The proceedings of the 13th International Conference on Cyber Conflict, organised in 2021 as a virtual event, gather 20 articles from the law, technology and strategy domains. CyCon 2021 – Going Viral explores the impact on human crises on cyberspace and, in a broader perspective, sets out to encourage discussion on the impact of the rapid proliferation and high unpredictability that processes in cyberspace are prone to, and the real-life implications these phenomena have.
While some articles study close up specific aspects of the COVID-19 pandemic, others look already into the distant future and contemplate new governance models for complex cyber systems.
As usual, articles in this book reflect the three tracks of CyCon – legal, technical and strategic. On the legal track, the discussion revolves around norms of behaviour in cyberspace and innovative applications of principles of international humanitarian law to cyber operations. The other two tracks are in a rare symbiosis this year, with policy considerations underlying technical papers and, vice versa, technical aspects serving as a springboard for conclusions on the strategy track.
François Delerue (Chapter 1) opens with the queen of international legal rules and principles and calls upon States to be bolder on sovereignty in cyberspace. Vladimir Radunović, Jonas Grätz-Hoffmann and Marilia Maciel (Chapter 2) add a private sector perspective to the implementation of norms in cyberspace. Anastasia Roberts and Adrian Venables (Chapter 3) then attempt to alleviate legal concerns stemming from the use of artificial intelligence in the targeting process. Monica Kaminska, Dennis Broeders and Fabio Cristiano (Chapter 4) take more of a policy approach and conclude the legal bloc by examining whether principles of distinction, precaution and discrimination could inspire a new norm regulating under-the-threshold cyber operations.
The next group of papers explores cyber threats in the context of a specific industry or category of services. Johannes Klick, Robert Koch and Thomas Brandstetter (Chapter 5) provide a topical and practical study of the attack surface of the German healthcare sector. Bobby Vedral (Chapter 6) examines the vulnerability of the financial system to a systemic cyber attack. Charles Harry and Skanda Vivek (Chapter 7), in their turn, look into cyber threat implications for the US commercial air sector, while Keir Giles and Kim Hartmann (Chapter 8) focus on and explore the critical dependencies in the communications sector. James Pavur, Martin Strohmeier, Vincent Lenders and Ivan Martinovic (Chapter 9) sound the alarm with regard to technologies used to launch space missions and the policy implications of their vulnerabilities. Csaba Krasznay and Gergő Gyebnár (Chapter 10) offer a case study illustrating the challenges of cyber threat intelligence sharing in the energy sector.
This year’s selection would not be complete without pure policy papers. Brandon Valeriano and Benjamin Jensen (Chapter 11) present a unique insight into the work of the US Cyberspace Solarium Commission and identify the lessons learned. Nikola Pijović (Chapter 12) evokes the 19th century Great Game and examines how modern powers compete to shape global cyberspace norms. Jason Blessing (Chapter 13) documents the growth in institutionalised cyber capabilities across the globe, thus helping us realise the evolving paradigm in states’ cyber defence policies in and beyond NATO. James Shires (Chapter 14) takes an innovative look at disinformation operations and introduces their stratification in order to better understand their policy implications. Looking well beyond the horizon is the paper by Neal Kushwaha, Keir Giles, Tassilo Singer and Bruce Watson (Chapter 15), who propose a new regulatory concept of cyber personhood be considered for complex cyber systems of the future.
Before we reach the distant future, a closer study of existing or emerging technologies is appropriate. Roman Graf and Artūrs Lavrenovs (Chapter 16) follow up on their earlier work on using artificial intelligence (AI) to classify devices on the internet. A paper authored by Roland Meier, Artūrs Lavrenovs, Kimmo Heinäaro, Luca Gambazzi and Vincent Lenders (Chapter 17) contemplates the engagement of AI in cyber defence exercises. Vasileios Mavroeidis, Ryan Hohimer, Tim Casey and Audun Jøsang (Chapter 18) seek to demonstrate how commonly agreed-upon controlled vocabularies can be practically used to enrich cyber threat intelligence and infer new information at a higher contextual level. Pietro Baroni, Federico Cerutti, Daniela Fogli, Massimiliano Giacomin, Francesco Gringoli, Giovanni Guida and Paul Sullivan (Chapter 19) examine the interaction of AI and humans in cyber threat analysis. The book concludes with Martin C. Libicki and David C. Gompert (Chapter 20) offering policy recommendations on quantum communications as an instrument for better cyber security.