Senter
NUPIs senter for forskning på ny teknologi
Senterkoordinator
Arrangementer
Globale endringer som følge av den teknologiske utviklingen skjer raskt og det er viktig med kunnskap for å forstå hva disse endringene innebærer for verden. Derfor har vi et forskningsmiljø på NUPI som setter søkelys på disse endringene. Kort sagt ser vi på hvordan digital teknologi påvirker dynamikkene i det internasjonale systemet, påvirker interesser og verdier, hvordan makt forflytter seg, og hvordan geopolitikk, demokratier og interesser er i endring som følge av dette.
På NUPIs senter for forskning på ny teknologi jobber vi med å forstå og analysere den nåværende situasjonen innen digitalisering, cybersikkerhet og kunstig intelligens (AI). I dagens verden har disse teknologiene blitt uunnværlige for stater, institusjoner, organisasjoner og enkeltpersoner over hele verden. Mens de har åpnet opp et bredt spekter av muligheter, har de samtidig medført betydelige utfordringer.
Framveksten av digital teknologi har revolusjonert måten informasjon deles og behandles på. Den har ført til en økning i tilgjengeligheten av data, akselerert kommunikasjon og muliggjort nye former for økonomisk samhandling. Parallelt med denne utviklingen har cybersikkerhet blitt stadig viktigere, ettersom trusler og angrep mot digital infrastruktur har blitt stadig mer sofistikerte. Beskyttelsen av personvern, dataintegritet og nasjonal sikkerhet er blant de mest presserende utfordringene som krever tverrfaglig forskning og samarbeid.
Kunstig intelligens har i løpet av det siste tiåret gjort store fremskritt og har potensial til å transformere samfunn verden over på mange områder. Bruken av AI har allerede spredt seg til alt fra helsevesen og transport til politiarbeid, forsvarssektoren og finans. I kjølvannet av denne framveksten dukker nye typer utfordringer knyttet til stormaktskappløp, global handel, etisk bruk, rettferdighet, ansvarlighet og potensialet for menneskelig feilpåvirkning opp. Regulering og politikkutvikling er derfor avgjørende for å realisere AI-teknologiens fulle potensial.
Digitalisering, cybersikkerhet og kunstig intelligens vil fortsette å utvikle seg i raskt tempo, med dyptgripende konsekvenser for samhandling mellom stater, internasjonal politikk og global handel. Den stadige økende avhengigheten av teknologi vil kreve nye og mer sofistikerte løsninger for å beskytte samfunnet mot uønskede endringer og trusler, og derigjennom bidra til en inkluderende og bærekraftig utvikling. En bedre forståelse av disse utfordringene innebærer et behov for tverrfaglig forskning, samarbeid med aktører i offentlig og privat sektor, samt en kontinuerlig dialog med politiske beslutningstakere.
På NUPIs senter for forskning på ny teknologi er vi opptatt av å forstå og analysere hvordan ny teknologi påvirker internasjonal politikk og global handel. Ved å være et sentrum for kunnskap og ekspertise, bidrar vi til utviklingen av forskningsbaserte policyanbefalinger og til å skape en plattform for debatt og kunnskapsutveksling. Med fokus på digitalisering, cybersikkerhet og kunstig intelligens står forskningssenteret i spissen for å bidra med kunnskap om de internasjonale utfordringene og mulighetene som disse teknologiene bringer med seg.
Det forventes at teknologiutviklingen vil fortsette å akselerere, med stadig mer avanserte teknologier som vil transformere samfunnet og økonomien i stor grad. Cybersikkerhet vil være en konstant bekymring, med behov for mer sofistikerte forsvarsmekanismer og samarbeid på tvers av sektorer og landegrenser. Kunstig intelligens vil bli stadig bedre, og vil kreve etiske retningslinjer og reguleringer for å sikre ansvarlig og menneskelig styrt bruk. Gjennom forskning, analyse og dialog med relevante aktører vil NUPIs senter for forskning på ny teknologi bidra til å forme politikk og praksis på nasjonalt og internasjonalt nivå. Med fokus på samfunnsendringer i internasjonal politikk og global handel er senteret en pådriver for å forstå og adressere konsekvensene av ny teknologi, samtidig som det søker å utnytte mulighetene de bringer med seg. Gjennom forskning og innsikt produserer NUPIs senter for forskning på ny teknologi kunnskap og analyser knyttet til en bærekraftig fremtid i en stadig mer teknologidrevet verden.
Niels Nagelhus Schia og Lars Gjesvik leder arbeidet med senteret. I tillegg er Karsten Friis, Claudia Aanonsen, Erik Reichborn-Kjennerud, Eskil Jakobsen og Ida Faldbakken er tilknyttet dette forskningssenteret.
Aktuelt
NUPI-forskar skal leie ekspertgruppe
Nagelhus Schia utnevnt til Forsker 1
PODKAST: Algoritmens voktere
PODKAST: AI og geopolitikk
Toppledernes guide til ansvarlig bruk av AI
Big Tech gjør staters jobb
Å kreve at Facebook skal være løsningen på overvåkningsproblematikken er like urimelig som å forlange at Twitter skal håndtere Donald Trump på en forbilledlig måte, skriver Lars Gjesvik og Ole Willers i denne kronikken.
KRONIKK: Etterretningstjenestene må reformeres
Sikkerhetsmyndighetene har et alvorlig samordnings- og koordineringsproblem, skriver NUPI-forskerne Karsten Friis og Valther Hansen.
Digitale trusler blir kinkig for Norge i Sikkerhetsrådet
De fleste land rangerer trusler via det digitale rom som en av de største utfordringene for det 21. århundret. På tross av dette har tematikken knapt vært nevnt i FNs sikkerhetsråd. Hva kommer det av? Og kan Norge gjøre noe med det? spør Niels Nagelhus Schia og Erik Kursetgjerde.
Høyr NUPI på NRK P2!
Måndag - fredag i veke 50 erstatta NUPI «Ekko» i NRK P2. Få med deg ti timar med utanrikspolitiske tema i NRK-appen eller som podkast.
Trusselen fra teknologien – slik kan demokratiet hackes
Niels Nagelhus Schia og Lars Gjesvik har forsket på hacking av demokrati. Har vi noe å frykte? Det svarer de på i NUPI-podden.
Cyber, samfunn og sikkerhet i fokus i Internasjonal Politikk
Siste nummer av Internasjonal Politikk er viet til cybersikkerhet, og du kan lese det helt gratis.
Nye publikasjoner
Internet governance and the UN in a multiplex world order era?
Over the last two decades Internet Governance (IG) has emerged as an increasingly complex and fraught field of policymaking involving both states and non-state actors on a multitude of arenas. Facing this complex field, the role of the United Nations (UN) in IG has been both varying and contested. While the UN has been discussing issues related to IG since the 1990s, disagreements on both substantive issues and where discussions ought to take place have intermittently resurfaced and remained relevant, but recent processes and challenges to the status quo asks questions about the direction going forward. In the UN, recently established processes aims to revamp the approach to IG, while the negotiations over a cybercrime convention, and the 2022 ITU plenipotentiary have made the long running contests between western and authoritarian states over this topic more visible. Broader trends and rising tensions globally raises questions not only about the future for the global nature of IG and the role of the UN in this, but also whether decoupling and alliances with like-minded states might become more dominant than global multilateral and multi-stakeholder channels, i.e a trend pointing towards a multiplex field of internet governance.1
Stuxnet - et paradigmeskifte?
Cyberangrepet Stuxnet representerte noe helt nytt da det ble offentlig kjent i 2010. Angrepet viste at digital skadevare kunne sabotere funksjonaliteten til infrastruktur, forårsake alvorlige ødeleggelser og ikke minst fungere som et politisk pressmiddel. Dette kapittelet i boken "Cybermakt. En tverrfaglig innføring" belyser hvordan Stuxnet har påvirket hvordan stater benytter seg av cyberkapabiliteter i konflikt, og hvordan cyberoperasjoner oppfattes. Vi forfekter at angrepet representerer et paradigmeskifte, og bygger denne argumentasjonen på en analyse av operasjonen og dets etterspill. Utviklingen i cyberdimensjonen av konflikten mellom USA og Israel versus Iran, og dessuten andre staters opprustning av cyberkapasiteter, er også viktige bestanddeler i analysegrunnlaget. Skiftet gjelder bruk av cyberoperasjoner i konfliktsituasjoner og utvikling av offensive og defensive cyberkapabiliteter etter Stuxnet. Vi argumenterer i dette kapittelet at cyberoperasjoner kan benyttes som en alternativ måte å hevde sikkerhetspolitiske interesser på - ikke bare i gråsonen som et supplement mellom diplomati og militære virkemidler, men også som et substitutt til konvensjonell militærmakt.
Hva er det vi egentlig løser ved å slette TikTok?
Hvilke apper må Nasjonal sikkerhetsmyndighet vurdere i neste runde?
The subsea cable cut at Svalbard January 2022: What happened, what were the consequences, and how were they managed?
Svalbard is, like most other societies, largely dependent on an internet connection. The fiber connection on Svalbard consists of two separate subsea cables that connect Longyearbyen to the mainland. In some areas the cables were buried about two meters below the seabed, especially in areas where fishing is done, to “protect against destruction of the fishing fleet’s bottom trawling or anchoring of ships. (New version uploaded 18 January 2023)
Loss of Tonga’s telecommunication – what happened, how was it managed and what were the consequences?
In January 2022 the subsea volcano Hunga Tonga-Hunga Ha’apai in Tonga had a major eruption which also cut the country’s communication lines nationally, between Tonga’s inhabited islands and the outside world. The damage led to a complete halt in international communication (a “digital darkness”) which meant that, in the period immediately after the outbreak, not much was known about the extent of the damage in Tonga. Due to very limited access to contact with both the authorities and the population of Tonga, it was only during overflights carried out by the Australian and New Zealand air forces that one could begin to map the extent of the damage and the need for assistance.
Digital Vulnerabilities and the Sustainable Development Goals in Developing Countries
Hvordan fører digitalisering til nye globale koblinger og fra-koblinger i utviklingsland? Og hvilken rolle spiller digitaliseringen for FNs bærekraftsmål? Dette kapittelet viser hvordan kapasitetsbygging, når det gjelder digitalisering og cybersikkerhet, henger tett sammen med hvor bærekraftig bistandsprosesser i utviklingsland vil være.
Interpreting cyber-energy-security events: experts, social imaginaries, and policy discourses around the 2016 Ukraine blackout
Vi analyserer ekspertdebatten rundt et cyberangrep i 2016 som forårsaket strømbrudd i Ukraina. To ekspertrapporter var avgjørende for å interprete denne hendelsen, og det er flere konkurrerende narrativer om cybersikkerhet der hendelsen spiller ulike roller. Vi viser at de mest apokalyptiske narrativene ble mer fremtredende og peker på makten som utøves av private selskaper og eksperter på dette feltet.
Private infrastructure in weaponized interdependence
Den strategiske betydningen av digital infrastruktur og andre økonomiske infrastrukturer har blitt et stadig viktigere politisk spørsmål, ikke minst i etterkant av den russiske invasjonen av Ukraina og de omfattende vestlige sanksjonene i etterkant. Selv om kontroll over denne typen infrastrukturer har potensiale til å være et effektivt politisk pressmiddel, kompliseres bildet av at infrastrukturene ofte er i hendene til private selskaper. For å bedre forstå mulighetene og begrensningene for denne typen maktutøvelse er det essensielt å sette relasjonen mellom stater og private selskaper i sentrum av analysen. Gjennom en studie av undersjøiske internettkabler viser jeg hvordan endrede markedsbetingelser tvinger gjennom en reorientering av stat-marked relasjonen, med betydning for i hvilken grad undersjøiske internettkabler kan bli strategiske maktmidler.
Verdens rikeste mann har geopolitiske ambisjoner. Derfor bekymrer Twitter-kjøpet.
Elon Musks involvering i ukrainakrigen og samtidige oppkjøp av Twitter reiser en rekke spørsmål og dilemmaer.
Norwegian cybersecurity: a small-state approach to building international cyber cooperation
Som et lite, åpent og digitalisert land har cybersikkerhet blitt et stadig viktigere politisk spørsmål i Norge. Likevel, som i andre svært digitaliserte land, har Norge hatt utfordringer med å forene nasjonale sikkerhetsinteresser med det komplekse bildet av private selskaper og andre aktører som bidrar til digital sikkerhet. Dette kapittelet sammenstiller de senere års forsøk på å skape et forent rammeverk for digital sikkerhet i Norge.
Managing a digital revolution: cyber security capacity building in Myanmar
Digitalisering utsetter utviklingsland for et økende antall risikoer, samt muligheter knyttet til tilkobling til Internett. Myanmar skiller seg ut som et kritisk tilfelle av både fallgruvene og fordelene Internett-tilkoblingen kan medføre. Midt i en politisk overgang fra militært styre til et fungerende demokrati, legger Myanmar IKT til sentrale områder som bank og e-forvaltning. Etter å ha vært et av de minst tilkoblede landene i verden for bare fem år siden, kobler landet seg nå til Internett i et enestående tempo, med få institusjoner på plass for å sikre at overgangen går greit. Den raske utvidelsen av Internett-tilkobling kobler stadig flere mennesker til en internasjonal verden av virksomhet, diskurs og underholdning, men også kriminalitet, underordninger og uenighet. Et avgjørende aspekt for utviklingen i årene som kommer vil være å utnytte fordelene, samt redusere ulempene som iboende følger i kjølvannet av Internett-tilgang (Schia, 2018). I dette kapittelet undersøker vi risikoen og potensielle fordelene ved Myanmars omfavnelse av digital teknologi.
Digitale trusler blir kinkig for Norge i Sikkerhetsrådet
De fleste land rangerer trusler via det digitale rom som en av de største utfordringene for det 21. århundret. På tross av dette har tematikken knapt vært nevnt i FNs sikkerhetsråd. Hva kommer det av? Og kan Norge gjøre noe med det? spør Niels Nagelhus Schia og Erik Kursetgjerde i denne DN-kronikken.
Intergovernmental checkmate on cyber? Processes on cyberspace in the United Nations
Det digitale rom er eit stadig meir omdiskutert felt på den internasjonale agendaen. Til tross for at det har pågått prosessar i FN på tematikken siden 1998 er framleis mykje knytt til grunnprinsipp i det digitale rom uklart. Attribueringa av dei antatte russiske cyberoperasjonene mot Stortinget tidligare denne månaden aktualiserer og mogleggjer for Noreg å løfte denne tematikken i FN. Om det skulle være aktuelt, kan Noreg følge i fotspora til Estland som sitt i Sikkerhetsrådet 2020-2021. Policy briefen diskuterer forhandlingane i FNs ekspertgrupper (GGE)på det digitale rom i 2015 og 2017 - og trekk det opp mot dagens situasjon.
Offensive cyberoperasjoner: Den nye normalen?
Kan stater gå til motangrep om de blir angrepet digitalt i fredstid? Hva gjør toneangivende land, og hva sier internasjonal rett og normer om dette? Og hva kan de sikkerhetspolitiske konsekvensene bli av økt bruk av offensive cyberoperasjoner? Denne ar-tikkelen diskuterer denne sikkerhetspolitiske utviklin-gen i kombinasjon med en analyse av det relevante internasjonale rettslige rammeverket. Artikkelen be-gynner med en redegjørelse av USAs nye tilnærming til offensive operasjoner, knytte til de to begrepene “persistent engagement” og “defend forward”. Deret-ter følger en kort case-studie på Norges tilnærming til offensive cyber operasjoner, noe som bringer oss til “Responsibility of States of International Wrongful Acts”-lovverket, som er det mest relevante med tanke på offensive cyberangrep utenom væpnet konflikt. Artikkelen avsluttes med en diskusjon av dilemmaer i skjøringspunktet sikkerhetspolitikk og folkerett
Hacking democracy: managing influence campaigns and disinformation in the digital age
How are states responding to the threat of using digital technologies to subvert democratic processes? Protecting political and democratic processes from interference via digital technologies is a new and complicated security threat. In recent years the issue has been most prominent in terms of election security, yet the widespread usage of digital technologies allows for the subversion of democratic processes in multifaceted ways. From disrupting the political discourse with false information to inflaming and stoking political divisions digital technologies allows for a variety of ways for malicious actors to target democracies. This article compares different state experiences with interference in sovereign and contested political decisions. More specifically the article compares the Norwegian approach and experience in managing these challenges with those of Finland and the UK. Mapping both how the problem is understood, and the role of previous experiences in shaping public policy.
The role of the UN Security Council in cybersecurity: international peace and security in the digital age
At the 75th anniversary of the United Nations, the UN Security Council is faced with difficult questions about its efficacy, relevance and legitimacy. The leading powers and the permanent members (P5) of the Security Council – China, France, Russia, the UK and the USA – are drawn into a heavy contest over the world order. Power lines are (to be) drawn in an increasingly digital, interconnected and multi-stakeholder society. So far, despite the language from heads of states, global media houses and from leaders of international organizations including NATO and the UN, none of the P5 countries have brought cyber to the UNSC. Other countries – for instance, Lithuania and the Netherlands – have considered introducing cybersecurity issues in the Council, but no action has followed. One of the most recent members-elect, Estonia, has pledged to take the issue up. To stay relevant and act up on its responsibility for international peace and security, the Security Council will have to establish itself vis-à-vis cyber issues. The goal of this chapter is to examine why and how. To what extent do questions pertaining to digital threats and cybersecurity fall within the mandate of the Council and what could it address given the politically tense times among the P5.
Cybersikkerhet
Den teknologiske utviklingen og framveksten av digitale nettverk har ført til noen av de mest dramatiske endringene vi har sett på flere generasjoner. Dette gjelder både endringer i sosial samhandling, men også endringer i den mer generelle samfunnsmessige utviklingen. Disse framskrittene har også hatt viktige implikasjoner for sikkerhetspolitikk, internasjonal politikk og forhold mellom stormakter. I fokusspalten i dette nummeret av Internasjonal Politikk har vi invitert samfunnsvitere til å belyse hvordan cybersikkerhet bidrar til å endre forhold mellom stater og internasjonale organisasjoner samt internasjonal politikk.
The Politics of Stability: Cement and Change in Cyber Affairs
In November 2018, the Global Commission on the Stability of Cyberspace, inaugurated one year earlier ‘to develop proposals for norms and policies to enhance international security and stability and guide responsible state and non-state behavior in cyberspace’, launched six norms pointing ‘the way to new opportunities for increasing the stability of cyberspace’. However, the Commission has not examined or explained the very concept it was established to explore. Quite the contrary, the Commission argues that its proposed norms will be used to define what cyber stability actually is. Focusing on the interrelationship between international peace and stability, and ways of achieving both in the context of ICTs, the authors will offer a model of stability of cyberspace. They begin by examining the concepts of ‘stability’ and ‘strategic stability’ as understood with regard to international security. This conceptual analysis is followed by a presentation of the political claims of stability expressed in national and international cyber-and information-security discourses. Drawing on the conceptual approaches and the political claims, the report then model the stability of cyberspace in three interlinked and reinforcing dimensions: 1) equal and inclusive international relations; 2) prevention of war: the minimal peace, with emphasis on averting a devastating nuclear war between the superpowers; and 3) the functionality of global and national technical systems and services. After discussing how international law, preventive diplomacy, confidence-building measures, and norms of responsible state behaviour can support cyberspace stability, this report concludes with recommendations for action aimed at helping to create and maintain a stable - resilient and adaptive - cyberspace.
Finding a European response to Huawei’s 5G ambitions
This policy brief suggests that European countries should institute national reviewing boards overseen by intelligence agencies to vet Huawei equipment. If that is not feasible due to a lack of resources or capabilities especially among smaller countries, European governments should consider pooling resources and create a common reviewing board. This would also prevent duplication of efforts on national levels. European authorities should also demand from Huawei to clearly separate its international from its domestic business operations in order to further reduce the risk to the confidentiality, integrity, and availability of European mobile networks.
Å varsle om hybride trusler
Hybrid Warfare Early Warning and Detection. It discusses history of warnning intelligence and why and how hybrid warfare creates new challenges for warning intelligence. It also briefly reviews four concise case studies on real-world expermentation on detecting hybrid threats.
Å gjøre ingenting er uansvarlig
Regjeringen la i høst frem et forslag til ny lov for Etterretningstjenesten ut på høring. Det viktigste i lovforslaget er det som tidligere har vært omtalt som et «digitalt grenseforsvar», men som i lovforslaget har fått den langt mer presise beskrivelsen «tilrettelagt tilgang til grenseoverskridende elektronisk kommunikasjon». Det handler kort fortalt om at Etterretningstjenesten skal få større tilgang til det digitale rom. Primært vil dette handle om å gjøre forhåndsgodkjente søk i datatrafikken som krysser landets grenser – for å kunne fange opp avanserte dataangrep eller terrorplanlegging. Nupi har nylig sendt inn en høringsuttalelse basert på vår forskning på cybersikkerhet og internasjonal sikkerhetspolitikk.
Critical communication infrastructures and Huawei
Recently, there have been growing cyber-safety concerns over telecom equipment made by the Chinese vendor Huawei. This has led many countries to ban Huawei from supplying equipment for building the next generation of mobile networks, 5G. Responses from mobile operators and the telecom community in general have been mixed. For instance, many European mobile operators have stated that these concerns are overblown and that such a ban would delay 5G rollout by two to three years in the best case. Moreover, some operators have directly questioned the ability of the other vendors to timely deliver a complete 5G network. However, these claims have mostly not been grounded in empirical data. This paper takes a multi-perspective approach to investigating this problem empirically. We start by categorizing responses from different countries to using Huawei equipment in 5G. We then analyze the importance and readiness of Huawei for supplying 5G equipment. This analysis is based on contributions to standards and patents. We also present a conceptual risk analysis framework to qualitatively evaluate the ability of a single vendor to cause considerable damage to critical communication infrastructures. This model aims at exploring a set of relevant axis. More specifically, we look at potential for harm in different political climates that is peace, crisis and war. Another axis is whether banning a particular vendor from supplying equipment for the upcoming mobile networks generation is useful without having a backward compatible ban. A third axis is the ability of a vendor to cause harm as a function of the type of supplied equipment, for example radio towers vs network management systems. Combining the analysis of readiness for supplying 5G and potential for causing harm allows us to roughly estimate the likely impact that a complete ban would have on 5G rollout in different parts of the world. We find that such a ban can possibly delay 5G by two years or more for operators with high dependence on Huawei. Consequently, we explore potential approaches that would both reduce vendor-related risk and do not significantly delay the rollout of 5G. These include heterogeneous multi-vendor deployments, equipment verification and testing, international collaboration as well as signing non-aggression treaties. Unfortunately, there is no technological solution that fully remedy this problem. Combining technical solutions with efforts to build trust between countries, enforce existing alignments or create new ones seems a promising way forward.
Comparing Cyber Security. Critical Infrastructure protection in Norway, the UK and Finland.
Cyber security and protecting critical infrastructures from digital harm are of increasing importance for governments around the globe. Tackling this issue is challenged by two distinct features of cyber security in Western states: Firstly, the transnational nature of digital risks and threats necessitates cooperation and engagements beyond the state, through international and regional organizations and institutions. Secondly, the considerable extent of private ownership forces states to rely on and engage with private companies, through regulation or public–private partnerships (PPP). Through comparative analysis of the approaches taken to PPP and European cooperation for energy and telecommunication in Finland, Norway and the UK, this report examines how states engage with these issues. The greatest difference is found to lie between the two Nordic states and the UK. This is not the result of divergent national perceptions and understandings, but of the more centralized and intelligence-centred approach taken by the UK in contrast to the whole-of-society trust-based approach of the Nordic states. Both approaches entail distinct benefits and drawbacks. The major concern in the Nordic states is the lack of public resources and capacity, as well as the fragmentation of responsibility and capabilities. Realizing the importance of culture, context and history in shaping how public authorities respond to cyber-security concerns is of vital importance for enabling better policies. This report concludes by presenting a set of best practices identified in the three case countries.
Military Offensive Cyber-Capabilities: Small-State Perspectives
This Policy Brief provides an overview of the military cyber-defence strategies and capabilities of Norway and of the Netherlands. Comparison of the two different approaches offers insights into their differing tactics and future policy directions. The Brief contributes with a small-state perspective on this malleable and constantly changing field, nuancing the hitherto US-centred debate on the utility and need for deterrence and defence in cyberspace.
Parabasis: Cyber-diplomacy in Stalemate
Governments and industry around the world are working together to bring the next billion users online,1 but their synergies fade when it comes to how to keep online populations safe and secure. Further, the third and fourth billion of Internet users will enter a terrain very different from that available to their predecessors. Vulnerabilities in ICTs as well as de facto exploitation of these vulnerabilities by state and non-state actors has been acknowledged and problematized. Evidence of malicious and hostile operations involving ICTs and the Internet abounds. Uncertain about the true potential of ICTs, governments and users have focused on rules and responsibilities for protecting against cyberattacks, espionage and data manipulation. But where is there an understanding of how to remedy and improve the situation? The first part of this report analyzes and contextualizes the UN First Committee process. The second part offers the authors’ extensions to the theme, analyzing the relative successes and failures of the leading cyberpowers in promoting the world order of their liking. In particular, we analyze how Russia, as the initiator of the First Committee process, has created momentum and gathered support for its calls for specific international regulation and institutionalization of the process on the one hand, and stronger governmental control of the development and use of ICTs and the flow of information on the other. In conclusion, we offer some recommendations for governments wishing to pursue the goal of free and open cyberspace—indeed a rule-based world order. The full text can be read here: http://hdl.handle.net/11250/2569401
International Cybersecurity: Orchestral Manoeuvres in the Dark
Tikk and Kerttunen inform new entrants and nonparticipating governments of the discussions and outcomes of the UN First Committee Group of Governmental Experts (GGE) and discuss prospects for the 2019/2020 GGE. They explain why the Group will not able to provide answers to practical cybersecurity issues facing the majority of states. The authors call states to critically review their reasons for and expectations towards the UN First Committee dialogue on international cybersecurity.
Cyber Security Capacity Building in Myanmar
Digitalization is exposing developing countries to a growing number of risks, as well as opportunities associated with connecting to the Internet. Myanmar stands out as a critical case of both the pitfalls and the benefits Internet connection can bring. Amidst a political transition from military rule to a functioning democracy Myanmar is adding ICT to key areas like banking and e-government. Having been one of the least connected countries in the world only five years ago the country is now connecting to the Internet at an unprecedented pace, with little or no institutions in place to ensure the transition goes smoothly. Using the framework of Cyber Security Capacity Building (CCB) we examine the risks and potential benefits of Myanmar’s embracement of digital technologies.
Managing a Digital Revolution - Cyber Security Capacity Building in Myanmar
Digitalization is exposing developing countries to a growing number of risks, as well as opportunities associated with connecting to the Internet. Myanmar stands out as a critical case of both the pitfalls and the benefits Internet connection can bring. Amidst a political transition from military rule to a functioning democracy Myanmar is adding ICT to key areas like banking and e-government. Having been one of the least connected countries in the world only five years ago the country is now connecting to the Internet at an unprecedented pace, with little or no institutions in place to ensure the transition goes smoothly. Using the framework of Cyber Security Capacity Building (CCB) we examine the risks and potential benefits of Myanmar’s embracement of digital technologies.
Cyber-weapons in International Politics : Possible sabotage against the Norwegian petroleum sector
The use of digital weapons is a rising global problem. Society is rapidly becoming more digitalized – and thereby more vulnerable to attacks. These vulnerabilities are increasingly abused by states and other international actors: Information is stolen, and sabotage occurs. Politically motivated digital attacks against petroleum-sector infrastructure represent one such threat, but this has not attracted as much attention by politicians and business leaders as other security challenges in the sector. In an international crisis, Norwegian oil and gas deliveries to Europe could be attacked on a scale far exceeding what the private and public sectors experience on a daily basis. Such attacks could be aimed at stopping or hindering the physical delivery of petroleum, with direct economic, security and political implications beyond the digital domain.This report examines the issue of digital sabotage of the Norwegian petroleum sector by placing the issue in a geopolitical context, by examining previous cases, and by investigating the current security setup in the petroleum sector.
The cyber frontier and digital pitfalls in the Global South
How does digitalisation lead to new kinds of global connections and disconnections in the Global South? And what are the pitfalls that accompany this development? Much of the policy literature on digitalisation and development has focused on the importance of connecting developing countries to digital networks. Good connection to digital networks may have a fundamental impact on societies, changing not only how individuals and businesses navigate, operate and seek opportunities, but also as regards relations between government and the citizenry. However, the rapid pace of this development implies that digital technologies are being put to use before good, functional regulatory mechanisms have been developed and installed. The resultant shortcomings – in state mechanisms, institutions, coordination mechanisms, private mechanisms, general awareness, public knowledge and skills – open the door to new kinds of vulnerabilities. Herein lie dangers, but also opportunities for donor/recipient country exchange. Instead of adding to the already substantial literature on the potential dividends, this article examines a less studied issue: the new societal vulnerabilities emerging from digitalisation in developing countries. While there is wide agreement about the need to bridge the gap between the connected and the disconnected, the pitfalls are many.
Upholding the NATO cyber pledge Cyber Deterrence and Resilience: Dilemmas in NATO defence and security politics
This Policy Brief clarifies the key concepts of traditional deterrence and explores how these apply to cyber deterrence for the NATO alliance. Firstly a range of problems inherent to cyberspace itself and to the translation of existing deterrence models to this domain are identified. Secondly a range of alternative and complementary approaches to deterrence are proposes that can assist in developing a new framework for conceptualizing NATO Alliance cyber deterrence. A rethinking cyber deterrence as a condition of success or failure is argued for: cyber deterrence must be reframed as an ongoing process, utilizing national and Alliance resources from multiple domains as a means to establish deterrence and resilience. It is argued that traditional models of deterrence, drawn from the nuclear and conventional deterrence thinking of many decades’ standing, are inadequate for addressing the challenge of deterring cyber threats in the 21st century. The dynamism of the environment, the range of threats, the multiplicity of state and non-state actors, and the technical challenges of attribution – all require a reorientation of deterrence posture and practice. This reconceptualization must focus on cyberspace itself in an intensification of attention to its idiosyncrasies, but should also be open to a relaxation of orthodoxy in its incorporation of new outlooks and ideas, some of which may strain the established boundaries of deterrence theory. Full text Policy Brief online version: http://www.nupi.no/en/About-NUPI/Projects-centres-and-programmes/Cyber-Security-Centre/Upholding-the-NATO-cyber-pledge
China's Cyber Sovereignty
This policy brief analyses China’s ambitions for imposing and strengthening the concept of cyber sovereignty in international negotiations on topics related to cybersecurity and Internet governance (IG). The presentation proceeds through four interconnected steps: 1. brief introduction and background to the Chinese ‘cyber sovereignty’ concept. 2. China’s role in defining, developing, and promoting this concept in international politics. 3. international responses to the Chinese use of the concept of cyber sovereignty, and how this should be seen in conjunction with current trends in Chinese foreign-policy strategies. 4. the use of cyber sovereignty in diplomacy, and how China uses this concept to counter Western dominance in cyberspace. Thus, the policy brief offers a brief examination of how the Chinese idea of state sovereignty in cyberspace influences how China positions itself in international negotiations with regard to issues such as security, economy and trade, and soft power (diplomacy/governance).
Det frie internettet er under angrep
Kronikk: Kina og Russland prøver allerede å ta kontroll over «sitt» internett. Vil Vesten nå, etter USA-hackingen og foran vårens valg i Europa, følge etter?
Makt og avmakt i cyberspace: hvordan styre det digitale rom?
Et sikkert cyberspace er nødvendig for en fungerende samfunnsstruktur, økonomisk, politisk og sosialt. Med samfunnets økende avhengighet av cyberspace for å kunne fungere normalt, har sikringen av cyberspace blitt stadig viktigere. For å løse sikkerhetsutfordringene knyttet til utviklingen av cyberspace har stater søkt støtte fra private aktører gjennom såkalte multistakeholder-initiativer. Med slike initiativer mener man en åpen form for samarbeid mellom interessenter, basert på en idé om likeverdige partnere. Stater iverksetter slike initiativer ut fra en tanke om at et samarbeid mellom private og offentlige aktører gir den beste formen for styring og sikring av aktiviteter i cyberspace. Implementeringen foregår imidlertid uten at de nødvendige forutsetningene for at en slik styringsform skal fungere er til stede. Selv om mange i dagens akademiske debatt stiller spørsmål ved om disse initiativene fungerer, er det få som har stilt spørsmål ved hvordan cybersikkerhet kan utøves i praksis. Dette fører til at man overser det sentrale spørsmålet om hvordan maktdynamikken mellom offentlig og privat sektor fungerer med henblikk på sikkerhet i cyberspace. Denne artikkelen diskuterer hvorvidt multistakeholder-initiativene faktisk fungerer som en kontroll- og styringsmekanisme i cyberspace. Ved å se nærmere på offentlig-privat samarbeid om cybersikkerhet i Norge er hensikten å gi en bedre forståelse av årsakene til at multistakeholder-initiativer ofte ikke fungerer i praksis.
Trusselen fra cyberspace
Cyberangrep øker i omfang verden over. Norge er et av verdens mest digitaliserte land og dermed spesielt utsatt, men dette blir i stor grad oversett av politikere og næringslivsledere.
Teach a person how to surf: Cyber security as development assistance
Much policy literature on digitalization and development has focused on the importance of connecting developing countries to digital networks, and how such technology can expand access to information for billions of people in developing countries, stimulating economic activity, collaboration and organizations. Good connection to digital networks may have a fundamental impact on societies, changing not only how individuals and businesses navigate, operate and seek opportunities, but also as regards relations between government and the citizenry. Instead of adding to the substantial literature on the potential dividends, this report examines a less studied issue: the new societal vulnerabilities emerging from digitalization in developing countries. While there is wide agreement about the need to bridge the gap between the connected and the disconnected, the pitfalls are many, especially concerning cyber security, a topic often neglected, also in the recent World Bank report Digital Dividends (2016). The present report is an attempt at redressing this imbalance.
Conflict in Cyber Space: Theoretical, strategic and legal perspectives
Adopting a multidisciplinary perspective, this book explores the key challenges associated with the proliferation of cyber capabilities. Over the past two decades, a new man-made domain of conflict has materialized. Alongside armed conflict in the domains of land, sea, air, and space, hostilities between different types of political actors are now taking place in cyberspace. This volume addresses the challenges posed by cyberspace hostility from theoretical, political, strategic and legal perspectives. In doing so, and in contrast to current literature, cyber-security is analysed through a multidimensional lens, as opposed to being treated solely as a military or criminal issues, for example. The individual chapters map out the different scholarly and political positions associated with various key aspects of cyber conflict and seek to answer the following questions: do existing theories provide sufficient answers to the current challenges posed by conflict in cyberspace, and, if not, could alternative approaches be developed?; how do states and non-state actors make use of cyber-weapons when pursuing strategic and political aims?; and, how does the advent of conflict in cyberspace challenge our established legal framework? By asking important strategic questions on the theoretical, strategic, ethical and legal implications and challenges of the proliferation of cyber warfare capabilities, the book seeks to stimulate research into an area that has hitherto been neglected. This book will be of much interest to students of cyber-conflict and cyber-warfare, war and conflict studies, international relations, and security studies.
Cyber Security as Development Assistance - Growth and Vulnerability
The importance of digital technology underpins most of the social, economic and political development goals of most donor countries and international organisations today. Cyber Security Capacity Building (CCB), an approach aimed at advancing, cultivating and encouraging growth and stability in developing countries through digitalization, seems set to play an increasingly important role in future foreign policy considerations and government programmes. In the NUPI project ‘Cyber Security Capacity Building (2015-2016) we have mapped out concrete risks and challenges, proposed recommendations for dealing with them, and provided suggestions for implementing the adequate tools effectively. This policy brief presents a summary of the final report, which draws on project reports produced by NUPI related to this project.
Cyber Security Capacity Building: Security and Freedom
The threats associated with ICT are multifaceted. The present report posits that cyber capacity building (CCB) should not be considered simply a risk management endeavor. The potential for malware, cyber attacks, and cyber crime are not the only challenges associated with the rapid spread of ICT. Policymakers must also consider the intersection of technology and politics, particularly in developing countries still transitioning into democracies.
Cyber Security Capacity Building in Developing Countries: challenges and Opportunities
Cyberspace is an intrinsic part of the development of any country. A strong cyber capacity is crucial for states to progress and develop in economic, political and social spheres. The need to integrate cyber capacity building and development policies has been documented by both the cyber community, academia and policy makers. The investment in securing cyberspace affects the success rate of other policy initiatives as well. However, there is a clear need for a deeper dialogue with the development community and recipient countries in order to better understand how to implement cyber capacities in practice in order to achieve broader development goals. To stimulate the debate on cyber capacity building and its impacton social and economic development worldwide this brief puts forward challenges to implementation. The aim is to set priorities and identify indicators of success and failure. To steer this process a better overview of initiatives and avoid duplication, it is necessary to set up the challenges that both the donors and recipients face. By doing this we move cyber capacity building one step closer to successful implementation.
Cyber Security Capacity Building : Developing Access
This study concentrates on providing the rationale and identifying potential ‘dimensions’ for certain governmental CCB instruments, and what tasks they should cover. The ‘methodological’ dimension includes developing frameworks for assessing and delivering CCB programmes, but also extends to general frameworks for supporting a country’s national cyber security strategy as well as the basic research needed. The ‘technical’ dimension is concentrated on the need to train and support the Computer Emergency Response Team (CERT) and law enforcement capabilities of partner countries. In fact, such initiatives had already been ongoing for many years before the term ‘CCB’ was coined. Thirdly, the existence of ‘infrastructure’ development programmes has long been a feature of international development, albeit without much focus on security concerns. Fourthly, the instrument of overall ‘budgetary support’ can be used for directly funding partner countries’ operational expenses in issues related to cyber security over a prolonged period. The study concludes with some recommendations for policy-makers
Cyber Security Capacity Building in Developing Countries
Cyberspace is an intrinsic part of the development of any country. A strong cyber capacity is crucial for states to progress and develop in economic, political and social spheres. The need to integrate cyber capacity building and development policies has been documented by both the cyber community, academia and policy makers. The investment in securing cyberspace is crucial, as it affects the success rate of other policy initiatives as well. However, there is a clear need for a deeper dialogue with the development community and recipient countries in order to better understand how to implement cyber capacities in practice in order to achieve broader development goals. To stimulate the debate on cyber capacity building and its on social and ecoonomic development worldwide this brief puts forward challenges to implementation. The aim to is to set priorities and identify indicators of success and failure. To steer this process a better overview of initiatives and avoid duplication, it is necessary to set up the challenges that both the donors and recipients face. By doing this we move cyber capacity building one step closer to successful implementation.
Prosjekter
Cybersecurity Capacity Centre for Southern Africa (C3SA)
C3SA undersøker, kartlegger, vurderer og anbefaler tiltak for kapasitetsbygging for cybersikkerhet (CCB) i utviklingsland....
Digital sovereignty and autonomy (GAIA)
NUPI in collaboration with Simula Research Lab will map global data flows and their impact on national autonomy and sovereignty....
Vitenskap, teknologi og fremtidens krigføring
Hvordan er teknologi med på å endre hvordan vi ser på verden og hvordan vi skal handle i den?...
Digitale trusler og demokrati (PRODEM)
Hvordan håndterer stater den økte risikoen for at digitale medier brukes til påvirkning og undergraving av demokratiske prosesser?...
Kritisk digital infrastruktur (KRIDI)
Hvilken rolle skal staten ha i beskyttelsen av privateid digital kritisk infrastruktur? Og hvilke nye utfordringer og problemstillinger møter man?...
Countering Hybrid Warfare (Multinational Capability Development Campaign) (MCDC (CHW))
NUPI leder det internasjonale forskningsprosjektet «Countering Hybrid Warfare» (CHW), hvor spørsmålet om hvordan hybrid krigføring kan møtes står i sentrum....
Cybersecurity Capacity Building 2.0 - Bridging the digital divide and strengthening sustainable development
Dette prosjektet studerer kapasitetsbygging for cybersikkerhet (CCB) og bærekraftigheten til utviklingsprosesser i utviklingsland....
Digitale Sabotasjeangrep mot Norsk Petroleumssektor (DISP)
I dette prosjektet arbeider forskerne med å kartlegge trusselbildet og den historiske bruken av digitale våpen mot kritisk infrastruktur, samt redegjør for problematikk og uklarheter i ansvarsfordelin...
Upholding the NATO cyber pledge: What does cyber deterrence and cyber resilience mean for NATO and Norway?
Prosjektet undersøker hvordan og i hvilken grad avskrekking fungerer i cyberspace, eller om et fokus på resiliens som ny strategi er veien å gå....
Cybersecurity Capacity Building (CCB)
Prosjektet skal se på risikoen knyttet til og utfordringene ved cybersikkerhet i utviklingsland....