A new year, a new project, a new name: The Hague Program on International Cyber Security. Professor Global Security and Technology Dennis Broeders was awarded a grant of 2 million Euros by the Dutch Ministry of Foreign Affairs for this natural successor of the The Hague Program for Cyber Norms. Broeders: 'We've got to go looking for the elephants in the room. Those things everybody knows: they're there but we'd rather not talk about them.'
Broeders and his team's new 4-year project will focus on more than cyber norms alone. Broeders: 'Through our research and activities we hope to create understanding of what actually is cyber conflict. Our starting point is the changing landscape of international cyber security and cyber conflicts. We'll zoom in on the different methods of governance available to states and other actors to help them deal with and shape the strategic changes in the digital environment.'
A closer look at cyber conflicts
The team, which, apart from Broeders, consists of Fabio Cristiano, Monica Kaminska, and Corianne Oosterbaan, is especially interested in cyber conflicts that lurk beneath the 'war threshold'. 'Most things that worry us, in terms of cyber security, occur in this zone of: not war, but definitely not peace', explains Broeders. 'States get up to all kinds of things. Criminality and espionage are on the rise. Espionage evolves into sabotage. And all of this takes place on a scale that is, obviously, much larger than before. During the Cold War, somebody would break into an embassy and take pictures of a stack of documents. Today, people with malicious intent take off with terabytes of information. We don't have the correct instruments yet to deal with this. Governments and politicians also struggle to come to grips with these predicaments, not in the least because they are involved in certain acts themselves too.'
New focus
It is important to better understand the characteristics and dynamics of cyber conflict. What is really happening here? Why do states do what they do? Why are they convinced they will get away with it and why do they actually get away with it? Under the new banner of The Hague Program on International Cyber Security Broeders hopes to find the answers to these questions. 'It's a new focus. We've established a lot in five years, now it's time to integrate our past findings, make sure we maintain continuity, and get the new project up and running. We also hope to make headway on the instruments side of things. What type of standard international regulations on traffic in cyberspace are feasible and how can we enforce them? A lot more will need to happen than simply issuing these regulations.'
'We need to look for the elephants in the room. Things everybody knows: they're there but we'd rather not talk about them. For diplomats and other organisations it can be a valid option to remain silent, but for us, those are the topics we'd very much like to discuss.'
Looking for elephants in the room
Broeders hopes the tackle these issues through his own research and by bringing people together during events, seminars and roundtables. 'Sometimes you need to open your doors and invite everybody in. People working in the field, scholars, policy makers, international organisations, and stream away. Sometimes, you'll need to keep things a bit more enclosed, when sensitivities such as intelligence are involved. We need to look for the elephants in the room. Things everybody knows: they're there but we'd rather not talk about them. For diplomats and other organisations it can be a valid option to remain silent, but for us, those are the topics we'd very much like to discuss. We're rather fond of those elephants.'
Bringing worlds together
According to Broeders, the time is right for ISGA and Leiden University to take the lead. 'We've undergone a tremendous growth and you can really see that the professional field has gotten more mature. More and more people have gotten involved and we've been working on it for a while now. The interest is growing, the discussions are getting more diverse. We've also started exploring new paths and are trying to do here what they've been doing in the US for some time. We're also involving people from Threat Intel in our project. These are technical people actually working on the systems, having to deal with APTs (Advanced Persistant Threats) and who're keeping track of who's doing what. Presenting you with a completely different image of the field. I think it'll be really interesting to bring these worlds together.'