Cyberspace present unique challenges in the context of international peace and security. The increasing threats associated with the cyberspace by state and non-state actors needs heightened scrutiny and consultations amongst cyberspace actors to generate consensus on how to manage and maintain international peace and security. The need to protect and prevent attacks on infrastructures that are critical to the survival of the cyberspace is exceedingly crucial. The African Union define critical cyber infrastructure as that which is essential to vital services for public safety, economic stability, national security and international stability and for the sustainability and restoration of critical cyberspace. Every state and non-state actor such as big businesses (big tech, telecoms etc.) do have control of critical network infrastructures and hence its stability is critical not just for their business interests but also for everyone.
Currently states and non-state actors alike grapple with incidents of cyber-attacks – ranging from use of malicious malwares, ransomwares, denial of services attacks, distributed denial of service attacks and cyber espionage just to mention but a few. This challenge has made many states especially with developed economies to embark on offensive and defensive cyber capabilities. The United States, the United Kingdom, Israel and the Netherlands are just a few of the examples of countries with both offensive and defensive cyber capabilities. But with all these strengths, without a global consensus and cooperation on how to stabilize the cyberspace, international conflict is inevitable but the risk to conflict is even higher after all, technical capacity itself is not sufficient but also behavioral actions of actors in the cyberspace.
Because cyberspace presents several challenges, states are bound to bi-laterally conflict with each other but the dangers to cyberstability is felt by all multilateral actors. For example, in 2019 the revelation that the South African based Telecom Company MTN Uganda was involved in abetting large-scale cyber espionage on Uganda government via its telecommunication networks led to deportation of MTN Uganda top management by Ugandan authorities. The MTN Uganda alleged spying on Uganda government follows its funding support to dissident groups, eavesdropping on communication of government of Uganda officials, providing financial intelligence on finances of government officials and diverting such information to Rwanda – a country that accuses Uganda of harboring dissident groups with intention to overthrow the Kigali establishment . This diplomatic row was orchestrated via ICT infrastructure of the telecom company. This led to heightened tension between the two countries, later culminated in closure of border and a strained diplomatic relation between the two countries
The unique challenges cyberspace presents includes the difficulty to attribute an attack to an actor when it occurs, determining the intent of cyber operation, the use of proxies allows their sponsors to hide and given the fact that cyber operations can be hard to detect, adversaries believe they gain an advantage by attacking first during period of heightened crisis.
This is why it’s important for multi-stakeholder groups to jointly agree on a cyberstability framework on the basis of consensus. Because such frameworks help to serve as a guide that limits potential for cyberspace disruptions that undermines the benefits that ICTs presents but also general well-being including rights and freedoms of users. The Global Commission on the Stability of the Cyberspace (GCSC) has developed 7 Cyberstability framework that is crucial in advancing debates around cyberspace stability.
However, there is already very good progress being made with the works of the UN First Committee on Responsible state behavior. The works of the UN Group of Governmental Experts (GGE) and the Open-Ended Working Group (OEWG) has been really helpful in advancing these debates at the UN but also with other regional organizations and producing a series of reports that has helped shape conversations in these field. Even though major disagreements still exist – states are also moving towards major consensus on contentious issues e.g., how international law especially the laws of armed conflict apply in the cyberspace. But also, a number of proposals on developing new norms, confidence building measures, enhancing capacity of states, enforcing cooperation through multilateral agreements and other forms of consultations has proven fruitful in moving forward these conversations
But because cyberspace is multifaceted and its everyone responsibility, the actions of states alone is not sufficient in building cyberstability. States need support from all stakeholder groups such as civil society, private sector, academia and technical community each playing their roles within their areas of expertise. Currently, these discussions are dominated at the level of the UN with big players in the global north. Little is known about the contributions that African countries are making to these processes. For example, since the works of the UN First Committee started not more than 7 African countries have engaged meaningfully in these processes save for countries such as Kenya, South Africa, Mali, Ghana, Botswana, Senegal and Morocco. To what extent can we deepen these conversations beyond these African countries? How do we know that the participation of these African countries in these processes are trickling down to the rest of other African countries? In addition to the technical, institutional and resource constraints that bedevil these countries, how can these normative frameworks relevant to their realities?
The GGE report of 2015 recognized that given the unique attributes of ICTs, more norms are necessary overtime. But to what extent are normative frameworks relevant in fostering bi-lateral and multilateral relations for responsible state behavior in the cyberspace? Currently, the Centre for Multilateral Affairs is investigating the relevance of cybernorms in fostering Uganda’s bilateral and multilateral relations for responsible state behavior. We invite you to stay tuned to our ground breaking findings that will be released in the coming months. If you would like to stay in touch with us, sign up for our quarterly update newsletters here
Moses Owiny
Is a member of the RightsCon 2021 Program Committee on Cybernorms, Accountability and Practice. His most recent works includes cybersecurity and state capacity in Uganda. He is beneficiary of the training/webinar series; UN First Committee on Responsible State Behaviour in the cyberspace organised and facilitated by Global Partners Digital. He is currently researching on the relevance of cybernorms in fostering Uganda’s bi-lateral and multilateral relations for responsible state behaviour in the cyberspace.