cyberspace dilemmas. containment of cybersecurity … · centro de investigaciÓn internacional...

CENTRODE INVESTIGACIÓNINTERNACIONAL

CYBERSPACE DILEMMAS.CONTAINMENT OF CYBERSECURITY THREATS

DECEMBER 2019

Analysis Paper

05

The content of this document does not reflect the official opinion of the Secretariat of Foreign Affairs.

Cyberspace Dilemmas.Containment of Cybersecurity Threats

Introduction

Society made the Internet relevant. The inven-tion of the World Wide Web in 1990 opened to the public what had been exclusively kept as an information structure for academic and military use. As the Internet has become part of daily life, it has evolved to reflect its users’ reality. The network, by reproducing society’s features, is infused by its virtuous processes—cooperation efforts, creative projects, knowledge—and also its setbacks—conflicting interests, contending forces, and illicit activities. It is in this immaterial space where the expansion of physical human reality has taken place.

This paper analyzes the relevance of cyberspace for societies in the 21st century and the importance of keeping security and stability in virtual networks. Firstly, it examines the social and governmental dependence toward cyber-netic structures. Then, it presents a brief anal-ysis of how contingencies taking place online have become security issues for states, while we describe the legal attempts to regulate inter-action in information systems and the limits of such instruments for cybersecurity. Finally, it introduces a model of cybersecurity based on alliance cooperation systems, which would sup-plement the international community’s legal

efforts to maintain stable social interactions in cyberspace.

The Importance of Cyberspace

In 1964, scientists and engineers from the Uni-versity of California in Los Angeles, Stanford University, and the United States Army started the arpanet project to create a virtual structure of information to which users be able to access from any computer anywhere in the world. The Internet hosts information and systems of inter-action essential for the correct functioning of societies and governments around the world.

The Internet’s influence over the economic and trade world systems is clear. According to data from the United Nations Conference on Trade and Development (unctad), in 2016, the value of online transactions reached 25 tril-lion dollars; that same year, according to the World Bank, the United States’ gross domes-tic product (GDP) reached 18.7 trillion dollars, while China’s 11.13 trillion.1 Between 69% and 95% of the businesses located in places of the world with medium levels of connectivity

[1] Data Bank-The World Bank, “World Development Indi-cators”, The World Bank, https://databank.worldbank.org/reports.aspx?source=2&series=NY.GDP.MKTP.CD&country =USA (Accesed November 12, 2019).

cybersPace Dilemmas. containment of cybersecurity threats | 2

conduct their financial and trade operations online.2 In 2017, 52% of the adult population had made or received at least one online payment using a bank account.3

Without undermining the importance of these numbers, the scope of the Internet goes beyond the financial field. Due to the continu-ously expanding capabilities and information on the Web, the virtual universe has become a core repository of knowledge and data. Social organi-zations whose work fundamentally contributes to the social order—like governments, universi-ties, health systems, financial groups, research structures, and international organizations—keep their data on digital platforms. The daily oper-ation of the structures supporting 21st century social interactions depends on the data flow tak-ing place online and on the information archived in cyberspace. For example, nowadays, 5 billion people around the world count on the cybernetic structures maintained by the telephonic compa-nies to carry on their daily activities.4 Besides, there are more than 15 trillion devices online and it is expected that, by 2025, this figure will reach 35 trillion.5 In 2017, more than 49.7% of the

[2] Deloitte, The Economic Impact of Disruptions to Internet Connectivity. A Report for Facebook (Londres: Deloitte llP, 2016), 5, https://globalnetworkinitiative.org/wp-content/up-loads/2016/10/GNI-The-Economic-Impact-of-Disruptions -to-Internet-Connectivity.pdf (Accesed November 29, 2019).

[3] Asli Demirgüç-Kunt, Leora Klapper, Dorothe Singer, San-iya Ansar and Jake Hess, The Global Findex Database 2017: Measuring Financial Inclusion and the Fintech Revolution (Washington D.C.: International Bank for Reconstruction and Development/The World Bank, 2018), 7.

[4] Gsma, Mobile Telecommunications Security Threat Land-scape (Londres: Gsma Head Office, 2019), 4.

[5] Patrícia Ellen, “Internet das coisas já é realidade, porém falta regulamentá-la”, McKinsey & Company, 14 de diciem-bre de 2016, https://www.mckinsey.com.br/our-insights/

world population had an Internet connection.6 The users of social media add up to 2.4 billion—almost two-thirds of Internet users.7 In Mexico in 2019, 72.8% of the population has access to the Internet—the social media with most users is Facebook, with 79 million accounts—and 92% of the country’s inhabitants have access to mobile phone services.8 As can be gathered, cyberspace has turned into a place for encounter, information exchange, and data storage.

Cyber networks have become essential for the efficient functioning of government and infrastructure systems. Services like street light-ing, public transportation, road signs, electric plants, port structures, and airports are depen-dent on the data they keep, exchange, and gather on cyberspace to work properly.9 While the capabilities of social and government

blog-made-in-brazil/internet-das-coisas-ja-e-realidade-po-rem-falta-regulamenta-la (Accesed November 12, 2019).

[6] Data Bank-The World Bank, “Individuals Using the Internet (% of Population)”, The World Bank, https://data.worldbank.org/indicator/it.net.user.zs (Accesed November 17, 2019).

[7] Esteban Ortiz-Ospina, “The Rise of Social Media”, Our World in Data, September 18, 2019, https://ourworldin data.org/rise-of-social-media (Accessed November, 2019).

[8] Internet World Stats, “Internet Usage and Population in Central America”, Internet World Stats, https://www. internetworldstats.com/stats12.htm (Accessed November 17, 2019)

[9] In Mexico City, 6.6 million daily commutes require the coordinated functioning of 3522 red lights monitored and controlled through the network of the Government of Mexico City’s Agency of Transit Control. To manage the transit of more than 47 million passengers annually, the operations of Mexico City International Airport (aicm, by its acronym in Spanish) rely on internal, local, nation-al, and international information exchange and storage platforms. Secretariat of Communications and Transporta-tion-aicm, “aicm en cifras. Diciembre 2018”, aicm, https://www.aicm.com.mx/acercadelaicm/archivos/files/Estadisti-cas/Estadisticas2018.pdf (Accessed November 17, 2019).


management have been enhanced by the use of cyber networks, the information stored online has increased in size and importance.

As the daily activities of individuals and societies have increasingly become dependent on the optimal functioning of the capabilities of computational structures, the negative con-sequences that either irruptions or antisocial behavior may unleash both in cyberspace and real life are increasingly more relevant. What would happen in case information systems fun-damental for social functioning fail or are used against society? This is the dilemma of cyber-space. The real and the virtual worlds are inter-twined and, thus, the events taking place on one side of the globe have repercussions on the other. For this reason, incidents undermining the stability of cyber networks and the information stored in cyberspace pose threats to the social order and individual lives. Cyberspace interac-tions have become security issues for states

and communities. To understand the relevance of security online, it is fundamental to acknowl-edge that the events taking place on information structures transcend virtual reality.

The Implications of Cyberspace for Security

Even if there is no universally accepted defini-tion of cybersecurity, conceptualizations usually comprise measures like prevention, detection, response, and recuperation, intended to address cybernetic incidents—either deliberate or unin-tentional—that range from accidental informa-tion disclosure, up to attacks against businesses and critical infrastructure, or the interference in political processes affecting individuals, groups, and organizations.10 Cybersecurity comprises, on

[10] European Court of Auditors, Challenges to Effective eu Cy-bersecurity Policy (Luxemburg: European Union, 2019), 6.


the one hand, protecting the integrity of compu-tational systems and, on the other, keeping safe those structures established in cyberspace from attempts to alter, wrongly utilize, corrupt, erase, or disseminate the information stored there.11 Thus, cybersecurity risks have been classified as either state threats—those affecting countries’ status, stability, and management capabilities—or private hazards—those resulting in negative consequences to individuals and social groups.

As highlighted by the Mexican Council on Foreign Relations (comeXi), public and private sectors, as well as society itself, are exposed to cyber threats that take shape of either targeted attacks affecting specific people and organisms

[11] Paul Cornish, David Livingstone, Dave Clemente, and Claire Yorke, On Cyber Warfare. A Chatham House Report (London: The Royal Institute of International Affairs, 2010).

or untargeted attacks impacting complete sys-tems and broad groups of users. While individ-uals and social groups are equally vulnerable to information theft, identity theft, fraud, extor-tions, and integrity hazards, the public sector faces risks associated with the preservation of citizens’ information, the functioning of govern-ment-managed infrastructure, and the reliabil-ity and reputation of government institutions.12

At the international level, the struggle for power is reflected in the virtual world. Because of the importance that computational systems have for states and societies, governments try to protect their key virtual structures from hostile actions of state and non-state rivals while seek-ing to enhance their intelligence capabilities to

[12] comeXi, Perspectiva de ciberseguridad en México (Mexico City: McKinsey & Company, 2018), 57.


carry on missions of incursion within the enemy cybernetic systems. Cyberattacks against politi-cal and social structures have the ability to alter the operation of financial systems, interrupt-ing the supply of public goods, shaping social thought, monitoring political and economic elites’ communications, neutralizing state mil-itary capabilities, and even causing physical damages to the infrastructure or population of the targeted countries. Virtual attacks are not deterred by geographical limits. As the Internet is a space that transcends geography, actions conducted on one side of the world can have immediate repercussions in the computational systems of any society. Besides, the ease to carry on disruptive operations in cyberspace allows groups and individuals to threaten rel-evant cybernetic capabilities without the need to establish major tactical structures.

During the decade of the 1980s, the Soviet gas pipeline system in Siberia was coordinated through a computational network system that controlled fuel flows in the region. Even if at the time cyber technology had not reached the current sophistication levels, in 1982, a virus penetrated the system and installed a logic bomb that unleashed a fail in the pipelines and caused the explosion of part of the Siberian gas line. This attack interrupted the regional supply of gas and resulted in “the greatest non-nuclear explosion ever seen from space.”13 In 2007, Titan Rain attacks, allegedly underway since 2002, jeopardized the security of the information sto-red in serves of the American and British foreign

[13] Nick Evancich and Jason Li, “Attacks on Industrial Control Systems”, in Edward J. M. Colbert y Alexander Kott (eds.), Cyber-Security of SCADA and other Industrial Control Systems (Basel: Springer, 2016), 97.

and defense agencies.14 In 2016, North Korean cybernetic systems were exposed by waves of attacks that undermined and slowed down this country’s nuclear program.15 Emmanuel Macron’s presidential campaign faced conti-nuous virtual aggressions conducted by “Fancy Bear”, in an attempt to reduce his advantage in the polls and gather voters’ information.16

Regarding the private sphere, cyberspace interactions can also pose risks for individuals and social groups. Users have formed anony-mous leagues that take advantage of the current limits of state action and the shortcomings of international cooperation to carry on activities that are not allowed by national and interna-tional law—like extortion networks, human traf-ficking, pedophilia, information theft, fraud, and drug trafficking. Technology corporations storing information of millions of users from all around the world, like Facebook, Amazon, Google, Mic-rosoft, and Apple, have also faced an increasing number of cyberattacks. The irruption on Face-book systems in 2018 exposed the profiles, pri-vate information, and passwords of 90 million

[14] Bradley Graham, “Hackers Attack via Chinese Web Sites”, The Washington Post, August 25, 2005, http://www.wash ingtonpost.com/wp-dyn/content/article/2005/08/24/AR 2005082402318.html (Accessed November 18, 2019).

[15] David E. Sanger and William J. Broad, “Trump Inherits a Secret Cyberwar against North Korean Missiles”, The New York Times, March 4, 2017, https://www.nytimes.com/2017/03/04/world/asia/north-korea-missile-program -sabotage.html (Accessed November 18, 2019).

[16] Sebastian Seibt, “Cyber Experts ‘99% Sure’ Russian Hack-ers Are Targeting Macron”, France 24, April 26, 2017, https://www.france24.com/en/20170426-france-macron-cybersecurity-russia-presidential-campaign (Accessed Novem-ber 18, 2019); Council on Foreign Relations, “Cyber Op-erations Tracker”, Council on Foreign Relations, https://www.cfr.org/interactive/cyber-operations (Accessed No-vember 18, 2019).


users.17 In 2016, hsbc financial group’s informa-tion structures were jeopardized by a virus that collapsed the United Kingdom’s bank services, affecting more than 17 million people.18 Unlawful actions online have negative consequences for businesses, social groups, and individuals every day. These adverse effects not only alter social order and stability but also society’s confidence in cybernetic interactions.

International and Mexican institutions agree on the relevance of cybersecurity prob-lems and in the challenge this new reality poses for both public and private sectors. Accord-ing to the Council of Europe, cyberattacks

[17] cbinsights, “How Big Tech Is Finally Tackling Cyberse-curity”, en cbinsights Research Briefs (March 27, 2019), https://www.cbinsights.com/research/facebook-amazon- microsoft-google-apple-cybersecurity/ (Accessed Novem-ber 27, 2019).

[18] Hilary Osborne, “hsbc Suffers Online Banking Cy-ber-Attack”, The Guardian, January 29, 2016, https://www.theguardian.com/money/2016/jan/29/hsbc-online-banking -cyber-attack (Accessed November 27, 2019).

and information fraud are among the top five risks for the private sector; it is estimated that cybercrime utilities annually reach 1.5 trillion dollars—a figure equivalent to the 13th rich-est economy in the world.19 Apart from these numbers, it is relevant to take into account the non-quantifiable damages resulting from iden-tity theft, bullying and sexual violence against children, online threat, malicious intrusions, or false news in digital media. The comeXi warns that, in 2017, 33 million Mexicans (50% more than in 2016) were victims of cybercrime—this is 1 in 4 Mexicans.20 The economic losses caused

[19] Gabriella Battaini-Dragoni, “Towards Innovate Solutions to Meet the Challenge of Cybercrime”, in Council of Eu-rope-Underground Economy Conference 2019 (Strasburg: Council of Europe, 2019), https://www.coe.int/en/web/dep-uty-secretary-general/-/underground-economy-conference -towards-innovate-solutions-to-meet-the-challenge-of- cybercrime- (Accessed November 18, 2019).

[20] comeXi, Perspectiva de ciberseguridad en México, 14, 17-18.


by cybercrime in Mexico are estimated at 5 bil-lion dollars annually.21

These developments highlight the rele-vance of international cooperation to establish-ing standards of legal and preventive action that harmonize security criteria, and to enhancing information exchange leading to identifying the source of cyberattacks. Experience shows that, to efficiently address cybercrime, cybernetic ter-rorist threats, or the dissemination of hate dis-courses online, harmonized legal frameworks are fundamental; it is necessary to promote international cooperation against antisocial activities in cyberspace, in an environment of certainty, transparency, and law commitment.

Regulating to Contain

States have attempted to regulate actions tak-ing place in cyberspace and to sanction anti-social behavior in the virtual world. They have also tried to implement defense mechanisms to safeguard critical structures connected to the Internet. Since the cyberattacks suffered by Latvia in 2007 and Georgia in 2008, the need

[21] For example, it is estimated that in 2018 Mexican busi-nesses suffered 25 billion cyber aggressions. Subcomisión de Ciberseguridad, Estrategia Nacional de Ciberseguridad (Mexico: Gobierno de la República, 2017), 2.

to define the application of international law to such actions became evident.22

Increasingly, armies all over the world are establishing cyber defenses. What is more, nato published in 2013 the Tallin Manual on Interna-tional Law Applicable to Cyber Warfare,23 which aims at becoming an instrument of soft law on the subject.24 This illustrates the dynamism of inter-national law regarding cybersecurity, the hostile use of cyberspace, and cyber defense. Although some progress has been made, the differences regarding the applicability of international law in cyberspace remain. A common example are the obstacles faced when applying in this context the concept of national jurisdiction—tradition-ally related to geography—to attribute respon-sibility for international illicit acts under article 51 of the United Nations Charter (the inherent right of collective or individual self-defense in an armed attack). A significant number of coun-tries, Mexico included, argue that international law applies to cyberspace, just as it is the case regarding human rights, humanitarian interna-tional law, or international criminal law. In recent years, important processes are taking place at the un General Assembly through the Open-ended Working Group (oWeG)—which gathers all un Member states—and the Group of Govern-mental Experts (GGe), composed by twenty-five experts selected by the Secretary-General, in

[22] Sara P. White, “Lessons from the Russia-Georgia War”, Modern War Institute at West Point (New York: Modern War Institute, March 2018), 1 et passim.

[23] Michael N. Schmitt (ed. gen.), Tallinn Manual on the Inter-national Law Applicable to Cyber Warfare (New York: Cam-bridge University Press, 2013).

[24] M. N. Schmitt (ed. gen.), Tallin Manual 2.0 on the Interna-tional Law Applicable to Cyber Operations (New York: Cam-bridge University Press, 2017).


which Mexico is included. Both groups, although having different mandates, seek to establish the basis to prevent cybernetic conflicts, main-tain peace and stability in the virtual space, and develop measures that warrant confidence and promote the implementation of international law in cyberspace. The work of these groups will be fundamental to determine possible progress in the rules of state behavior.

In addition to these multilateral efforts at the un, in a more technical and specific field, the Convention on Cybercrime—known as the Budapest Convention—is a useful instrument of international law that several states have adopted with the goal of establishing uniform security standards and facilitating informa-tion sharing to identify cyber-attacks through international cooperation.25 This has been the first treaty to address this subject; adopted by the Council of Europe on November 23, 2001, it entered into force on July the 1st, 2004.26 At the moment, 64 countries have signed and rat-ified the convention and 8 countries, Mexico included, have not completed their accession process.27 This Convention pursues a common criminal policy aimed at the protection of soci-ety against fraud, cybernetic attacks and child

[25] Council of Europe, European Treaty Series (ets) no. 185, Budapest, November 23, 2001.

[26] On the Budapest Convention, see: Cristos Velasco San Martín, La jurisdicción y competencia sobre delitos cometi-dos a través de sistemas de cómputo e internet (Mexico City: Tirant lo Blanch, 2012), 79 et passim.

[27] Council of Europe, “Explanatory Report to the Convention on Cybercrime” (Strasburg: Council of Europe), 4, https://rm.coe.int/CoERMPublicCommonSearchServices/DisplayDC TMContent?documentId=09000016800cce5b (Accessed November 29, 2019).

pornography, intellectual property, and other related crimes.28

While some countries promote a univer-sal treaty on cybercrime, others, via the United Nations Office on Drugs and Crime (unoDc) in Vienna, have suggested an additional protocol to the United Nations Convention against Trans-national Organized Crime (also known as the Palermo Convention). Although there are other international treaties addressing the dilemmas of cybersecurity—such as the Ibero-Ameri-can Convention on Cooperation on Research, Assurance and Obtaining Evidence in the Field of Cybercrime, which coordinates the cybersecu-rity policies of 21 states, Mexico included—the Budapest Convention is the instrument with the greatest scope and acceptance. More than sev-enty countries have based their internal legal structures on cybercrime and online security on this model.29

The importance of international trea-ties is that they aim at harmonizing processes and integrating norms between states. On the one hand, the acceptance of new international norms promotes the reform of internal law to maintain coherence with international law. On the other hand, even the legislators that have remained at the margins of certain international treaties have modified national laws by includ-ing concepts of international law.30 In a global-

[28] Articles 2 to 10 of the Budapest Convention on Cyber-crime.

[29] Cybercrime Programme Office of the Council of Europe, “Peru Joined the Budapest Convention on Cybercrime”, Council of Europe, https://www.coe.int/en/web/cyber crime/-/peru-joined-the-budapest-convention-on-cybercri me (Accessed November 29, 2019).

[30] See: R. Daniel Kelemen and Eric C. Sibbitt, “The Globaliza-tion of American Law”, International Organization 58(01),


ized world, legal measures that seek to protect societies and individuals have been enhanced by international cooperation; the coherence of legal concepts, obligations, and rights that go beyond borders strengthen the social stability and increases the margin of protection of people.

The international community has tried to establish international legal frameworks that give certainty to the users of cyberspace, and contain and punish hostile and criminal conduct in the network; nonetheless, the discussions at the un to adopt a universal legal instrument that specifically regulates the activities in cyberspace

103-136; Fabrizio Gilardi, “Transnational Diffusion: Norms, Ideas, and Policies”, in Walter Carlsnaes, Thomas Risse y Beth Simmons (eds.), Handbook of International Relations (Thousand Oaks: saGe, 2012), 453-477.

are polarized. China, Iran, and Russia support the adoption of an international treaty; the United States, European countries and the allies of the western block consider that other international norms, already in force, could be undermined.31

At the moment, various initiatives to advance a law on cybercrime and cybersecurity are being discussed at the Mexican Congress. If approved, these initiatives will guide the Mex-ican decision to become part of international treaties on the subject, such as the Budapest Convention. Currently, work is being made to negotiate an additional protocol that facilitates

[31] Tim Starks, “un Debates Cyber Treaty Norms”, Politico, September 16, 2019, https://www.politico.com/newsletters/morning-cybersecurity/2019/09/16/un-debates-cyber-trea-ty-norms-743266 (Accessed October 28, 2019).


the collection of evidence of cybercrimes or other crimes contained in the digital cloud.32 It is important to highlight the relevance enhanc-ing legal cooperation and research capabilities to track digital data on phenomena like terror-ism, incitement to commit genocide, apology of hate speech, and racial, religious, and gen-der hatred. It is necessary to use their probative value for prosecuting hate crimes and crimes against humanity, and also to utilize the infor-mation gathered in cybersecurity processes to articulate common strategies against manifes-tations of this kind.

To increase the certainty and to strengthen the instruments aimed at protecting the Mex-ican population in cyberspace, it is important not only to be part of international initiatives on cyber regulation but also to reform the legal framework to maintain coherence with inter-national standards. It is fundamental to have definitions and actions—national and interna-tional—that contribute to greater activism in multilateral negotiations at the un, the Orga-nization of American States (oas), and relevant conventions on the subject.

Cooperate to Contain

International cooperation to establish legal instruments that regulate interactions and punish illicit conduct taking place on the net-work is fundamental to maintain the stability in cyberspace. The certainty that results from legal frameworks and instruments encourages the use of the Internet and allows societies and gov-ernments to use these technologies to improve

[32] See: Gabriella Battaini-Dragoni, “Towards Innovate Solu-tions to Meet the Challenge of Cybercrime”.

their well-being. Nonetheless, before the lim-its of international law, states have chosen to construct collective security systems, to act promptly and effectively against cyber threats and cyberattacks.

As a response to the vulnerability of com-puter infrastructure, and considering the impor-tance that events taking place in cyberspace have in societies, the United States has sought to maintain a cyber defense system to protect its key structures. Additionally, it has focused on consolidating its computer capacities to “attack personnel, infrastructure, and equipment with the goal of depredating, neutralizing or destroy-ing the capacity of rival groups, while protect-ing our structures and capacities.”33 The United Kingdom has directed its strategy on cybersecu-rity to establishing in the computer servers sys-tems of accountability that identify and punish cybercriminals, and is backed by virtual defense systems—public and private—that increase the capacity of response of the British society against virtual attacks and improve the resilience of com-puter infrastructure.34 The Russian doctrine on cybersecurity seeks to “maximize the opportu-nities of cyberspace to strengthen the defensive potential and the security of the state.”35

Mexico is a pioneer in the development of cybernetic incident response centers (certs),

[33] Derek S. Reveron (ed.), Cyberspace and National Security: Threats, Opportunities, and Power in a Virtual World (Wash-ington D.C.: Georgetown University Press, 2012), 4.

[34] Louise Bennett, “Cyber Security Strategy”, ITNOW 54, no. 1, Spring 2012, 10.

[35] Ministry of Defense of the Russian Federation, Conceptual Views on the Activity of the Armed Forces of the Russian Fed-eration in Information Space, 2012, 13, quoted by Katarina Klingova, “Securitization of the Cyber Space in the United States of America, the Russian Federation and Estonia”, master’s thesis (Central European University, 2013), 53.


based at institutions like the National Autono-mous University of Mexico (unam) and the Sci-entific Division of the Federal Police—currently transitioning to the National Guard. The Mex-ican government actively engages in programs of cybersecurity, such as the one sponsored by the Inter-American Committee against Terrorism (cicte), which has collaborated in the national strategy of cybersecurity. The plan on cybernetic security developed by the Mexican government in 2017 concluded that the creation of a National Cybersecurity Agency should be a priority to coor-dinate efforts of defense and regulation of cyber-space, increasing the capacity of resilience from cyber-attacks, establishing clear protocols of defense and recovery of systems, and establish-ing tactic groups to maintain national security.36

[36] Subcomisión de Seguridad, Estrategia Nacional de Ciberse-guridad, 14.

However, separate efforts are not enough to face the threats to security in cyberspace. Cyber–attacks, due to their changing and decon-centrated character, represent a challenge to defense policies based solely on computer isola-tion. Not a single cyber defense system can reach optimal performance on its own. To have efficient structures of defense, it is necessary to establish international cooperation mechanisms.

nato has expanded its alliance system, based on collective security, to the virtual world. During the Warsaw Summit of 2016, members of the Alliance agreed to extend the defensive man-date of nato to the interactions that take place in cyberspace. As the Secretary-General Jens Stoltenberg declared that “a serious cyberattack could trigger Article 5, where an attack against one ally is treated as an attack against all.”37 The

[37] Jens Stoltenberg, “nato Will Defend Itself”, Prospect, Au-gust 27, 2019, 4.


cybersecurity agencies of nato’s member states not only share information on cyber-attacks and possible threats to security but have also imple-mented coordination mechanisms; moreover, the virtual forces of any of the member states are willing to contribute to the efforts carried out by any other member.38 By doing so, nato has sought to supplement the legal frameworks that

[38] “La otan propone una ‘defensa ofensiva’ contra la ci-berguerra”, IT Digital Security, December 4, 2017, https://www.itdigitalsecurity.es/infraestructuras-criticas/2017/12/la-otan-propone-una-defensa-ofensiva-contra-la-ciberguerra (Accessed October 18, 2019).

maintain the stability of cyberspace through the strengthening of their virtual infrastructure. Also, intending to increase the range of their cyber maneuvers, nato has reached agreements with the European Union to ensure information sharing to prevent virtual threats, training and research capacities on subjects and techniques on cybersecurity, among other actions.39 The Organi-zation has also created cooperation frameworks

[39] North Atlantic Treaty Organization (nato), “Cyber De-fense”, nato, https://www.nato.int/cps/en/natohq/topics _78170.htm# (Accessed November 29, 2019).


with technology companies, such as Vodafone, Thales, and cy4Gate.40

In Latin America, oas, since 2004, has implemented an initiative to reinforce the regional cybersecurity. Through the diffusion of technology and coordination programs on network defense, the creation of information sharing mechanisms, and the establishment of missions of training and assistance in cybersecurity, the Organiza-tion aims to establish a hemispheric infrastruc-ture to contain virtual attacks and threats, based on the coordinated efforts carried out by Com-puter Security Incident Response Teams (csirts), located in strategic countries all over the conti-nent. This mechanism has been backed by the private sector; companies like Amazon, Microsoft and Citibank have contributed to the continent’s efforts to maintain cyberspace stable and secure with funding for research, defense computer infrastructure and mechanisms for information sharing.41 However, according to data provided by oas, cybersecurity in Mexico and most of the countries of the region still has important defi-ciencies.42 In order to improve defense capabil-ities in the virtual world, it is fundamental to strengthen cooperation on technology and edu-cation, and consolidate the tactical structures of

[40] nato Communications and Information Agency, “New nato-Industry Cyber Partnerships Signed at nitec18”, nato, May 23, 2018, https://www.ncia.nato.int/NewsRoom/Pages/180523-IPAs_signature_NITEC.aspx (Accessed No-vember 18, 2019).

[41] Inter-American Committee against Terrorism-Secretariat for Multidimensional Security, oas Cyber Security Initia-tive (Washington D.C.: oea-Global Forum on Cyber Ex-pertise, 2015).

[42] Observatorio de la Ciberseguridad en América Latina y el Caribe, Ciberseguridad. ¿Estamos preparados en América Latina y el Caribe? Informe Ciberseguridad 2016 (Washington D. C.: oea-biD, 2016), 7-21 y 86-87.

cyber defense. The cooperation schemes in Latin America will be reinforced if they go from a dif-fuse coordination mechanism to a system that is similar to nato, which is based on a collective security approach. Also, trade alliances —such as the usmca, celac or the Pacific Alliance—could include assistance agreements to ensure the pro-tection of computer systems and attempt the dif-fusion of technologies of cybersecurity among the participants.

Cybersecurity, to reach its goals, requires the cooperation between states and the society; it requires a constant exchange of information and action protocols to contain the threats and attacks in the virtual space. At the same time, the need to access evidence on the digital cloud, as well as com-bat, counter and prevent terrorism, xenophobia, and hate speech online should be an imperative.

Final Remarks

The relevance of the technological develop-ments in the 21st century has made cyberspace an essential part of reality. Events taking place in the virtual world have an impact on the lives of millions of people globally. The aim of this paper was to analyze the interdependence between the virtual universe and the social structures and interactions, the benefits of strengthening this link, the challenges that could result from the dependence on the digital network and the strategies that have been designed to maintain stable and secure systems.

The purpose of this research was to show how states have sought, through legal frame-works—national and international—as well as alliances with different countries and strategic actors, to take profit from the opportunities of cyberspace and to reduce vulnerabilities. The


main argument is that international cooperation to establish legal instruments that regulate the interactions in cyberspace and punish illicit con-ducts that take place in it is fundamental, as they provide certainty to users. However, regulation has limits, which is why states have turned to collective security systems to act efficiently and rapidly in the face of virtual threats and attacks.

Security in cyberspace cannot be abso-lute. Those who aim at infringing virtual struc-tures take advantage of the infinite and always changing character of digital networks, and manage to design methods that allow them to bypass the defense systems of governments, enterprises, and individuals. Nonetheless, some measures can be taken to prevent and reduce risks. For example, the government of Singa-pore, in its National Action Plan against Cyber-crime, has established two key areas to protect primary structures and the population against virtual threats. Firstly, Singapore organizes edu-cation campaigns on cybersecurity for all its cit-izens and enterprises aimed at teaching basic methods on cybersecurity and warning on the dangers in the network. Secondly, the country has reinforced its capabilities on emergency response and has set in motion programs to train public servants on cybernetic abilities to protect confidential information. At the same time, the authorities of Singapore have signed agreements with enterprises, universities, inter-national organizations and other countries to share technology and information in order to prevent virtual attacks.43 Through the imple-

[43] Cyber Security Agency of Singapore, Singapore’s Cyberse-curity Strategy (Singapore: Cyber Security Agency of Sin-gapore, 2016), 25-47.

mentation of education campaigns, the availabil-ity of public virtual protection mechanisms, and the cooperation with local actors and the inter-national community, risks in cyberspace can be significantly reduced.

Mexico, as well as other countries, are exposed to virtual threats that have concrete effects on the lives of millions of people; finan-cial frauds, the spread of hate speech, and the hacking to government registries are just a few examples. For the aforementioned reasons, it is important to strengthen national laws, discuss the importance of becoming a party to interna-tional treaties, and seek alliances with the private sector, in Latin America and other regions, to face the challenges posed by cyberspace. The security of the networks is fundamental, as events occur-ring in cyberspace transcend virtual reality.

Images

©© Pete Linforth from Pixabay, cover.

©© Gerd Altmann from Pixabay, p. 4.

©© Secure Week, pp. 5 y 7.

©© Darwin Laganzon, p. 10.

©© Werner Moser from Pixabay, p. 12.

©© Digital Attack Map, p. 13.

©© Policía Cibernética de Oaxaca, p. 15.


cyberspace dilemmas. containment of cybersecurity … · centro de investigaciÓn internacional...

Documents