Over 200 abstracts were submitted in the call for papers for CyCon 2023, the highest number in CyCon’s history. The conference’s proceedings, published under the central theme of ‘Meeting Reality’, consist of a final selection of 24 articles.
The theme invites us to take stock of the many assumptions, conclusions, and forecasts made about cyberspace, technologies, and their users, both in peacetime and in times of crisis and conflict. ‘Meeting Reality’ is also about facing a reality we had hoped would never come again. The war in Ukraine has brought new geopolitical tensions and partnerships, tested our ideas, presumptions and established practices, and presented new challenges. It has also brought new opportunities for the application and interpretation of law, policies, and technology.
Multiple papers, across all three CyCon tracks, technology, strategy/policy, and law, reflect on the events in Ukraine. The CyCon authors have contemplated topics ranging from the third-party obligations and participation of non-state actors to information operations to the implications of and for the use of drones.
The law of neutrality section opens with Scott Sullivan unpacking cyber neutrality in the context of the war in Ukraine. Yann L. Schmuki goes further and offers an analysis of the obligations and rights of neutral states applicable to the sharing of data obtained in cyberspace. Marie Thøgersen employs the law of neutrality perspective to examine the relationship between non-participating States and volunteer hackers based in their territory, while Tsvetelina J. van Benthem explores the legal implications of the involvement of the private sector, specifically digital service providers, in an armed conflict.
The extensive ICT industry engagement in Ukraine is further examined by Bilyana Lilly, Kenneth Geers, Greg Rattray, and Robert Koch, who investigate the specific products and services supplied by private companies and compile lessons learnt and recommendations for better navigation in future conflicts.
The empirical approach to the war in Ukraine continues with Erica D. Lonergan, Margaret Smith, and Grace B. Mueller presenting a data analysis to evaluate earlier predictions on the role cyberspace would play in the conflict. In a similar vein, a paper by Margaret Smith and Dean Thomas examines a database of content related to the IT Army of Ukraine in order to assess the latter’s effectiveness as a resistance movement.
Several papers deal with the protection of critical information infrastructure – in Ukraine and beyond – and explore the prerequisites for a nation’s effective resilience, including the interdependencies of supply chains and the use of new technology standards. Andrii Davydiuk and Vitalii Zubok offer an insight into the challenges faced by the Ukrainian energy sector. Lars Gjesvik, Azan Latif Khanyari, Haakon Bryhni, Alfred Arouna, and Niels Nagelhus Schia present case studies of six world capitals and related dependencies of infrastructural and architectural configurations, through which they demonstrate differing effects on the resilience of digital technologies at the national level. In turn, Gerrit Holtrup, Jean-Pascal Chavanne, William Blonay, Alain Mermoud, Martin Strohmeier, and Vincent Lenders analyse the technical vulnerabilities of the 5G standard and evaluate multiple threat scenarios that affect the system core and radio access.
Igor Linkov, Kelsey Stoddard, Andrew Strelzoff, Stephanie E. Galaitsi, Jeffrey Keisler, Benjamin D. Trump, Alexander Kott, Pavol Bielik, and Petar Tsankov have teamed up to offer a concept of interpretable, actionable, and resilient AI to expand the possibilities for AI use in mission-critical contexts. Military cyber operations are also at the heart of a paper by Barış Egemen Özkan and İhsan B. Tolga, which introduces a zero-day cyber readiness model.
Also looking to future conflicts, Alexandros Zacharis, Constantinos Patsakis, Demosthenes Ikonomou, and Razvan Gavrila explore the results of applying machine learning to unstructured information sources to generate structured cyber exercise content in preparation for or during a cyber conflict. Youngjae Maeng and Mauno Pihelgas examine evasive tactics in cyber defence exercises, stressing the importance of developing a robust scoring system in order to have effective exercises. Lina Gehri, Roland Meier, Daniel Hulliger, and Vincent Lenders draw on the CCDCOE’s flagship exercise – ‘Locked Shields’ – to analyse and propose mitigation techniques for the insufficiencies of existing machine learning models used to detect command and control attack traffic.
Benjamin Strickson, Cameron Worsley, and Stewart Bertram address the implementation challenges faced in deployment of autonomous capabilities, including AI, through a case study of a wargaming environment, and assess the quantitative and qualitative requirements for a human-centred approach to cyber situational awareness.
Conner Bender and Jason Staggs take us back to Ukraine, offering a case study on drones used in the conflict and the problems caused by their easy remote identification and tracking by the adversary.
New technologies used in Ukraine, and in contemporary conflicts in general, do not escape the attention of the legal papers either. Aleksi Kajander also considers the small drones used in the conflict, this time from the perspective of the sanction mechanisms adopted by the European Union. Matt Mallone focuses on cross-border data flows – another topic that has acquired visibility with the beginning of the conflict in Ukraine – to explore the security implications and opportunities ‘weaponization’ of these could bring for NATO countries. The final two legal papers revolve around the theme of information operations. Talita Dias offers a framework approach to the limits on information operations under international law, while Lindsay Freeman uses the reality of information operations in the Russia–Ukraine conflict as a springboard for a study of the implications of information technologies and their (mis)use for war crimes investigations.
Taking a broader strategic look, Joe Devanny and Andrew Dwyer examine the evolution of the United Kingdom’s national cyber strategies with a particular focus on the concept of responsible, democratic cyber power.
The final two papers of the CyCon 2023 proceedings take us beyond NATO’s boundaries. Nate Beach-Westmoreland offers an informed assessment of the lessons to learn from the conflict in Ukraine by China and its information and cyber warfare strategies. Eduardo Izycki, Brett van Niekerk, and Trishana Ramluckan conclude the series with observations on NATO and European Union cyber diplomacy engagement with the countries of the Global South.
All papers published in the proceedings have been subjected to a double-blind peer review by members of the CyCon Academic Review Committee.