Forskningsprosjekt
Digital sovereignty and autonomy
Arrangementer
Cyberspace is increasingly distributed thanks to recent advances in cloud computing and higher network capacities. An online service is now a collection of macro-services that are hosted at diverse geographic locations that may be under different jurisdictions. A closer look reveals that services which most nations rely on are not contained within the respective national borders. Examples include services such as Facebook, Google, Whatsapp and PayPal, as well as infrastructures such as DNS, and authentication micro-services that are critical to national services including public services, health and online banking. As these digital services frequently cross boundaries and function globally, technological change undermine and challenge national autonomy and sovereignty. This is seen reflected at the political level, with an increasing number of states invoking the need for national autonomy to impose tighter controls on service placement and Internet connectivity.
Extant research in social science is too heavily focused on the policy side, on strategies and securitization discourses, paying too little attention to the interplay with the technical facet of the Internet. Based on the mapping of digital pathways NUPI will examine how cyber infrastructure augments and undermines national capacity to act, and may challenge national autonomy. NUPI will compare the changing technological realities with existing political assumptions and initiatives through case studies of Norway, Sweden, Estonia and the Netherlands.
Furthermore, we will explore the implications of such recent digital developments on international governance. From the policy perspective, we will investigate whether the digitalized world order leads to more interdependence between states or whether it leads to a higher degree of mistrust in international politics. Our hypothesis is that it leads to both. More specifically, we will study cyber governance and the role of international organizations, NGOs and enterprises. The emergence of new arenas, informal networks, conferences, and multi-stakeholder initiatives, enterprises and NGOs indicates a reduced relevance of organizations like the UN and WTO. The rise of informal structures at the expense of the UN and international organizations is not confined to the digital domain (e.g. G20 ++) but represents a global trend towards power shift to informal arenas with more selective representations, fewer commitments, less legality and authority, but potentially more efficiency.
Prosjektleder
Deltakere
Aktuelt
Cybersikkerhet – bør du bekymre deg?
Hva er det egentlig vi mener når vi snakker om cybersikkerhet?
Podkast: Huawei - en risiko eller ikke?
NUPI og SimulaMet inviterte sikkerhetssjefen i Huawei Norge til debatt om cybersikkerhet.
Prestisjefylt prosjekt til NUPI – skal se på digitalisering og den moderne verdensorden
Et nytt banebrytende, tverrfaglig prosjekt skal se på hvilke sårbarheter som finnes på internett, og hva de politiske følgene er av disse nye utfordringene.
Nye publikasjoner
Hacking democracy: managing influence campaigns and disinformation in the digital age
How are states responding to the threat of using digital technologies to subvert democratic processes? Protecting political and democratic processes from interference via digital technologies is a new and complicated security threat. In recent years the issue has been most prominent in terms of election security, yet the widespread usage of digital technologies allows for the subversion of democratic processes in multifaceted ways. From disrupting the political discourse with false information to inflaming and stoking political divisions digital technologies allows for a variety of ways for malicious actors to target democracies. This article compares different state experiences with interference in sovereign and contested political decisions. More specifically the article compares the Norwegian approach and experience in managing these challenges with those of Finland and the UK. Mapping both how the problem is understood, and the role of previous experiences in shaping public policy.
The role of the UN Security Council in cybersecurity: international peace and security in the digital age
At the 75th anniversary of the United Nations, the UN Security Council is faced with difficult questions about its efficacy, relevance and legitimacy. The leading powers and the permanent members (P5) of the Security Council – China, France, Russia, the UK and the USA – are drawn into a heavy contest over the world order. Power lines are (to be) drawn in an increasingly digital, interconnected and multi-stakeholder society. So far, despite the language from heads of states, global media houses and from leaders of international organizations including NATO and the UN, none of the P5 countries have brought cyber to the UNSC. Other countries – for instance, Lithuania and the Netherlands – have considered introducing cybersecurity issues in the Council, but no action has followed. One of the most recent members-elect, Estonia, has pledged to take the issue up. To stay relevant and act up on its responsibility for international peace and security, the Security Council will have to establish itself vis-à-vis cyber issues. The goal of this chapter is to examine why and how. To what extent do questions pertaining to digital threats and cybersecurity fall within the mandate of the Council and what could it address given the politically tense times among the P5.
Critical communication infrastructures and Huawei
Recently, there have been growing cyber-safety concerns over telecom equipment made by the Chinese vendor Huawei. This has led many countries to ban Huawei from supplying equipment for building the next generation of mobile networks, 5G. Responses from mobile operators and the telecom community in general have been mixed. For instance, many European mobile operators have stated that these concerns are overblown and that such a ban would delay 5G rollout by two to three years in the best case. Moreover, some operators have directly questioned the ability of the other vendors to timely deliver a complete 5G network. However, these claims have mostly not been grounded in empirical data. This paper takes a multi-perspective approach to investigating this problem empirically. We start by categorizing responses from different countries to using Huawei equipment in 5G. We then analyze the importance and readiness of Huawei for supplying 5G equipment. This analysis is based on contributions to standards and patents. We also present a conceptual risk analysis framework to qualitatively evaluate the ability of a single vendor to cause considerable damage to critical communication infrastructures. This model aims at exploring a set of relevant axis. More specifically, we look at potential for harm in different political climates that is peace, crisis and war. Another axis is whether banning a particular vendor from supplying equipment for the upcoming mobile networks generation is useful without having a backward compatible ban. A third axis is the ability of a vendor to cause harm as a function of the type of supplied equipment, for example radio towers vs network management systems. Combining the analysis of readiness for supplying 5G and potential for causing harm allows us to roughly estimate the likely impact that a complete ban would have on 5G rollout in different parts of the world. We find that such a ban can possibly delay 5G by two years or more for operators with high dependence on Huawei. Consequently, we explore potential approaches that would both reduce vendor-related risk and do not significantly delay the rollout of 5G. These include heterogeneous multi-vendor deployments, equipment verification and testing, international collaboration as well as signing non-aggression treaties. Unfortunately, there is no technological solution that fully remedy this problem. Combining technical solutions with efforts to build trust between countries, enforce existing alignments or create new ones seems a promising way forward.
The Politics of Stability: Cement and Change in Cyber Affairs
In November 2018, the Global Commission on the Stability of Cyberspace, inaugurated one year earlier ‘to develop proposals for norms and policies to enhance international security and stability and guide responsible state and non-state behavior in cyberspace’, launched six norms pointing ‘the way to new opportunities for increasing the stability of cyberspace’. However, the Commission has not examined or explained the very concept it was established to explore. Quite the contrary, the Commission argues that its proposed norms will be used to define what cyber stability actually is. Focusing on the interrelationship between international peace and stability, and ways of achieving both in the context of ICTs, the authors will offer a model of stability of cyberspace. They begin by examining the concepts of ‘stability’ and ‘strategic stability’ as understood with regard to international security. This conceptual analysis is followed by a presentation of the political claims of stability expressed in national and international cyber-and information-security discourses. Drawing on the conceptual approaches and the political claims, the report then model the stability of cyberspace in three interlinked and reinforcing dimensions: 1) equal and inclusive international relations; 2) prevention of war: the minimal peace, with emphasis on averting a devastating nuclear war between the superpowers; and 3) the functionality of global and national technical systems and services. After discussing how international law, preventive diplomacy, confidence-building measures, and norms of responsible state behaviour can support cyberspace stability, this report concludes with recommendations for action aimed at helping to create and maintain a stable - resilient and adaptive - cyberspace.
Forebygging av krig og konflikt i cyberdomenet
Cyberdomenet representerer kanskje en av vår tids største trusler mot internasjonal fred og sikkerhet men er viet lite oppmerksomhet hva gjelder forebygging av krig og konflikt. Det er behov for internasjonale forpliktende kjøreregler som hever blikket over IKT-forvaltning, digitalisering og cybersikkerhetstiltak og fokuserer på fredelige relasjoner mellom stater i cyberdomenet. Skal en slik diskusjon ha effekt må den tas i FNs Sikkerhetsråd.