Remember the “red telephone” that metaphorically connected the Oval Office and the Kremlin during the Cold War? It was part of a broader effort to build trust by facilitating information sharing and early warning systems. Experts call these Confidence Building Measures, or CBMs. Recent headlines would suggest we need more CBMs in cyberspace. In late June, Tim Maurer, policy analyst at the New America Foundation’s Open Technology Institute, contributed to just such an international workshop on Confidence Building Measures (CBM) and International Cyber Security hosted by the ICT4Peace Foundation based in Switzerland.
The goal of the workshop was “to develop a better common understanding of practical CBMs to be applied to the cyberspace, based inter alia on concrete experiences of incidents and threats, that are relevant to build trust and rapid response systems to avoid potential conflict.” All part of a recent increase in the discussion of how CBMs can work in cyberspace.
On June 17, the U.S. and Russia announced that they will create a new working group under the Bilateral Presidential Commission focusing on cyber threats, links between their computer emergency response teams, a White House-Kremlin direct secure communications line, and exchange notifications through the existing Nuclear Risk Reduction Centers. Earlier in June, experts from fifteen countries including the Permanent Five of the UN Security Council plus India, Japan, and Germany adopted a consensus report under the auspices of the United Nations emphasizing the importance of CBMs. And in July, Chinese and U.S. officials held their inaugural meeting of a newly formed working group on cyber-security “to speed up action to prevent hacking attacks” according to the BBC.
The workshop therefore took place at an opportune moment. It provides further input into these ongoing negotiations. It also coincided with recent reports shedding a light on what can happen when two states are engaging in conflict in cyberspace. The recent Vanity Fair article “Silent War” provides an outline and further details about the attacks between the U.S. and Iran. It showcases the risks and costs when relations escalate into conflict. CBMs are an important instrument to avoid such a development.
The ICT4Peace Foundation concluded that “The workshop has allowed for a focused examination and development of a list of specific, concrete and practical CBMs and an assessment of their utility and feasibility from an international security, operational and diplomatic perspective. The results of the workshop will help the discussions and negotiations on confidence building in cyberspace and related policy options in various fora such as the UN Group of Governmental Experts on Cyber Issues (UN GGE), the OSCE Informal Working Group on Confidence–building Measures in the field of ICTs, the ASEAN Regional Forum (ARF), the London Process on Cyberspace and the Conference on Cyberspace in Seoul in October 2013.”
The workshop report is available here: http://ict4peace.org/what-next-building-confidence-measures-for-the-cyberspace/
This post originally appeared on In The Tank, a blog from the New America Foundation.