Formative events often serve as a baseline for assessing future situations, and dissimilarities between past and future tend to be overlooked – sometimes to the detriment of sound policy-making. The question should therefore not be whether we will enter a dynamic era of policy learning, as indicated by use of the term “Zeitenwende” in recent German security discourse. Instead, we should ask whether we will learn the right lessons.
Other conflicts may not play-out as the Ukraine war has thus far in cyberspace. Attackers might be better prepared and more ready to use offensive cyber capacities, defenders on the other hand might well have less experience and fewer international allies. In this third part, I want to focus on domain specific escalation risks. Although these risks have not (yet) materialised within the Ukraine context, there is nevertheless plenty of evidence to corroborate their existence.
Describing and understanding the puzzle are of course two different things, let alone deriving policy conclusions. In the second part of this post, I will argue that special, although not necessarily unique, strategic circumstances have contributed to the absence of more serious cyberattacks, particularly against critical infrastructures in the context of the Ukraine war.
In the three months since the initial Russian invasion of Ukraine, numerous articles on the military and strategic significance of cyber operations have been published. Most – but not all – assume we are faced with major puzzle: how come there have not been any large-scale disruptive cyberattacks against critical infrastructures in Ukraine and beyond. On closer inspection, this perceived puzzle can be divided into three separate elements: impact and intensity, integration of operations, and timing.
The hybrid event centred on four thematic blocks: security trends and constellations; tasks, goals, and instruments; civil society and business partnerships; as well as regional and international cooperation.
The UN member states embarked on a new negotiation process with the goal of creating a global convention against the criminal misuse of information and communication technology.
André Dornbusch (German Federal Criminal Police Office), Louise Marie Hurel (Igarapé Institute), and Nnenna Ifeanyi-Ajufo (Swansea University) discussed these and related questions at the third interdisciplinary workshop organised by IFSH’s "International Cybersecurity" team in cooperation with the German Federal Foreign Office.
The second interdisciplinary workshop focussed on which actors and procedures could advance the implementation of the UN norms of responsible state behaviour in cyberspace.
The short presentations by Jacqueline Eggenschwiler (University of Oxford), Alexander Klimburg (Global Commission on the Stability of Cyberspace), Sheetal Kumar (Global Partners Digital) and Mischa Hansel (IFSH) shed particular light on the role and competencies of non-state actors.