Governance of Dual-Use Technologies: Theory and Practice

The term dual-use characterizes technologies that can have both military and civilian applications. What is the state of current efforts to control the spread of these powerful technologies—nuclear, biological, cyber—that can simultaneously advance social and economic well-being and also be harnessed for hostile purposes? What have previous efforts to govern, for example, nuclear and biological weapons taught us about the potential for the control of these dual-use technologies? What are the implications for governance when the range of actors who could cause harm with these technologies include not just national governments but also non-state actors like terrorists? These are some of the questions addressed by Governance of Dual-Use Technologies: Theory and Practice, the new publication released today by the Global Nuclear Future Initiative of the American Academy of Arts and Sciences. The publication's editor is Elisa D. Harris, Senior Research Scholar, Center for International Security Studies, University of Maryland School of Public Affairs. Governance of Dual-Use Technologies examines the similarities and differences between the strategies used for the control of nuclear technologies and those proposed for biotechnology and information technology. The publication makes clear the challenges concomitant with dual-use governance. For example, general agreement exists internationally on the need to restrict access to technologies enabling the development of nuclear weapons. However, no similar consensus exists in the bio and information technology domains. The publication also explores the limitations of military measures like deterrence, defense, and reprisal in preventing globally available biological and information technologies from being misused. Some of the other questions explored by the publication include: What types of governance measures for these dual-use technologies have already been adopted? What objectives have those measures sought to achieve? How have the technical characteristics of the technology affected governance prospects? What have been the primary obstacles to effective governance, and what gaps exist in the current governance regime? Are further governance measures feasible? In addition to a preface from Global Nuclear Future Initiative Co-Director Robert Rosner (University of Chicago) and an introduction and conclusion from Elisa Harris, Governance of Dual-Use Technologiesincludes:On the Regulation of Dual-Use Nuclear Technology by James M. Acton (Carnegie Endowment for International Peace)Dual-Use Threats: The Case of Biotechnology by Elisa D. Harris (University of Maryland)Governance of Information Technology and Cyber Weapons by Herbert Lin (Stanford University

The End of Innocence: Rethinking Noncombatancy in the Post-Kosovo Era

The protection of civilians and their property in war is an accepted norm of international law - even where the putatively noncombatant populace openly supports the immoral use of force by its military. NATO\u27s Kosovo operation suggests, however, that the imposition of hardship on the sentient, adult noncombatant population through property loss can erode a society\u27s appetite for malevolence. While civilians should not be targeted, a new paradigm for noncombatancy that allows the destruction of certain property currently protected by international law but not absolutely indispensable to civilian survival may well help shorten conflict and effect necessary societal change

The End of Innocence: Rethinking Noncombatancy in the Post-Kosovo Era

The protection of civilians and their property in war is an accepted norm of international law - even where the putatively noncombatant populace openly supports the immoral use of force by its military. NATO\u27s Kosovo operation suggests, however, that the imposition of hardship on the sentient, adult noncombatant population through property loss can erode a society\u27s appetite for malevolence. While civilians should not be targeted, a new paradigm for noncombatancy that allows the destruction of certain property currently protected by international law but not absolutely indispensable to civilian survival may well help shorten conflict and effect necessary societal change

Proportionality and its Applicability in the Realm of Cyber Attacks

With an ever-increasing reliance on State cyber-attacks, the need for an international treaty governing the actions of Nation-States in the realm of cyberwarfare has never been greater. States now have the ability to cause unprecedented civilian loss with their cyber actions. States can destroy financial records, disrupt stock markets, manipulate cryptocurrency, shut off nuclear reactors, turn off power grids, open dams, and even shut down air traffic control systems with the click of a mouse. This article argues that any cyber-attack launched with a reasonable expectation to inflict “incidental loss of civilian life, injury to civilians, or damage to civilian objects,” must be subject to the existing laws of proportionality. This article further examines the broader concept of proportionality, and the difficulties associated with applying a proportionality analysis to an offensive cyber-strike. This paper asserts that the ambiguities and complexities associated with applying the law of proportionality—in its current state and within a cyber context—will leave civilian populations vulnerable to the aggressive cyber actions of the world’s cyber powers. Consequently, this article stresses the necessity of developing a proportionality standard within a unified international cyberwarfare convention and asserts that such a standard is required in order to prevent the creation of a pathway towards lethal cyber aggressions unrestrained by the laws of war

Warfighting for cyber deterrence: a strategic and moral imperative

Theories of cyber deterrence are developing rapidly. However, the literature is missing an important ingredient—warfighting for deterrence. This controversial idea, most commonly associated with nuclear strategy during the later stages of the Cold War, affords a number of advantages. It provides enhanced credibility for deterrence, offers means to deal with deterrence failure (including intrawar deterrence and damage limitation), improves compliance with the requirements of just war and ultimately ensures that strategy continues to function in the post-deterrence environment. This paper assesses whether a warfighting for deterrence approach is suitable for the cyber domain. In doing so, it challenges the notion that warfighting concepts are unsuitable for operations in cyberspace. To do this, the work constructs a conceptual framework that is then applied to cyber deterrence. It is found that all of the advantages of taking a warfighting stance apply to cyber operations. The paper concludes by constructing a warfighting model for cyber deterrence. This model includes passive and active defences and cross-domain offensive capabilities. The central message of the paper is that a theory of victory (strategy) must guide the development of cyber deterrence

Hacking into International Humanitarian Law: The Principles of Distinction and Neutrality in the Age of Cyber Warfare

Cyber warfare is an emerging form of warfare not explicitly addressed by existing international law. While most agree that legal restrictions should apply to cyber warfare, the international community has yet to reach consensus on how international humanitarian law ( IHL ) applies to this new form of conflict. After providing an overview of the global Internet structure and outlining several cyber warfare scenarios, this Note argues that violations of the traditional principles of distinction and neutrality are more likely to occur in cyber warfare than in conventional warfare. States have strong incentives to engage in prohibited cyber attacks, despite the risk of war crimes accusations. This Note argues that belligerents will violate the principle of distinction more frequently in cyber warfare than in conventional warfare. Many cyber attacks will unavoidably violate neutrality law, making these violations more likely in cyber conflicts than in conventional wars. Rather than condemn all uses of cyber weapons, this Note argues that IHL should evolve to encourage the use of cyber warfare in some situations and provide states better guidance in the conduct of these attacks

Preventing State-Led Cyberattacks Using the Bright Internet and Internet Peace Principles

The Internet has engendered serious cybersecurity problems due to its anonymity, transnationality, and technical shortcomings. This paper addresses state-led cyberattacks (SLCAs) as a particular source of threats. Recently, the concept of the Bright Internet was proposed as a means of shifting the cybersecurity paradigm from self-defensive protection to the preventive identification of malevolent origins through adopting five cohesive principles. To design a preventive solution against SLCAs, we distinguish the nature of SLCAs from that of private-led cyberattacks (PLCAs). We then analyze what can and cannot be prevented according to the principles of the Bright Internet. For this research, we collected seven typical SLCA cases and selected three illustrative PLCA cases with eleven factors. Our analysis demonstrated that Bright Internet principles alone are insufficient for preventing threats from the cyberterror of noncompliant countries. Thus, we propose a complementary measure referred to here as the Internet Peace Principles, which define that the Internet should be used only for peaceful purposes in accordance with international laws and norms. We derive these principles using an approach that combines the extension of physical conventions to cyberspace, the expansion of international cybersecurity conventions to global member countries, and analogical international norms. Based on this framework, we adopt the Charter of the United Nations, the Responsibility of States for Internationally Wrongful Acts, Recommendations by the United Nations Group of Governmental Experts, the Tallinn Manual, and Treaty of the Non-Proliferation of Nuclear Weapons, and others as reference norms that we use to derive the consistent international order embodied by the Internet Peace Principles

Strategic latency and world order

The article of record as published may be found at http://dx.doi.org/10.1016/j.orbis.2010.10.006This article examines "strategic latency", a condition in which technologies that could provide military (or economic) advantage remain untapped. As difficult as it is to explain why certain ideas and technologies flourish and find rapid acceptance, it is equally hard to understand why some good ideas languish, only to be rediscovered and exploited under other circumstances. Why is latent capacity so often dormant? What are the indicators that latent capacity is on the verge of being weaponized

Defining Critical Infrastructure for a Global Application

A Google search for the phrase critical infrastructure turns up 189 million results in little more than a half second: \u27\u27global critical infrastructure has 151 million results; and definition of critical infrastructure yields 71.5 million results. The list of what industries and sectors fall under the critical infrastructure designation expands as time progresses and technology develops. As the threat of cyberattacks increases and this frontier of terrorism continues to emerge, attacks on critical infrastructure are high on the list of concerns and the need for protective measures imperative. The focus on protecting critical infrastructure does not stop at the borders of individual nation-states as calls for international efforts to protect national critical infrastructures are being made. Without clearly defined boundaries on what constitutes critical infrastructure at a global level, however, international efforts to protect critical infrastructure will be unduly burdensome and overbroad. Before moving toward international efforts for protecting critical infrastructure, the global community must come together to define which critical infrastructures are worth this additional level of protection

The Tallinn Manual 2.0 on Nation-State Cyber Operations Affecting Critical Infrastructure

Protecting critical infrastructure from cyber threats is difficult and complex. News headlines abound with reports that show how critical infrastructure—ranging from voting machines to steel mills—have become increasingly vulnerable to cyber operations from state and sophisticated nonstate actors. As critical infrastructure becomes increasingly entangled with the Internet and as new tactics, techniques, and procedures rapidly proliferate and evolve, governments and businesses alike must contend with a mutating threat environment that may put sensitive and highly important critical infrastructure assets in serious jeopardy. The vulnerabilities of critical infrastructure, which provide vital services and functions to societies, may pose a particularly tempting way for states to asymmetrically project power during an armed conflict or other crisis. Recent tensions between Russia and Ukraine have provided a useful test bed to consider how cyber-threat actors could couple cyber-based operations with movements of traditional military forces