The complex web of cyber defence

Are human rights up for debate in the defence of cyberspace?
Photo: vishnu vijayan / CC0 Creative Commons / Pixabay

At the Munich Security Conference this February, experts were asked what they considered to be the main global challenges of 2018. Cyber attacks and cyber-related security threats stood out as a major concerns for all nations. David Miliband, CEO of the International Rescue Committee, warned that cyber security threats not only affect the territory but also the values and institutions of European countries. Cyberspace may have human-made borders, but its structure is by nature borderless. This truly global space requires global cooperation to secure and defend it.

Cyber defence policies will affect important aspects of private and public life across the planet, including those rights agreed upon under the UN Universal Declaration of Human Rights. For instance, Article 12 states that everyone has the right to be protected by the law if their privacy, family, home or correspondence is interfered with. In the digital age, the accounts and interactions of users on the internet contain private and valuable information that require protection. The Office of the UN High Commissioner for Human Rights (OHCHR) has declared that human rights apply to cyberspace in the same way as they do to the physical world. While this formal declaration is an important first step, we have a long way to go before we understand how certain human rights are affected by the existence of cyberspace and what kind of impact cyber defence mechanisms have on much-coveted aspects of democratic life, such as the freedom of expression and free access to information.

Cyber Defence and Human Rights: NATO in the Digital Era

As a collective defence organisation, the North Atlantic Treaty Organization (NATO) is charged with collective defence and cooperative security of its member states in Europe and the North Atlantic. In the last decade the organisation has made great strides in the effort to secure cyberspace and increase international cooperation in cyber defence. The organisation’s development of a comprehensive cyber strategy is necessary in the digital era. As issues like hacking, cyber espionage, censorship and the prospects of cyber war continue to challenge states and civilians alike, international agreement on legal standards and strategic choices is crucial.

Human rights are threatened on many levels in the digital age. States, international organisations, NGOs and activists aiming to protect human rights currently have no treaty to adhere to in cyberspace. Despite numerous attempts to agree on global legal standards, such as the Tallinn Manual on the International Law Applicable to Cyberspace, the law in cyberspace remains vague, fragmented and without international agreement. In the worldwide race to triumph over the myriad of cyber threats to human rights, NATO remains one of the most crucial players. The Cooperative Cyber Defence Centre of Excellence (CCD COE) was accredited by NATO in 2008 as a consequence of the cyber attacks on Estonia in April 2007. It has since become a hub of information on the best practices of cyber defence amongst member states and partners. Spearheading NATO’s digital transformation and endeavour is the NATO Communications and Information (NCI) Agency. Through these two organs, NATO has answered to the heightened sense of threat and danger stemming from cyberspace.

Navigating Uncharted Space

Policy-makers in digital defence circles are burdened with the difficult task of navigating the complex structure of cyberspace to ensure that civilians and state institutions are protected from cyber threats without being able to rely on decades of practice or many lessons learned. NATO’s mandate of collective defence requires a military approach to cyber security and the defence of the national digital infrastructure of member states. In this context, the militarisation of cyberspace has been a slow but consistent strategic move by NATO. In 2016, the organisation recognised cyberspace as a domain of operations like the land, air and sea. In line with this statement, the organisation committed to securing and defending cyberspace like the physical domains of NATO member states.

However, territory in cyberspace does not function the same way as does physical territory. A teenager sending a Snapchat to his friends uses the same space as national defence agencies preparing themselves for a cyber attack. Ensuring that policies in cyberspace do not further compromise the privacy and online lives of users should be a major concern for policy makers and observers of cyber security and defence. The traditional distinction between civilians and combatants doesn’t hold up in cyberspace either: cyber attacks can be launched by civilian hackers as well as governments or private companies and they will affect a complex network to which billions of men, women and children are connected on a daily basis. Since cyber threats exist in the same space as the people NATO is charged to protect, cyber defence necessarily affects the virtual spaces in which we expect our human rights to be secured.

Which mechanisms are necessary to safeguard the right to privacy, property, liberty and even life in the digital age? Can cyberspace be effectively shielded from criminal or hostile activity without encroaching on the free circulation of information we expect when we surf the internet? The value of privacy and freedom of expression is endangered by the anonymity of users in cyberspace and the ability of cyber criminals to hide their identities and escape responsibility. However, that same anonymity is considered to be a digital right because users can maintain their privacy and not be subjected to surveillance or censorship. Without any legally-binding international agreements on conduct in cyberspace, digital privacy and freedom of expression are not guaranteed.

A view to the future: Defending networks by defending Human Rights

NATO’s cyber defence strategy relies on the sharing of best practices amongst member states and close cooperation with partners like the European Union, the United Nations and the private sector. These technical and operational advances in securing cyberspace do not fully address the obstacle that anonymity presents to an effective and non-invasive cyber defence strategy. Unfortunately, the rights to privacy, property and even liberty can not only come under threat by cyber attacks but by the security and defence mechanisms in place to protect against them. The dangers cyberspace poses to digital rights are tied to the human use of this complex yet human-made space.

Cyber security and defence policies should continue to be transparent and open to scrutiny by the public in order to ensure that the inviolable rights of the UN Declaration of Human Rights are understood and adequately protected in cyberspace. Cyberspace has become an essential aspect of human existence and everyday transactions. In order to ensure it becomes a space in which human rights are protected and defended in the future, the public needs to sit at the table when the future of cyber defence is discussed.

Human Rights
Carla Spiegel

Carla studied Political Science and Philosophy and recently graduated from a Master‘s degree in International Relations. During her studies she focused on European security and counterterrorism from an interdisciplinary perspective. Particularly the topic of cyber security and defence piqued her interest and she is currently working to start her PhD research on the societal and political effects of the various uses of cyberspace.
    One Comment
  • Yanet Muñoz Garcia
    16 March 2018 at 8:13 pm
    Leave a Reply

    Good article. the need to achieve concrete agreements between states is essential in our current actions in the face of threats coming from constant development.

  • Leave a Reply