Task Force: Intl. Cybersecurity

University of Washington

Winter 2019

A series of suggestions for creating international cybersecurity policies based on several case studies on the major cyber actors in the current digital era.

For the full report, click here.

What is Task Force?

Task force is the capstone quarter for the Henry M. Jackson School of International Studies at the University of Washington. All undergraduate majors are required to complete task force during their final year.

This task force was led by Dr. Jessica Beyer and focused on international cybersecurity policy. Our task was to conduct case studies of the major cyber actors in the world and come up with possible next steps for coming up with international cybersecurity norms. There are currently no agreed upon cybersecurity norms and the threat of attacks continues to grow every day.

Abstract

Within the last decade, nation-states and their populations have experienced an exponential rise in cyberattacks against critical infrastructure. Cyberattacks are an attractive addition to traditional warfare for adversaries, as nation-state actors who utilize them can more easily evade attribution. However, cybertactics that target critical infrastructure cause the same grave damage as purely kinetic attacks. Developing international cybersecurity norms encourages a more peaceful and collaborative international sphere, averting cyberattacks before they occur.

This report aims to provide a cohesive understanding of a range of nation-state cyber actor types and preferences, investigating what constitutes the basis of each country’s current cyberstrategy and using that as a foundation for understanding each country’s stance towards creating international norms. To do this, we conducted 14 country case studies to understand country preferences in negotiations to develop international cybersecurity norms. Across our cases, we find that country preferences are determined by perspectives on international collaboration, national sovereignty, cybercapability development, and political constraints. We also surveyed existing international agreements and conversations, which signify a common willingness to cooperate in shaping international cybersecurity norms.

Drawing from major findings within case studies and the analysis of existing agreements, this report offers six policy recommendations that nation-states can agree upon to establish effective international cybersecurity norms. Our recommendations to the international community are:

1) Involve as many nation-states as possible in drafting international cybersecurity agreements

2) Reaffirm principles from prior agreements

3) Encourage neutral states or non-cyber powers to coordinate agreements

4) Commit to building national cybersecurity capacity, confidence, and trust

5) Encourage informal dialogue between nation-states

6) Acknowledge the increasing threat of cyberattacks

My role

My role for this project was to conduct the case study for the Islamic Republic of Iran, one of the major offensive actors in terms of cyber. Due to the political climate in the country I ran into the following issues while doing my research:

• Lack of concrete policy information due to secrecy of the Iranian government

• Gaps in information because it is hard to determine actual fault when it comes to cyber

• Issues with documents, as many things are not easily translated into English

Reflection

Although this is not a UX project, I still learned a great deal that I can apply to my work going forward. This was my first major research project and it taught me a great deal about cybersecurity, policy, and how those are impacted by the different regional, cultural, and political norms. It was also a big lesson on collaborating with a big team (15 people) on one deliverable and making sure the style of writing is similar throughout. In the future, I hope to continue working on cybersecurity related projects within my UX career.