Möglichkeiten und Grenzen zur Bestimmung von Cyberwaffen

Seit der Entdeckung der Schadsoftware Stuxnet ist der Cyberspace in den Fokus der internationalen Sicherheitspolitik gerückt. Während Staaten zunehmend die neue Domäne in ihre Sicherheits- und Militärdoktrinen aufnehmen, verdeutlichen Vorkommnisse wie der Sony-Hack oder die Beschädigung eines deutschen Stahlwerks die komplexen Abhängigkeiten von ITSystemen und deren Verwundbarkeiten. Internationale Bemühungen um die Etablierung verbindlicher Regelungen für das staatliche und militärische Agieren im Cyberspace werden durch ein fehlendes gemeinschaftlich akzeptiertes Verständnis des Themas oder der Definition von Begrifflichkeiten erschwert. Insbesondere das Konzept der 'Cyberwaffe' und eine tragfähige und im Kontext international verpflichtender Konventionen belastbare Eingrenzung dieses Begriffs ist dabei für Abrüstungs- und Rüstungskontrollabkommen von zentraler Bedeutung. Eine Gegenüberstellung unterschiedlicher, sowohl generalisierender als auch situationsbezogener Definitionsansätze von Cyberwaffen verdeutlicht dabei die verschiedenen zu integrierenden Betrachtungsebenen. Die im Gegensatz zu konventionellen Waffentechnologien spezifischen Eigenschaften von Software zeigen aber auch die Schwierigkeiten und Grenzen derartiger Ansätze auf

Towards a Peaceful Development of Cyberspace - Challenges and Technical Measures for the De-escalation of State-led Cyberconflicts and Arms Control of Cyberweapons

Cyberspace, already a few decades old, has become a matter of course for most of us, part of our everyday life. At the same time, this space and the global infrastructure behind it are essential for our civilizations, the economy and administration, and thus an essential expression and lifeline of a globalized world. However, these developments also create vulnerabilities and thus, cyberspace is increasingly developing into an intelligence and military operational area – for the defense and security of states but also as a component of offensive military planning, visible in the creation of military cyber-departments and the integration of cyberspace into states' security and defense strategies. In order to contain and regulate the conflict and escalation potential of technology used by military forces, over the last decades, a complex tool set of transparency, de-escalation and arms control measures has been developed and proof-tested. Unfortunately, many of these established measures do not work for cyberspace due to its specific technical characteristics. Even more, the concept of what constitutes a weapon – an essential requirement for regulation – starts to blur for this domain. Against this background, this thesis aims to answer how measures for the de-escalation of state-led conflicts in cyberspace and arms control of cyberweapons can be developed. In order to answer this question, the dissertation takes a specifically technical perspective on these problems and the underlying political challenges of state behavior and international humanitarian law in cyberspace to identify starting points for technical measures of transparency, arms control and verification. Based on this approach of adopting already existing technical measures from other fields of computer science, the thesis will provide proof of concepts approaches for some mentioned challenges like a classification system for cyberweapons that is based on technical measurable features, an approach for the mutual reduction of vulnerability stockpiles and an approach to plausibly assure the non-involvement in a cyberconflict as a measure for de-escalation. All these initial approaches and the questions of how and by which measures arms control and conflict reduction can work for cyberspace are still quite new and subject to not too many debates. Indeed, the approach of deliberately self-restricting the capabilities of technology in order to serve a bigger goal, like the reduction of its destructive usage, is yet not very common for the engineering thinking of computer science. Therefore, this dissertation also aims to provide some impulses regarding the responsibility and creative options of computer science with a view to the peaceful development and use of cyberspace