Dr. ASLI VAROL
Digital
technologies are opening the doors of an unlimited environment called that
cyberspace to states, organizations, societies. For
this reason, it is not easy to protect corporate borders in the
digital world and security policies for cyberspace need to be established. In this new environment, the concept of cyber
diplomacy has emerged to counter the cyber problems and threats that cause the
crisis, to develop cooperation in the cyber field and to negotiate the cyber
agendas.
A New Operational Environment: Cyberspace
In order to express cyber diplomacy
correctly, it is necessary to define cyberspace first. Because the
complexity and limitlessness of the problems that cyber diplomacy tries to
solve and the threats it fights can only be understood through the environment
in which it emerges.
Ottis and Lorents offer this definition: “cyberspace is a time-dependent set of interconnected information systems and the human users that interact with these systems” (Ottis & Lorents, 2010). According to the NATO Glossary of Terms and Definitions, cyberspace is “The global domain consisting of all interconnected communication, information technology and other electronic systems, networks and their data, including those which are separated or independent, which process, store or transmit data” (North Atlantic Treaty Organization, 2020).
Cyber diplomacy is expressed as the application of diplomacy to
cyberspace. When thinking about cyberspace, these different levels required for
its functioning should be considered; the physical
(cables, switching stations, etc.), the logical (the protocols that enable data
to reach its destination), the data (content of webpages, e-mails, etc.) and
the social (in which humans and devices interact). And also all of these levels are political and
geopolitical (Riordan, 2019: 9). Goldman makes the following important
statement on cyberspace:
“Cyberspace has
become a major battleground for great-power competition because of the nature
of the operating environment: It is globally interconnected, distinguished by
constant (rather than imminent, potential, or episodic) contact, influenced by
difficulty of attribution, characterized by contested borders and informal
thresholds that are limited in adherence, and lacks sanctuary and operational
pause” (Goldman, 2020:
86).
On the other hand Vignati et al. (2021) state that the “cyber threats” “can be labelled as acts of destruction of computer networks or data contained therein through interference or interception”. The authors divide the cyber threats into three categories as cyber threats against individuals, against properties, and governments (Vignati et al., 2021: 7-8).
Cyber threats and cyberattacks that affect all these networks and all these systems on a large scale create crises for countries and institutions. Crisis in the cyberspace can take different forms. These crises can occur directly through cyberattacks or in the form of disinformation and cognitive hacking.
Disinformation and Cognitive Hacking
Jaiman states that cybersecurity and disinformation attacks show many similarities in terms of strategies, tactics and actions. Cyberattacks target computer infrastructure. In contrast, disinformation exploits cognitive biases and logical fallacies. Cybersecurity attacks are carried out using malware, viruses, trojans, botnets and social engineering. Disinformation attacks use manipulated, miscontextualized, misappropriated information, deep fakes, and cheap fakes. Malicious actors use both attacks together to increase the effect of destruction (Jaiman, 2021).
The purpose of
cognitive hacking, which seeks to manipulate people’s perceptions by exploiting
psychological vulnerabilities, is to create behavior change. This is why cognitive hacking is a form of social
engineering (Wigmore, 2017).
Cognitive
hacking is expressed as a threat originating from disinformation and
computational propaganda.
Cognitive hacking, a type of
cyberattack, exploits psychological vulnerabilities, perpetuates bias, and
ultimately compromises logical and critical thinking, causing cognitive
dissonance. Jaiman states that the cognitive hacking attack tries
to change the thoughts and actions of the target audience and disrupt harmony
by using disinformation. Cognitive hacking uses cognitive biases to manipulate
the way people perceive reality and shapes people by perpetuating the biases. An example of the effects of hacking is the raid of
the US Capitol by right-wing groups on January 6, 2021 (Jaiman, 2021).
Emerging digital technologies such
as sensors, information and communication technologies, artificial intelligence
tools and quantum tools have become new focal points for strategic competition. This rivalry
pits two competing visions of the digital space, democracy and
authoritarianism, and two world order, and information freedom and information
control. Goldman says
that the diplomatic strategy for the future must adopt a competitive mindset. The vision of a free, open and
flexible cyberspace faces a well-resourced competitor, techno-authoritarianism (Goldman,
2021).
Cyber Diplomacy for Crisis Management
The birth of cyber diplomacy was
caused by a wide-ranging cyberattack against Estonia in 2007. As it is
known, Estonia is one of the most wired countries in Europe. With this
cyberattack, many government and company sites were paralyzed by hackers. The increase
in such attacks has revealed the need for governments to create national cyber
strategies. This is the
result of understanding that cyberspace, like the physical world, has military
and strategic dimensions and requires countries to work together to defeat
cyber rivals (Attatfa et al., 2020).
Riordan defines cyber diplomacy as
the use of diplomatic tools and diplomatic mindset, to resolve issues that arise
in cyberspace. Cyber
diplomacy can be carried out by states and non-state actors, including
companies, NGOs. Riordan also
makes clear the distinction between cyber diplomacy and digital diplomacy. Digital diplomacy is using digital
tools to promote broader diplomatic agendas (Riordan, 2016). Goldman also
defines cyber diplomacy as the use of diplomatic tools to deal with issues that
arise in and through cyberspace. Those issues that arise in or through cyberspace
include international cybersecurity standards, internet access, privacy,
internet freedom, intellectual property, cybercrime, state-sponsored cyber
conflict and competition, ethical use of digital technologies and commerce,
security, economic and human rights (Goldman, 2021).
Cyberspace
offers digital tools for more effective tracking of diplomatic strategies, as
well as uncovering a range of governance and other issues that can benefit the
diplomat’s techniques and mindset. In cyberspace, as with climate change, the skills and
mindset needed to construct and sustain multilevel and heterogeneous types of
coalitions are diplomatic. Building such coalitions is also important for
cybersecurity. In this context, companies can strengthen technical
cybersecurity by developing broader, more forward-focused diplomatic
strategies, identifying and deterring potential hackers, encouraging
cooperation between governments, companies and other key stakeholders, and
persuading the public (Riordan, 2016).
Cyber diplomacy requires
communication and dialogue between state and non-state actors. Cyber diplomacy
addresses issues such as the prevention of a cyber arms race, the development
of global norms, and the promotion of national interests in cyberspace through
cybersecurity policies and participation strategies. However, it focuses on the
changing role of diplomats and the reorganization of various foreign ministries
and ministries in response to the growing importance of cybersecurity in
foreign policy or the role of new technologies in diplomacy processes and
structures. Manatan states that cyber diplomacy is informed by the multiple
dimensions of soft power and is considered an effective solution in reducing
the eruption of major political or economic uncertainties, risks and potential
conflicts arising from cyberspace. The key elements in the cyber diplomacy kit
are cyber capacity building, confidence building measures and the development
of cyber norms (, 2021).
Crises are
sudden challenges that states and organizations have to deal with. Crises endanger the management and functioning of
countries and organizations. In order to minimize the damage of the crisis, it
is necessary to eliminate the factors that may cause the crisis before the
crisis occurs. Today, states and companies are faced with crises in
cyberspace. Because strategic competition is increasing in cyberspace and
various cyberattacks are organized in order to gain an advantage in this
environment. For example, the possibility of a hacking attack at
any moment is clearly evident. In this context, countries and organizations
need to make effective crisis management for cyberspace.
Cyber crises endanger systems by growing rapidly on an international or global scale beyond the control of states and organizations. For this reason, the primary task of cyber diplomacy is actually crisis management. Cyber diplomacy should consider the crisis caused by cyberattacks as a whole and try to minimize the impact of the crisis. For this, cyber diplomacy must first work to eliminate the factors that led to the crisis. Eliminating these factors requires expertise, resources and infrastructure in the cyber field. For this reason, teams of experts on the subject should be formed in cyber diplomacy, necessary resources should be provided and infrastructure should be strengthened. Cyberspace-related security policies should be established and a multi-stakeholder cyber diplomacy process should be initiated. Thus, a way of dialogue should be opened and harmful behaviors should be prevented by adopting a value-based approach. In particular, it is important for crisis management to take joint measures against cyberattacks of countries against each other. In this context, alliances should be formed with the cooperation of international organizations against the parties or countries that show aggression in the cyber field.
Cyberspace capability can be
expanded when security is backed by NATO, the EU, and a well-resourced
diplomatic corps. The Estonian
example has shown this. It is also noteworthy that NATO’s Cooperative Cyber
Defense Center of Excellence (CCD COE) was built in 2008 in Tallinn, the
capital of Estonia. The CCD COE
acts as a hub that produces lessons, hosts conferences and establishing an
ecosystem for both NATO and non-NATO members such as Austria, Luxembourg and
South Korea (White, 2019: 31).
It is very important to conduct
diplomacy by considering the interests of a state in cyberspace. However, only
some of the countries have placed cyber issues on their diplomatic agendas. Because, due
to limited human and financial resources, the participation of developing
countries and small states in cyber diplomacy is limited and at the same time
renders these countries ineffective in the field of cyber diplomacy policy (Psaila, 2021: 5).
Due to the increasing number of countries acquiring
offensive cyber capabilities, cyber diplomacy is needed to maintain dialogue
between countries and to keep communication channels open even in times of
crisis. It is also necessary to develop binding and non-binding norms for
responsible government behavior in cyberspace and to address the most acute
divergences between stakeholders in this field. This is possible through
multilateral for a such as the GGE and OEWG, regional efforts and
confidence-building measures such as the Organization for Security and
Cooperation in Europe (OSCE), and bilateral agreements such as the 2015
US-China Cyber Agreement (Barrinha &
Renard, 2020).
NATO and EU Cooperation
Cyberattacks
by foreign actors (state and non-state) have increased, including
state-sponsored attacks against both NATO and the EU Member States (Poptchev,
2020).
NATO-EU
cooperation in cybersecurity and cyberdefense can be extremely beneficial to
jointly address the common cyber issue in terms of both political and
technological interests. Poptchev states that this would basically require two
paths: “(1) tack-ling the cyber threat
and related hybrid warfare effectively; and (2) engaging the rest of the world
in regulating cyberspace, including related new technologies such as artificial
intelligence (AI), Internet of Things (IoT) and 5G”. Poptchev says that
both "defensive" and "offensive" techniques and procedures
are necessary to solve the first problem. These techniques and procedures are
stated as ‘capabilities to monitor, detect, analyse and manage big data,
including through cross-border ex-change, access to deep knowledge and a
productive relationship with industry, academia and social media companies. In
this context, an ally and partner format involving many countries is essential
for exchange and cooperation. The second path requires multilateral
communication and diplomacy in the face of ambitious competitors and
adversaries operating in cyberspace, equally dependent on the exchange of
science and technology and international trade. For
this reason, cooperation between many countries is also appropriate for the
second way. The Euro-Atlantic community of nations including
partners around the world can be an influential force that can shape the
outcome in any global forum tasked with advancing cyberspace rules (Poptchev,
2020: 36).
NATO leads important cooperations in the
provision of cybersecurity. That’s
because NATO and its Allies are developing strong and resilient cyber defenses
to fulfill the Alliance’s core tasks of collective defence, crisis management
and collaborative security. Cyber
threats challenge state and organizational boundaries. For this reason, NATO
engages with a number of partner countries and other international
organizations to enhance international security. NATO works with the European Union (EU), the United Nations (UN) and the
Organization for Security and Cooperation in Europe (OSCE). One of the strengthened areas of cooperation
between NATO and the EU is cyber defense. Both organizations are making a
coordinated effort against hybrid threats. NATO and the EU are sharing knowledge and exchanging best practices
between cyber crisis response teams. In
addition, cooperation is being developed between NATO and the EU on training,
research and exercises that have tangible results in the fight against cyber
threats (North Atlantic
Treaty Organization, 2021).
Discussion and Conclusion
Cyber diplomacy must be continued uninterruptedly for crisis management in cyberspace. For this, states, companies, international organizations and NGOs must work together. Many activities that take place in the physical environment today will move to cyberspace in the near future. For this reason, regulation of cyber space, increasing the knowledge of experts on cybersecurity and strengthening the technical infrastructure are also necessary for strengthening cyber diplomacy. Cyber diplomacy is a team effort and requires combining specialized knowledge in the cyber field with diplomatic knowledge and practice.
References
Attatfa, Amel, Karen Renaud, Stefano De Paoli (2020): “Cyber Diplomacy:
A Systematic Literature Review”, 24th International Conference on
Knowledge-Based and Intelligent Information & Engineering Systems, Procedia Computer Science, 176 (2020),
60-69.
Barrinha, Andre, Thomas Renard (2020): “The Emergence of Cyber Diplomacy in an Increasingly Post-Liberal Cyberspace”, Council on Foreign Relations (CFR), June 10, 2020, https://www.cfr.org/blog/emergence-cyber-diplomacy-increasingly-post-liberal-cyberspace.
Goldman, Emily O. (2020): “From Reaction to Action: Adopting a Competitive Posture in Cyber Diplomacy”, Texas National Security Review, Volume 3, Issue 4 (Fall 2020), 84-101.
Goldman, Emily O. (2021): “Cyber Diplomacy for Strategic Competition”, The Foreign Service Journal, June 2021, American Foreign Service Association, https://afsa.org/cyber-diplomacy-strategic-competition.
Jaiman, Ashish (2021): “Disinformation is a cybersecurity threat”, The Hindu, Februrary 11, 2021, https://www.thehindu.com/opinion/lead/disinformation-is-a-cybersecurity-threat/article33804285.ece.
(2021) “Advancing cyber diplomacy in the Asia Pacific: Japan and Australia”, Australian Journal of International Affairs, 75:4, 432-459, DOI: 10.1080/10357718.2021.1926423.
North Atlantic Treaty Organization (NATO) (2020): NATO Glossary of Terms and Definitions (English and French) AAP-06 Edition 2020, NATO Standardization Office (NSO), https://standard.di.mod.bg.
North Atlantic Treaty Organization (NATO) (2021): “Cyber Defense,”
Updated 02 Jul. 2021, https://www.nato.int/cps/en/natohq/topics_78170.htm.
Ottis, Rain, Peeter Lorents (2010): “Cyberspace: Definition and Implications”, in Proceedings of the 5th International Conference on Information Warfare and Security, Dayton, OH, US, 8-9 April, Reading: Academic Publishing Limited, 267-270.
Poptchev, Peter (2020): “NATO-EU Cooperation in Cybersecurity and Cyber Defence Offers Unrivalled Advantages”, Information & Security, Vol. 45 (2020), 35-55, https://doi.org/10.11610/isij.4503.
Psaila, Stephanie Borg (2021): “Improving the practice of cyber diplomacy: Training, tools, and other resources - Phase I”, DiploFoundation, September 2021,
https://www.diplomacy.edu/wp-content/uploads/2021/10/Cyber-diplomacy-study-Diplo-Phase-I.pdf.
Riordan, Shaun (2016): “Cyber Diplomacy vs. Digital Diplomacy: A Terminological Distinction”, USC CPD Blog, May 12, 2016, https://uscpublicdiplomacy.org/blog/cyber-diplomacy-vs-digital-diplomacy-terminological-distinction.
Riordan, Shaun (2019): “Cyber-diplomacy: Why Diplomats Need to Get into Cyberspace”, Public Diplomacy Magazine: Cyber Diplomacy, Issue 22 Winter 2019, University of Southern California, 9-10, publicdiplomacymagazine.com.
Vignati, Luca, Euan Scott, Krastina Razheva, Jorida Vela (2021): Defending The EU Against Cyber Operations Mechanisms, Challenges And Cooperation With NATO, Finabel, European Army Interoperability Centre, 3 November 2021,
White, Daniel E. (2019): “Estonian Leadership in the Cyber Realm”, Public
Diplomacy Magazine: Cyber Diplomacy, Issue 22 Winter 2019, University of
Southern California, 31-32, publicdiplomacymagazine.com.
Wigmore, Ivy (2017): “Cognitive Hacking”, TechTarget, WhatIs.com?, Updated in August 2017, https://whatis.techtarget.com/definition/cognitive-hacking.
No comments:
Post a Comment