Controlling The Use Of Cyber Weapons

Cyberspace is being increasingly used in conflicts, which means that cyber arms control needs to be addressed as well. Now, recent analysis  by Helene Pleil and published by researchers from the Digital Society Institute at the ESMT Berlin business school, alongside colleagues from Technical University Darmstadt, has been published.

The research concludes that the main challenges for effective cyber security control are rapid technological progress, a lack of political will, and uniform definitions, as well as the dual use of cyber tools need serious review.

Pleil, and her colleagues conducted the research on challenges and obstacles facing the development of arms control measures in cyberspace. Their review, which includes interviews with subject matter experts, identifies key issues in developing robust cyber arms control measures and has identified the following problems:-

  • Lack of definitions:   The main challenge for establishing cyber arms control is the lack of clear, agreed-upon definitions of key terms like “cyber weapon.” If what you want to be controlled cannot be explicitly defined, it is much harder to agree on what would be controlled in an arms control treaty.
  • The dual-use dilemma:   Technological tools like a computer, USB stick, or software can be used both by civilians and the military. Since no clear line can be drawn between these different use scenarios, the products cannot be banned in fundamental terms for arms control.
  • Verification:   It is extremely challenging to find suitable verification mechanisms to establish arms control in cyberspace. While arms control agreements for traditional weapons could count weapons or ban an entire category, that isn’t possible for cyberweapons.
  • Technological progress:   The ongoing rapid changing of tools and technology for cyberattacks means that the development of new weapons outpaces regulatory efforts – the technology advances faster than the regulation can be discussed.
  • Role of the private sector:   The dual-use factor means that states do not have sole control over means that are used as weapons, but non-state actors also have ownership and operational rights in this domain. Therefore, the private sector has to be involved and committed to arms control to be effective.
  • Lack of political will:   Although political will is crucial for establishing arms control measures, states are reluctant to do so within cyberspace. Countries have differing interests in the strategic value of cyber tools and might not want to “miss out” on potential advantages.

The researchers conclude that traditional measures of arms and weapon control cannot be simply applied to cyber weapons. Instead, they suggest that new alternative and creative solutions be created, defining and sanctioning the uses of weapons, rather than the tool itself, would allow agreements to be reached and preserved, regardless of the pace of technological development.

ESMT Berlin     |     I-HIS     Image: Ideogram

You Might Also Read:

The Cyber Effect On Modern Warfare:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Iranian Hackers Attack US Water Supplies
Cyber Threats To British Elections »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

NQA Certification

NQA Certification

NQA provides certification to a range of ISO standards including ISO 27001 for information security management.

Fortinet

Fortinet

Fortinet is a provider of network security systems. Our products provide protection against dynamic security threats while simplifying the IT security infrastructure.

Australian Signals Directorate (ASD)

Australian Signals Directorate (ASD)

The Australian Signals Directorate is an intelligence agency in the Australian Government Department of Defence.

Verimatrix

Verimatrix

Verimatrix is a global provider of innovative cybersecurity solutions that protect content, devices, software and applications.

Wibu-Systems

Wibu-Systems

Wibu-Systems is a leading provider of solutions for the Digital Rights Management (DRM) and anti-piracy industry.

Avatier

Avatier

Avatier identity management software products automate identity access management, user provisioning and IT governance to ensure information security and compliance.

DOS

DOS

DOS is an Ecuadorian company with 3 decades of presence in the market and extensive experience in the planning, management and execution of IT Service Integration Projects.

SwiftSafe

SwiftSafe

SwiftSafe is a cybersecurity consulting company providing auditing, pentesting, compliance and managed security services.

Rule4

Rule4

Rule4 is a global professional services firm that provides practical, real-world knowledge and solutions in areas including cybersecurity, AI, Machine Learning and industrial control systems.

SixThirty CYBER

SixThirty CYBER

SixThirty is a venture fund that invests in early-stage enterprise technology companies from around the world building FinTech, InsurTech, and Cybersecurity solutions.

Qmulos

Qmulos

Qmulos’ real-time continuous monitoring risk management suite, Q-Compliance, provides a massively flexible and scalable solution to optimizing operational security.

Primus Institute of Technology

Primus Institute of Technology

At Primus Institute of Technology our mission is to inspire, support, and empower current and aspiring IT professionals through training and career development workshops.

PROW Information Technology

PROW Information Technology

PROW is at the forefront of the technology and digital revolution with a focus and mastery in the cybersecurity, information security and data management realms.

GeoComply

GeoComply

GeoComply provides fraud prevention and cybersecurity solutions that detect location fraud and help verify a user's true digital identity.

Port-IT

Port-IT

Port-IT is a leading partner in cybersecurity solutions tailored for the maritime industry.

True North Solutions

True North Solutions

True North Solutions provides a wide range of fully customized, vendor-neutral industrial engineering and OT automation solutions to companies across North America and around the world.