that although all countries are responsible for the development of global society, each has a different set of capabilities that they can contribute to this goal. At its best, its manifestation in the intergovernmental debates on international cybersecurity could mean that digitised, developed countries continue to honour their technology transfer and cyber capacity building commitments while newly digitising, developing countries continue to prioritise the secure use of ICTs for economic, and social development and security.
Alongside representation of the IBSA and BRICS countries in the UN Group of Governmental Experts, the perspectives of the South must be amplified. Dedicated dialogue forums of the Global South have a role to play to facilitate discussion, but these discussions should also be mainstreamed in trilateral cooperation mechanisms, and it may even be important to establish new cooperation mechanisms.
As we prepare for the second iteration of the Open-Ended Working Group, we expect more participation, especially from the Global South’s civil society and academia, to amplify the ideas, perspectives, and positions of the Global South on norms and the entire Framework.
The views expressed above belong to the author(s).