Conflicts today are no longer confined to the three conventional areas of warfighting – land, sea, and air. Cyber space is now increasingly being recognized as a fourth area of conflict, with countries incorporating cyber elements into their traditional military doctrines, or developing offensive cyber capabilities and cyber military commands. As cyber space becomes more militarized, we are also increasingly seeing nation-state or state-sponsored cyber-attacks rise. Difficult to trace and shrouded in anonymity, how can the world address the potential risks of cyber weapons proliferation? What kind of agreement could be reached to prevent cyber conflict with these new capabilities? What role can confidence building measures or cyber norms play in de-escalation? This paper provides an analysis on the cyber weapons proliferation debate, leveraging the lessons learned from past international agreements, and offering a potential way forward to ensure that an open, stable, and secure cyber space remains.
Paper prepared for the Istituto Affari Internazionali (IAI), March 2018. Presented at the debate on “A Non-proliferation Regime for Cyber Weapons?” organized by IAI and Microsoft in Brussels on 19 March 2018.
1. Definitions and actors
1.2 Key actors
2. Existing international agreements in other domains
2.1 Regulations on use
2.2 The regulation of proliferation
3. Analysis of multilateral initiatives in the cyber domain
4. Future perspectives for a cyber convention
4.1 A regulation of offensive behaviours in cyber space
4.2 The need for the protection of civilians from cyber-attacks
4.3 Cooperation between the public and private sectors and cross-industry collaboration
4.4 Compliance mechanisms and cyber-attack attribution