Hardly a day goes by without the latest destructive malware, data breach or e-mail hack making headlines around the world. Over the last few years, these developments which began as isolated incidents have now become an everyday reality. The development of cyber operations by nation states have quickly followed suit which has led NATO to recognize cyberspace as a new domain of warfare after land, air, and sea. It is no hyperbole to say that a cyber arms race is well underway.
In a time of rapid technological change, slow policy discussions, and deep geopolitical divisions, there is uncertainty as to how we can collectively harness the benefits of technology while preventing destructive cyber conflict. Difficult to trace and shrouded in anonymity, how can the world address the potential risks of cyber weapons proliferation? What kind of agreement could be reached to prevent cyber conflict with these new capabilities?
A non-proliferation regime for cyberspace
This month we launched a new study on a non-proliferation regime for cyberspace in order to answer some of these difficult questions. This report provides an analysis on the cyber weapons proliferation debate, leveraging the lessons learned from past international agreements, and offering a potential way forward to ensure that an open, stable, and secure cyberspace remains.
From our research and extensive interviews with global experts, we found that while necessary, any kind of international agreement to limit the use and proliferation of cyberweapons may be in the distant future. But progress on a shared vision must start somewhere and there is a lot that we in Europe can do in making short term, tangible steps to improve the safety and stability of cyberspace.
Learning from the past
For starters, we must learn from and not repeat the mistakes of the past. Headquartered in Rome, we at the Istituto Affari Internazionali are reminded of the importance of history on a daily basis. From the ashes of World War II, that led to the Geneva Conventions, to the nuclear arms race of the Cold War that paved the way for the Treaty on the Non-Proliferation of Nuclear Weapons – there are important lessons to draw from on processes, actors and timelines.
Any way forward must start through creative leadership. Microsoft’s leadership, for example, has been pivotal in spurring a truly multistakeholder debate around the role of the tech industry, the necessity of an attribution organization and the aspirational goal of a binding government agreement. However, industry and civil society alone cannot achieve meaningful progress towards a non-proliferation regime for cyberspace. With the retreat of the U.S. in its cyber diplomacy approach, a government-leadership gap must be filled.
All roads lead to Rome
Last year as the G7 Presidency, Italy facilitated the publication of the Lucca Declaration, which recognized the urgent need to establish international norms for responsible nation-state behavior in cyberspace. This declaration was an encouraging development but the focus on voluntary measures didn’t go far enough in codifying the rules of the road in cyberspace. The new government can build off this existing foundation and prioritize improving cyber stability, for example, through the Italian chairmanship of the Organization for Security and Cooperation in Europe (OSCE).
We recognize that any regime for cyberspace will take years to negotiate due to deep political divisions that must be overcome, but ultimately, we must start somewhere. This year, Italy has the unique opportunity to take the helm of leadership in cybersecurity across Europe.
The report was also co-authored by Christian Barbieri and Carolina Polito.