Users increasingly encounter moments when a website asks for permission to gather some personal data or access to their device hardware: "Can we access your GPS position? Your microphone or camera? Your Bluetooth? Can we send you push notifications about breaking news or premium chocolate subscription offers?" Permissions, Read More
Software can officially and formally be munitions. Since December 2019 offensive software even more so. At least in the context of the Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies, whose members are different countries around the world. The treaty regulates the selling of munitions Read More
Contrary to what you may read in the popular press, there are rules when it comes to cyberattacks. Today, probably all countries regulate cybercrime in domestic law. All countries agree also that international law rules apply to cyberspace, including cyberattacks and also cyberwarfare. I recently covered positions of two example Read More
The Netherlands recently released a document describing their views and position on the application of international law to cyberspace and cyberattacks. This is a very reasoned document and contains great insight. Just like a similar French document (with a big catch - see later; my analysis here), it is short Read More
You may have heard of the cliché “there are no rules in cyberwar". It is false. There are rules. The trick is how those apply. Countries rarely speak clearly how they see or would see things. Most countries accept that international law applies to cyberspace, including to cyber operations Read More
Cyber conflicts involving state actors are quickly becoming a geopolitical reality. Perhaps the most cited example, the alleged Russian interference in the 2016 U.S. election, is a continued source of conflict in U.S.-Russia relations. The story took another turn last October when the U.S. Cyber Command Read More
Recently cyber insurance gained fame because of the refusal of two major firms (1), 2) to cover the costs of NotPetya ransomwiper. The explanation, “war-like activity” exclusion model clause (CL.380, “Institute Cyber Attack Exclusion“; a fairly standard sample here) result in a fairly entertaining case from the international law Read More
The just-published report of International Committee of the Red Cross (ICRC) on humanitarian consequences of cyber operations brings the much-needed, currently lacking expert insight and context in the debate around cyber warfare. I am also happy because I had an opportunity to co-author this report; the (now public) part of Read More
For the first time in the “history of cyber conflicts” (call it like that) we have seen the media of one country signaling an offensive cyberattack on a target located in another country, and the media of the targeted country confirm that the operation has happened. This is without a Read More
Many countries are developing cyber capabilities, including for their military forces. Details are often secret. Public discussions are therefore always refreshing. There is a good opportunity. France just made public the elements of the offensive cyber operation doctrine. This is a good move. It helps informing the public (national, international) Read More
Cybersecurity evolves rapidly both in technology and policy terms. Countries and organisations struggle with the pace of change. Analysing particular strategies is not only useful but also interesting, as it may often constitute a form of a litmus test. On the one hand, strategies show where we, the countries, (or, Read More
It is always good to observe how countries build their strategic capabilities within the cyber domain. It is truly a fascinating time for technology policy, privacy and cybersecurity, speaking here in all means: technically, strategically, diplomatically and militarily. Some countries either think about doing “something”, instead - others do. Perhaps Read More
There are not many events out there gathering high-level politicians, policy makers and technologists. This is why it was such a pleasure to be a participant in the Cyber Security Summit (CSS) in 2018 held in Tallinn, Estonia - organized by Munich Security Conference (and then followed by attendance of Read More
Many countries currently discuss cybersecurity on multiple levels. France is not an exception. The new REVUE STRATÉGIQUE DE CYBERDÉFENSE (Strategic Review of Cyberdefence) is a complex, coherent and strategic document listing the many actions that France has already taken, as well as those ahead. I will not analyze this document Read More
Currently, it is the key question of cybersecurity and privacy strategic policy. The European Union is going through an overhaul of its privacy and cybersecurity regulatory frameworks. New regulations appear with remarkable frequency. Let’s mention merely the three: NIS Directive (“common level of network and information security“), General Data Read More
The new Russian Information Security Doctrine (Doktrina informatsionnoy bezopasnosti Rossiyskoy Federatsii) might appear to be a rather general document. Upon first sight, it seems that it doesn’t contain much interesting information. This view is misguided - it’s worth to look at the text of the doctrine in order Read More