This workshop is the second in a series in the 'Implementing the Commonwealth Cybersecurity Agenda' project. The workshop aims to provide a multi-stakeholder pan-Commonwealth platform to discuss how to take the implementation of the 'Commonwealth Cyber Declaration' forward with a focus on the second pillar of the declaration – building the foundations of an effective national cybersecurity response with eight action points. 

As such, the workshop gathers different project implementers under the UK Foreign and Commonwealth Office’s Cyber Programme, in addition to other key relevant stakeholders from the global level, to explore ongoing initiatives which aim to deliver one or more of pillar two’s action points.

The workshop addresses issues from a global perspective and a Commonwealth perspective and will include presentations from selected partners from different Commonwealth countries.

With increased use of military drones in recent years there have also been many calls for greater transparency and accountability with regards to drone operations.

This would allow for greater public understanding, particularly as the complex nature of military operations today intensifies difficulties in sustaining perceptions of the legitimate use of force.

For example, in Europe, leading states rely on the US for drone platforms and for the infrastructure - such as military communication networks - that enable those operations, while the US also relies on airbases in European states to operate its drone programme.

In addition, with reports that the US is loosening the rules on the use of drones, it is important to understand how European approaches to transparency and accountability may be affected by these developments.

This workshop focuses on how European states can facilitate transparency to ensure accountability for drone use, as well as what the limits might be, considering both the complexity of military operations today and the need for achieving operational goals.

With the US easing restrictions on export controls, the discussion also considers the role of regulation in ensuring accountability and prospects for developing common standards.

Attendance at this event is by invitation only.

Internet regulation is increasing around the world creating positive obligations on internet providers and exerting negative unintended consequences on the internet infrastructure. In some ways, most of this regulatory activity is justifiable. Governments are concerned about the increased risk that the use of the internet brings to societies. As a response, many governments have been enacting regulations as their main approach to dealing with these concerns. The main challenge is that most of the current regulations are either ill-defined or unworkable.  

On the one hand, several governments have established procedures that seek to analyze the impacts of new regulatory proposals before they were adopted. However, there hasn’t been enough attention aimed at analyzing regulations after they have been adopted and only a few have measures in place to evaluate the impacts of the procedures and practices that govern the regulatory process itself.

On the other hand, much of the regulation creates unintended consequences to the internet itself. It undermines many of its fundamental properties and challenges the integrity and resiliency of its infrastructure.  

This event discusses current practices in internet-related regulation and the related challenges. Panellists will discuss how governments can enforce regulations that achieve their intended purpose while at the same time protecting the internet’s core infrastructure and its properties, including its openness, interoperability and global reach.

• The risks and challenges of the increasing number and arming of drones. 
• The risks for countries of not doing so in terms of geostrategic interests and the future battlefield.
• Opportunities for developing common standards on drone transfers and deployment across EU member states.
• Sharing and cooperation on drone use.
• What legal and policy implications might arise for European states as a result.

With Brexit on the horizon, participants will also consider what impact this may have on future drone developments in Europe.

Attendance at this event is by invitation only.

In recent years, cybercrime has evolved from a niche technological concern into a prominent global issue with substantial preventative and remedial costs for businesses and governments alike. Despite heavy investment in sophisticated cybersecurity measures and the adoption of several legal, organizational and capacity-building measures, cybercrime remains a major threat which is evolving on a daily basis. Today’s cybercrime is more aggressive, more complex, more organized and – importantly – more unpredictable than ever before.

The challenges posed by cybercrime are experienced acutely by countries undergoing digital transformations: as the level of connectivity rises, so too does the potential for online theft, fraud and abuse. Cybercrime is pervasive but governments can work to limit its impact by creating a resilient overall economy and robust institution, and appropriately equipping law enforcement and the justice system to navigate its novel challenges.

To advance the discourse surrounding these issues, this workshop will assess the current cyber threat landscape and how it is evolving. It will identify the main obstacles encountered by law enforcement, the judiciary and prosecutors in their fight against cybercrime. It will also compare national, regional and global approaches that countries can use to effectively curb cybercrime and tackle its emerging challenges.

The 1967 Outer Space Treaty (OST) is the mainframe for space law. It recognizes the importance of the use and scientific exploration of outer space for the benefit and in the interests of all countries. It also prohibits national sovereignty in space, including of the Moon and other celestial bodies.

The OST prohibits all weapons of mass destruction in space – in orbit or on other planets and moons – and does not allow the establishment of military infrastructure, manoeuvres or the testing of any type of weapon on planets or moons. As the treaty makes clear, outer space is for peaceful purposes only. Except of course, it is not – nor has it ever been so.

The very first satellite, Sputnik, was a military satellite which kicked off the Cold War space race between the US and the USSR. The militaries of many countries followed suit, and space is now used for military communication, signals intelligence, imaging, targeting, arms control verification and so on.

However, in keeping with international aspirations, space is also being used for all kinds of peaceful purposes such as environmental monitoring, broadcast communications, delivering the internet, weather prediction, navigation, scientific exploration and – very importantly – monitoring the ‘space weather’ (including the activity from the Sun).

There are several other international agreements on space, such as on the rescue of astronauts, the registration of satellites and liability for damage caused by space objects. There is also the Moon Treaty, which governs activities on the Moon and other moons, asteroids and planets.[i]

More recently, states at the UN Committee on the Peaceful Uses of Outer Space (COPUOS) in Vienna have agreed on guidelines to deal with the worrying situation of space debris which is cluttering up orbits and posing a danger to satellites, the space station and astronauts.

The problem the international community now faces is that the use of space is changing dramatically and rapidly. There are more satellites than ever – well over 1,000 – and more owners of satellites – almost every country uses information generated from space. Increasingly, however, those owners are not countries, militaries or international organizations but the commercial sector. Very soon, the owners will even include individuals.

Small ‘mini-satellites’ or ‘cube-sats’ are poised to be deployed in space. These can act independently or in ‘swarms’, and are so small that they piggy-back on the launching of other satellites and so are very cheap to launch. This is changing the cost–benefit equation of satellite ownership and use. Developing countries are increasingly dependent on space for communications, the internet and information on, for example, weather systems, coastal activities and agriculture. 

Another major development is the advent of asteroid mining. Asteroids contain a wide range of metals and minerals – some asteroids are more promising than others, and some are closer to Earth than others. Several companies have been set up and registered around the world to begin the exploitation of asteroids for precious metals (such as platinum) and compounds (such as rare-earth minerals).

Legally, however, this will be a murky venture. The current international treaty regime prohibits the ownership of a celestial body by a country – space is for all. But does international law prohibit the ownership or exploitation of a celestial body by a private company? The law has yet to be tested, but there are space lawyers who think that companies are exempt. Luxembourg and Australia are two countries that have already begun the registration of interest for space-mining companies.

As humanity becomes more dependent on information that is generated in or transmitted through space, the vulnerability to the manipulation of space data is increasing. The demands on the use of communications frequencies (the issue of spectrum availability and rights), managed by the International Telecommunication Union (ITU),[ii] need to be urgently addressed.

There are now constant cyberattacks in space and on the digital information on which our systems rely. For example, position, navigation and timing information such as from GPS or Galileo is not only vital for getting us safely from A to B, but also for fast-moving financial transactions that require accurate timing signals.

Almost all of our electronic systems depend on those timing signals for synchronization and basic functioning. Cyber hacks, digital spoofing and ‘fake’ information are now a real possibility. There is no rules-based order in place that is fit to deal with these types of attacks.

Cyberweapons are only part of the problem. It is assumed that states, if they haven’t already done so, will be positioning ‘defensive’ space weaponry to protect their satellites. The protection may be intended to be against space debris – nets, grabber bars and harpoons, for example, are all being investigated.

All of these ideas, however, could be used as offensive weapons. Once one satellite operator decides to equip its assets with such devices, many others will follow. The weaponization of space is in the horizon.

There are no international rules or agreements to manage these developments. Attempts in Geneva to address the arms race in space have floundered alongside the inability of the Conference on Disarmament to negotiate any instrument since 1996.

Attempts to develop rules of the road and codes of conduct, or even to begin negotiations to prohibit weapons in space, have failed again and again. There are no agreed rules to govern cyber activity. The Tallinn Manuals[iii] that address how international law is applicable to cyberwarfare also address the laws of armed conflict in space, but data spoofing and cyber hacking in space exist in far murkier legal frameworks.

The current system of international space law – which does not even allow for a regular review and consideration of the OST – is struggling to keep up. Space is the inheritance of humankind, yet the current generation of elders – as they have done with so many other parts of our global environment – have let things go and failed to shepherd in the much-needed system of rules to protect space for future generations.

It is not too late, but it will require international cooperation among the major space players: Russia, the US, China, India and Europe – hardly a promising line-up of collaborators in the current political climate.

Filling the governance gaps

Norms of behaviour and rules of the road need to be established for space before it becomes a 21st-century ‘wild west’ of technology and activity. Issues such as cleaning up space debris, the principle of non-interference, and how close satellites can manoeuvre to each other (proximity rules) need to be agreed as a set of international norms for space behaviour.

A cross-regional group of like-minded countries (for example Algeria, Canada, Chile, France, India, Kazakhstan, Malaysia, Nigeria, Sweden, the UAE and the UK) should link up with UN bodies, including the Office for Outer Space Affairs (UNOOSA), COPUOS and ITU, and key private-sector companies to kick-start a new process for a global code of conduct to establish norms and regulate behaviour in space.

The UN could be the host entity for this new approach – or it could be established in the way the Ottawa process for landmines was established, by a group of like-minded states with collective responsibility for, and collective hosting and funding of, the negotiations.

A new approach should also cover cybersecurity in space. The UN processes on space and cyber should intersect more to find ways to create synergies in their endeavours. And the problems ahead as regards spectrum management – particularly given the large number of small satellites and constellations that are to be launched in the near future – need urgent attention in ITU.

Notes

[i] All of these treaties and other documents can be found at UN Office for Outer Space Affairs (2002), United Nations Treaties and Principles on Outer Space, http://www.unoosa.org/pdf/publications/STSPACE11E.pdf.

[ii] ITU (undated), ‘ITU Radiocommunication Sector’, https://www.itu.int/en/ITU-R/Pages/default.aspx.

[iii] The NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE), ‘Tallinn Manual 2.0’, https://ccdcoe.org/research/tallinn-manual/.

This essay was produced for the 2019 edition of Chatham House Expert Perspectives – our annual survey of risks and opportunities in global affairs – in which our researchers identify areas where the current sets of rules, institutions and mechanisms for peaceful international cooperation are falling short, and present ideas for reform and modernization.

After President Trump decided to halt a missile attack on Iran in response to the downing of a US drone, it was revealed that the US had conducted cyberattacks on Iranian weapons systems to prevent Iran launching missiles against US assets in the region.

This ‘left-of-launch’ strategy – the pre-emptive action to prevent an adversary launch missiles – has been part of the US missile defence strategy for some time now. President George W Bush asked the US military and intelligence community to infiltrate the supply chain of North Korean missiles. It was claimed that the US hacked the North Korean ballistic missile programme, causing a failed ballistic missile test, in 2012.

It was not clear then – or now – whether these ‘left-of-launch’ cyberattacks aimed at North Korea were successful as described or whether they were primarily a bluff. But that is somewhat irrelevant; the belief in the possibility and the understanding of the potential impact of such cyber capabilities undermines North Korean or Iranian confidence in their abilities to launch their missiles. In times of conflict, loss of confidence in weapons systems may lead to escalation.

In other words, the adversary may be left with no option but to take the chance to use these missiles or to lose them in a conflict setting. ‘Left of launch’ is a dangerous game. If it is based on a bluff, it could be called upon and lead to deterrence failure. If it is based on real action, then it could create an asymmetrical power struggle. If the attacker establishes false confidence in the power of a cyber weapon, then it might lead to false signalling and messaging.

This is the new normal. The cat-and-mouse game has to be taken seriously, not least because missile systems are so vulnerable.

There are several ways an offensive cyber operation against missile systems might work. These include exploiting missile designs, altering software or hardware, or creating clandestine pathways to the missile command and control systems.

They can also be attacked in space, targeting space assets and their link to strategic systems.

Most missile systems rely, at least in part, on digital information that comes from or via space-based or space-dependent assets such as: communication satellites; satellites that provide position, navigation and timing (PNT) information (for example GPS or Galileo); weather satellites to help predict flight paths, accurate targeting and launch conditions; and remote imagery satellites to assist with information and intelligence for the planning and targeting.

Missile launches themselves depend on 1) the command and control systems of the missiles, 2) the way in which information is transmitted to the missile launch facilities and 3) the way in which information is transmitted to the missiles themselves in flight. All these aspects rely on space technology.

In addition, the ground stations that transmit and receive data to and from satellites are also vulnerable to cyberattack – either through their known and unknown internet connectivity or through malicious use of flash drives that contain a deliberate cyber infection.

Non-space-based communications systems that use cable and ground-to-air-to-ground masts are likewise under threat from cyberattacks that find their way in via internet connectivity, proximity interference or memory sticks. Human error in introducing connectivity via phones, laptops and external drives, and in clicking on malicious links in sophisticated phishing lures, is common in facilitating inadvertent connectivity and malware infection.

All of these can create a military capacity able to interfere with missile launches. Malware might have been sitting on the missile command and control system for months or even years, remaining inactivated until a chosen time or by a trigger that sets in motion a disruption either to the launch or to the flight path of the missile. The country that launches the missile that either fails to launch or fails to reach the target may never know if this was the result of a design flaw, a common malfunction or a deliberate cyberattack.

States with these capabilities must exercise caution: cyber offence manoeuvres may prevent the launch of missile attacks against US assets in the Middle East or in the Pacific regions, but they may also interfere with US missile launches in the future. Even, as has recently been revealed, US cyber weapons targeting an adversary may blow back and inadvertently infect US systems. Nobody is invulnerable.

With the increased use of armed drones in recent years, ethical and legal concerns have been raised in regard to civilian casualties, secrecy and lack of transparency and accountability for drone strikes.

This project brings together experts on the use of armed drones, including current and former military officials, academia, think-tanks and NGOs, to discuss and exchange perspectives based on their different experiences, with the aim of sharing knowledge and increasing understanding on these issues, and to inform and provide input into the European debate. The experts explore the issues and controversies surrounding the use of drones outside formal armed conflict and study the broader policy implications in detail, particularly with regards to what this means for the UK and other European countries.

Building on the findings from the workshops, this project will hold a simulation exercise to stress test critical areas of concern around the use of armed drones that are relevant for the UK and other EU member states.

The discussions and the simulation exercise will provide opportunities for policy input on areas of mutual concern and feed into practical policy recommendations on the use of armed drones.

This project builds on previous work on armed drones by the International Security Department and is funded by the Open Society Foundations.

This roundtable is part of a series under the project, 'Implementing the Commonwealth Cybersecurity Agenda', funded by the UK Foreign and Commonwealth Office (FCO). The roundtable aims to provide a multi-stakeholder, pan-Commonwealth platform to discuss how to implement the Commonwealth Cyber Declaration with a focus on its third pillar 'To promote stability in cyberspace through international cooperation'.

In particular, the roundtable focuses on points 3 and 4 of the third pillar which revolve around the commitment to promote frameworks for stability in cyberspace including the applicability of international law, agreed voluntary norms of responsible state behaviour and the development and implementation of confidence-building measures consistent with the 2015 report of the UNGGE. 

The workshop also focuses on the commitment to advance discussions on how existing international law, including the Charter of the United Nations and applicable international humanitarian law, applies in cyberspace.

The roundtable addresses the issue of global cyber governance from a Commonwealth perspective and will also include a discussion around the way forward, the needed capacity of the different Commonwealth countries and the cooperation between its members for better cyber governance.

Participants include UNGGE members from Commonwealth countries in addition to representatives to the UN Open-Ended Working Group from African countries as well as members from academia, civil society and industry.