Masterclass Cyber-Security

On 27 February, the Clingendael Academy organised the first in a series of Masterclasses in International Security. The Masterclass aims to bring policy practitioners together in an exclusive setting with leading experts while discussing the ins and outs of a specific current topic. The first Masterclass kicked off with Cyber-security. 15 professionals from several Ministries, Embassies, the Armed Forces, private sector and the NGO community participated.

Cyber-security in a globalised world

Cyber-security now enters the domain of foreign and security policy due to the ever globalising world, where telecommunications, the Internet and technology are advancing more quickly than we can follow. This was one of the messages of Dr. Uri Rosenthal, the Dutch Special Representative for the 2015 International Cyberspace Conference, during his opening address. In order to maintain a safe and secure cyber world for each and every one, international cooperation, and cooperation between the private and public sector, are of paramount importance. In terms of international guidelines, debates within NATO about the applicability of Article 5 of the Washington Treaty for cyber-attacks were discussed as well as the width of the pending Directive of the European Commission.

Defence versus Protection

The concept of cyber warfare was deconstructed by Dr. Dennis Broeders by using the examples of the Stuxnet Worm, Diginotar, and the existing market for zero-day vulnerabilities, in which certain organisations and businesses sell information about vulnerabilities in widely used software to interested payers. A debate followed on how to effectively assess and address those threats, where indeed unanswered questions remain. Mr Michiel van Leeuwen introduced the nature and scope of cyberspace on our daily lives, while addressing the highlights of the Dutch Government’s cyber-security assessment: our dependency grows, criminality increases, but so does our resilience.

The role of Journalism in Cyber-security

Cyber-security is dominated by national security-related agencies and private parties and as a consequence, journalists (and civil society in general) have great difficulty in finding accountable facts and figures. Proper review of new law proposals is therefore problematic and too often ill-conceived, just like the guarantee of proper checks and balances. Martijn Maurits (news website ‘The Correspondent') put up the question of how a Government can be trusted in conducting cyber war, fighting cyber-crime and protecting the country from cyber-attacks, while at the same time it is digitalising public service data of citizens (e.g. iGovernment, electronic patient files)?

Legal Frameworks and Technologies

Cyber warfare operations and cyber security mechanisms are guided by a plethora of legal frameworks. Col Ducheine’s explained that – depending on which role one has (protection, law enforcement, intelligence, conflict) – different sets of law apply, ranging from national Police Law, the European Convention on Human Rights to Laws of Armed Conflict. Mr Eric Luiijf of TNO elaborated on the technological side of cyber security. As such, ‘Internet’ only represents 10% of the cyber domain. This idea contradicts, for example, the focus of the EU Cyber-security Strategy which turns a blind eye to the overall cyber domain.

“We are not on top of things”

At the Masterclass, a few summarising conclusions were shared:

• Cyberspace is characterised by an allogamy of “blurred lines”: between private and public spheres; between offense and defence; and between national and international boundaries;
• More coordination is needed and the focus of the ‘community of interest’ should be on capacity-building. At this moment “we are not on top of things”.
• One approach to improve is through, on the one hand, proper engineering and, on the other hand, better education to citizens, private parties and governments.
• Finally, a “9/11 of cyber security” has not yet happened, but it is more likely than not to occur one day; society has to be prepared, made aware and – to the extent possible – resilient.

In the course of March, a more detailed reflection, including some video-excerpts, will be shared. The next Masterclass is scheduled for 1 May and deals with Nuclear Security. You can subscribe here