The topic of Cyber peace is receiving surprisingly little attention. Having considered some characteristics of Cyberspace affecting the topic of Cyber peace and having considered whether we benefit from trying to strictly define what we mean by Cyber peace, the article proceeds to offer a defence for the role that law may play towards Cyber peace. Against this background, the article proposes a focus on the three criteria Alfred Nobel articulated for his famous Peace Prize: (1) advance fellowship among nations, (2) the abolition or reduction of standing armies, and (3) the establishment and promotion of peace congresses, as a suitable point of departure towards Cyber peace. The article concludes that to move towards Cyber peace we need specific, practical, and realistic actions rather than lofty proclamations. Thus, it calls for the establishment of a realistic "Cyber Peace Agenda" and introduces ongoing work towards such an Agenda under the custodianship of the Norwegian Nobel Institute.

Artificial Intelligence in Cyber Peace

현재 사이버 공간에서는 소극적 의미에서부터 적극적이고 포괄적인 의미에 이르기까지 사이버 평화 개념을 둘러싼 다양한 해석이 존재하고 있다. 중요한 점은 사이버 공간이 창출된 이후로 인류가 영위하는 온라인 활동 범위가 비약적으로 확장되었으며, 이에 따라 ‘안전하고 평화적인 사이버 공간’이 갖는 포괄적 의미 역시 한정하기 어려워지고 있다는 점이다. 특히, 증대되고 있는 ‘신흥안보(emerging security)’ 이슈의 부상은 사이버 공간의 평화 개념을 어디까지 확장할 것인가에 지대한 영향을 미치는 주요 변수로 자리 잡고 있다. 그중에서도 가상과 현실이 융합하고 이슈 간 경계를 허물어버리는 사이버 공간의 진화는 사이버 안보뿐만 아니라 사이버 평화의 개념에 대해서도 새롭게 접근해야 할 필요성을 제기한다. 본 연구는 평화 개념을 사이버 공간이 지니는 특징과 연계하여 검토함으로써 전통적 평화론을 넘어선 대안적 사이버 평화론의 필요성을 강조한다. 물리적 세계에서 전통적으로 통용되던 적극적, 소극적 차원의 평화 논의를 넘어, 사이버 공간의 확장이 갖는 경계 구분의 초월성, 이슈 연계 측면의 파급력, ‘과정’으로서의 사이버 평화 지향이 대표적이라 할 수 있다. 이러한 접근은 신흥안보 시대의 대안적 사이버 평화론 정립을 위한 첫걸음이 될 것이다.

Abstract The conceptual debate around the term cyber warfare has dominated the cybersecurity discipline over the last two decades. Much less attention has been given during this period to an equally important question: what constitutes cyber peace? This article draws on the literatures in peace and conflict studies and on desecuritization in critical security studies, to suggest how we might begin to rearticulate the cybersecurity narrative and shift the debate away from securitization and cyberwar to a more academically grounded focus on desecuritization and cyber peace. It is argued that such a move away from a vicious circle where states frame cybersecurity predominantly within a national security narrative and where they seek to perpetually prepare for cyberwar, to a virtual cycle of positive cyber peace, is not only a desirable, but a necessary outcome going forward. We assert that this is particularly important if we are to avoid (continuing) to construct the very vulnerabilities and insecurities that lead to the prioritization of offence and destruction in cyberspace, rather than transformative, human-centred development in information and communications technology innovation.

ABSTRACT Cybersecurity is a contested concept. While some definitions focus on technical aspects, other insist on the strategic and geopolitical dimensions. Recently, the definition has included development-related aspects in an increasingly digitalised economy. Instead of cybersecurity, international organisations such as the OECD and private companies now focus on the management of digital risk. While this shift represents an opportunity to include new actors and issues on the political agenda, it does not lead to the de-securitisation of cyberspace, nor to the promotion of cyber peace. This article explores the debates around the definition of cybersecurity with a particular focus on how Colombia became one of the first states to follow the 2015 OECD guidelines on the management of digital risk as part of an effort to join the organisation. It describes how the resulting perspective on cybersecurity evidences a market-centred approach focusing on the development of a digital economy. However, it also discusses why the evolution of cybersecurity policies in Colombia represents a missed opportunity to design a cyber peacebuilding policy in a post-conflict context.

Cyber Insurance As Cyber Diplomacy

Inside the Global Drive for Cyber Peace

Norms are useful because they represent agreed or expected behaviors. This paper discusses how technical and policy norms, formulated by multistakeholder bodies, can be used to enhance the governance of cyberspace and contribute to achieve cyber stability, which represents an ideal state where “all actors are free to enjoy the benefits of cyberspace without fear.”

The Future of Frontiers

As Critical National Infrastructures are becoming more vulnerable to cyber attacks, their protection becomes a significant issue for any organization as well as a nation. Moreover, the ability to attribute is a vital element of avoiding impunity in cyberspace. In this article, we present main threats to critical infrastructures along with protective measures that one nation can take, and which are classified according to legal, technical, organizational, capacity building, and cooperation aspects. Finally we provide an overview of current methods and practices regarding cyber attribution and cyber peace keeping.

사이버 위협과 사이버 안보화의 문제, 그리고 적극적 사이버 평화

Exploring the Shared Responsibilityy of Cyber Peace: Should Cybersecurity Be a Human Right?

Stabilizing the Industrial System: Managed Security Services’ Contribution to Cyber-Peace

Block-by-Block: Leveraging the Power of Blockchain Technology to Build Trust and Promote Cyber Peace

The Law of Cyber Peace

Business and cyber peace: We need you!

Reviewed by: Managing Cyber Attacks in International Law, Business, and Relations: In Search of Cyber Peace by Scott J. Shackelford Jeffrey R. Yost (bio) Managing Cyber Attacks in International Law, Business, and Relations: In Search of Cyber Peace. By Scott J. Shackelford. New York: Cambridge University Press, 2014. Pp. 434. $99. Historians of technology and computing largely have overlooked the history of computer security. A special issue of IEEE Annals of the History of Computing (April–June 2015) adds six scholarly articles on the topic, spanning early foundations, standards, metrics, the computer security industry, internet governance and security, and international efforts with public key encryption. Even so, there remains a paucity of work on this important topic, and legal scholar Scott J. Shackelford’s Managing Cyber Attacks in International Law, Business, and Relations is a particularly welcome addition to the literature. Shackelford’s study is primarily a policy and legal treatise on “cybersecurity,” though his exploration of longer historical trajectories and contexts, coupled with numerous historical analogies (for instance, to nuclear weapons diplomacy and policy), offer much of interest to historians of technology. For Shackelford, cybersecurity refers to “the policy field concerned with managing cyber threats, including unauthorized access, disruption, and modification of electronically stored information, software, hardware, services, and networks” (p. xxxi). He provides a thoroughly researched survey of contemporary cyber attacks, including distributed denial of service, zero-day exploits, targeting the systems controlling critical national infrastructure, state-sponsored espionage and intellectual property theft, viruses, internet worms, logic bombs, spyware, and Trojan horses. His case studies might enliven lectures on these pressing topics. To his credit, Shackelford includes discussion of the (often ignored or underrepresented) economics of computer security in applying concepts [End Page 280] such as the tragedy of the commons, free-riding, and the prisoner’s dilemma. He correctly conveys the well-covered terrain of how interoperability, not security, guided internet protocol pioneers, and adds an important and accessible overview of underlying vulnerabilities with Transport Control Protocol (TCP), Internet Protocol (IP), Domain Name System (DNS), and Border Gateway Protocol (BGP). Further, he skillfully relates the ongoing debates between advocates of modest security protocol enhancements versus those favoring significant foundational alterations. While Shackelford’s book stands as a useful survey drawing on government documents, legal scholarship, and other sources, his aim is to advocate for polycentric governance. In surveying both contemporary and historical bottom-up (such as the work of the Internet Engineering Task Force) and top-down (Internet Corporation for Assigned Names and Numbers) efforts, he argues convincingly for “polycentricity,” involving the “embrace of multiple stakeholders, norms, bottom-up regulation, and targeted measures … in the face of multipolar politics” (pp. 330–31). For Shackelford, domestic and international laws are insufficient to advance cybersecurity—and polycentric governance, though not necessarily ideal, is the best pragmatic course given the international community’s inability to come together to “craft a common vision for cyberspace and cybersecurity” (p. 367). Though Shackelford’s engaging, insightful, well-written, and convincingly argued book is based on extensive research, and gives far more attention to historical context than many policy and legal studies, it has its limitations. It has a bias toward network security vulnerabilities and largely ignores the history of access-control techniques, systems, and standards—including the commercial road taken (weak control mechanisms with systems like IBM’s RACF)—and the one avoided (high-assurance operating systems—the topic of Donald MacKenzie and Garrel Pottinger’s pathbreaking 1997 IEEE Annals of the History of Computing article). Related to its recurrent themes concerning networking protocol design—interoperability, surveillance, and security (or insecurity)—its discussion of IPv6 is rather sparse and missing the particular security challenges with IPv6 and nuanced understanding that communication and STS scholar Laura DeNardis delivers in Protocol Politics (2009) and The Global War for Internet Governance (2014). And while his inclusion of microeconomic theory is a plus, Shack-elford neglects the founder and intellectual leader in this area, computer scientist Ross Anderson. Shackelford is also subject to carelessness with historical facts at times, most notably stating that the ARPANET project (rather than the agency ARPA) was launched in 1958. Nonetheless the contributions of this high-quality policy study far outweigh any...

Unpacking the International Law on Cybersecurity Due Diligence: Lessons from the Public and Private Sectors

Bilateral investment treaties (BITs) are an increasingly important component of international investment law. There are currently more than 2,000 BITs involving some 175 countries active around the world. These agreements cover a huge range of industry sectors and business activities. The United States and China are negotiating an expansive BIT that will reportedly include the difficult issue of enhancing cybersecurity. This Article investigates the utility of using BITs as a vehicle for enhancing global cybersecurity, either as an interim step or potentially even a replacement for multilateral initiatives. The argument is made that BITs are an invaluable way to enhance cybersecurity as one component of a polycentric response to cyber attacks, but that the drawbacks of BITs should be analyzed using the pending U.S.-China BIT as a case study.

Toward a State-Centric Cyber Peace? Analyzing the Role of National Cybersecurity Strategies in Enhancing Global Cybersecurity