Controlling The Use Of Cyber Weapons

Cyberspace is being increasingly used in conflicts, which means that cyber arms control needs to be addressed as well. Now, recent analysis  by Helene Pleil and published by researchers from the Digital Society Institute at the ESMT Berlin business school, alongside colleagues from Technical University Darmstadt, has been published.

The research concludes that the main challenges for effective cyber security control are rapid technological progress, a lack of political will, and uniform definitions, as well as the dual use of cyber tools need serious review.

Pleil, and her colleagues conducted the research on challenges and obstacles facing the development of arms control measures in cyberspace. Their review, which includes interviews with subject matter experts, identifies key issues in developing robust cyber arms control measures and has identified the following problems:-

  • Lack of definitions:   The main challenge for establishing cyber arms control is the lack of clear, agreed-upon definitions of key terms like “cyber weapon.” If what you want to be controlled cannot be explicitly defined, it is much harder to agree on what would be controlled in an arms control treaty.
  • The dual-use dilemma:   Technological tools like a computer, USB stick, or software can be used both by civilians and the military. Since no clear line can be drawn between these different use scenarios, the products cannot be banned in fundamental terms for arms control.
  • Verification:   It is extremely challenging to find suitable verification mechanisms to establish arms control in cyberspace. While arms control agreements for traditional weapons could count weapons or ban an entire category, that isn’t possible for cyberweapons.
  • Technological progress:   The ongoing rapid changing of tools and technology for cyberattacks means that the development of new weapons outpaces regulatory efforts – the technology advances faster than the regulation can be discussed.
  • Role of the private sector:   The dual-use factor means that states do not have sole control over means that are used as weapons, but non-state actors also have ownership and operational rights in this domain. Therefore, the private sector has to be involved and committed to arms control to be effective.
  • Lack of political will:   Although political will is crucial for establishing arms control measures, states are reluctant to do so within cyberspace. Countries have differing interests in the strategic value of cyber tools and might not want to “miss out” on potential advantages.

The researchers conclude that traditional measures of arms and weapon control cannot be simply applied to cyber weapons. Instead, they suggest that new alternative and creative solutions be created, defining and sanctioning the uses of weapons, rather than the tool itself, would allow agreements to be reached and preserved, regardless of the pace of technological development.

ESMT Berlin     |     I-HIS     Image: Ideogram

You Might Also Read:

The Cyber Effect On Modern Warfare:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Iranian Hackers Attack US Water Supplies
Cyber Threats To British Elections »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

L3Harris United Kingdom

L3Harris United Kingdom

L3Harris UK (formerly L3 TRL Technology) designs and delivers advanced electronic warfare and cyber security solutions for the protection of people, infrastructure and assets.

Datto

Datto

Datto delivers a single toolbox of easy to use products and services designed specifically for managed service providers and the businesses they serve.

HID Global

HID Global

HID Global is a trusted leader in products, services and solutions related to the creation, management, and use of secure identities.

Soracom

Soracom

Soracom offers secure, scalable, cloud-native connectivity developed specifically for the Internet of Things.

CounterCraft

CounterCraft

The CounterCraft Cyber Deception Platform fits seamlessly into existing security strategies and delivers high-end deception for threat hunting and threat detection.

SEPPmail

SEPPmail

SEPPmail is a patented e-mail encryption solution to secure your electronic communication.

KOVRR

KOVRR

Kovrr financially quantifies cyber risk on demand. Our technology enables decision makers to seamlessly drive actionable cyber risk management decisions.

GulfTalent

GulfTalent

GulfTalent is the leading job site for professionals in the Middle East and Gulf region covering all sectors and job categories, including cybersecurity.

Newtech Recycyling

Newtech Recycyling

Newtech Recycyling specializes in the removal and disposal of IT infrastructure which has reached the end of its life cycle.

Proton Data Security

Proton Data Security

Proton Data Security is a certified small business specializing in the design, manufacturing and sales of data security products for permanent erasure of hard drives, tapes and optical media.

CyberCube

CyberCube

CyberCube provide world-leading cyber risk analytics for the cyber insurance market.

Pivot Technology School

Pivot Technology School

Pivot Tech offers Data Analytics, Software Development and Cyber Security training in boot camp style cohorts.

GetHacked.ca

GetHacked.ca

GetHackded.ca is a certified company offering penetration testing and specialized cybersecurity services.

LayerX Security

LayerX Security

LayerX's user-first browser security platform turns any browser into the most protected & manageable workspace, by providing real-time monitoring and governance over users’ activities on the web.

Solvo

Solvo

Solvo enables security teams and other stakeholders to automatically uncover, prioritize, mitigate and remediate cloud infrastructure access risks.

ARC Risk and Compliance

ARC Risk and Compliance

ARC Risk and Compliance is a consulting company comprised of a team of AML Specialists completely focused on anti-money laundering compliance and the technologies used to support compliance programs.