1. Chairman Address, John Wells
2. Digital Media: Old enough to suffer disruption, A Mayhew
3. PR Trends 2016, Maddison Richards
4. Big Data: A big deal for PR?, Christine Schulte
5. US Elections: The UK summer of love becomes the US winter of discontent, Julie Sibraa
6. The right to bear arms: Obama's executive action on guns, Isabelle Walker
7. Cyber Security, Tom Davis
8. IPREX highlights
9. Delivering compassion and support, Ben Haslem
10. Mass mobilisation: Power and the role of technology, Geoffrey MacDermott
The Shell Issue 6
Cyber security practice
The Geneva Conventions generally are understood to establish standards that govern the behaviour of combatant nations toward civilians, prisoners of war and soldiers who are not capable of fighting. Their adoption created norms of behaviour for tempestuous times. While they may not always be scrupulously followed, the fact they have been ratified by 196 sovereign states suggests there is solid accord on the principles they set forth. Now the Geneva Convention model is being held out as a way to address cyber warfare.
Last November, the Chairman and ranking member of the US House Subcommittee on the National Security Agency and Cybersecurity sent a letter to Secretary of State John Kerry and National Security Advisor Susan Rice that said, in part, “Non-proliferation agreements were negotiated to curtail the exponential growth of nuclear weaponry during the second half of the 20th Century. Now is the time for the international community to seriously respond again with a binding set of international rules for cyber warfare: an E-Neva Convention (…).” The letter asked for the U.S. to take the lead in developing a binding set of international rules for cyber warfare. The Congressmen pointed out that the United Nations Group of Governmental Experts on Information Security last year affirmed a nonbinding consensus among 20 nations that international law, including the United Nations Charter, applies in cyberspace, and suggested it might be possible to build on that effort. The letter may have been a short-lived blip on the cyber radar except for one additional development.
The recently enacted Cybersecurity Act of 2015 contains a provision that requires the State Department to create an international cyberspace policy within 90 days.
It shouldn’t go unmentioned that the State Department recently has been having a problem meeting deadlines, but we can assume that at some point we will see a State Department plan that lays out a strategy for developing international norms covering standards of behaviour for cyber warfare.
Given that the proponents of an E-Neva Convention saw no need for a G in describing their approach, I think we can borrow the G to make the following observations. Gee, it would be great to have universally agreed upon protocols for cyber warfare. Gee, it is exceedingly unlikely such protocols will be adopted anytime soon.
It does appear that at the highest levels of U.S. governmental thinking there is an effort to draw clear lines of distinction between cyber warfare and other acts.
We were able to say, for example, that the presumed Chinese sponsored attack on OPM (United States Office of Personnel Management) was business espionage.
The US deemed the Sony hack attributed to North Korea a cyber-attack and enacted sanctions against North Korea, in part because it was felt necessary to establish deterrence against further attacks.
But how the US sees and categorizes cyber activity does not determine how other nations will view the same actions. We are a long, long way from bridging the enormous gap that exists among nations over the use of cyber warfare.
Perhaps the fledgling State Department effort will make a contribution toward the day when that gap will be reduced or eliminated.
As the Chinese philosopher Laozi said, “A journey of a thousand miles begins with a single step.”