The Case for Trilateral Cybersecurity Cooperation


The Case for Trilateral Cybersecurity Cooperation

(Part 1 of UK-Japan-US Trilateral Proposal)

By Mihoko Matsubara

cyber-operations-network-cyberwar

The cyber realm is part of a new security framework, extra-regional in nature and in threat. It is therefore fitting that real world allies should create a cyber-partnership to complement their cyber interests. Indeed, all three states have recently launched bilateral cybersecurity dialogues. Since they have many cybersecurity interests in common, and the borderless nature of cyber-threats requires international collaboration, this paper argues that it is more efficient to collaborate trilaterally.

Recommendations:

  • Japan, the UK, and the US should develop a common definition on what constitutes “use of force” in order to legitimize and prompt proportional and necessary retaliation. They should also seek international advocates for an agreed approach.
  • Japan, the UK, and the US should reach a consensus on the area of responsibility (AOR) and a watch list to cover counter cyber-espionage. The three governments will review the AOR and the watch list on a yearly basis to reflect the dynamics of cyber-threats.
  • Japan, the UK, and the US should establish points of contact at relevant ministries or departments to share information on cyber-threats, and also a secure communication method to exchange such information.
  • Japan, the UK, and the US should share information on the methodology of cyber-attacks and alerts on ongoing or potential threats to minimize damages in a timely manner.
  • Japan, the UK, and the US should launch a common system to check supply chain risks and share that information to minimize cyber-espionage and sabotage on government/military equipment and critical infrastructures.

Current levels of dialogue

The three states remain committed to bringing the cyber realm under the auspices of international law. However, under current international legislation, the execution of self-defense requires the “attack” to constitute “use of force” in order to legitimate and prompt proportional and necessary retaliation. In September 2012, Harold Koh, Legal Advisor for the US Department of State, argued, “Cyber activities that proximately result in death, injury, or significant destruction would likely be viewed as a use of force.” If London and Tokyo agree with this principle, the three governments should define a threshold for what kind of “significant” destruction constitutes “a use of force” and set an example for the international community. Such a definition should seek to describe the impact of the destruction in order to justify and decide on a response. Such a definition could ultimately prove useful to other US allies.

Second, all three are concerned about the growing cases of cyber-espionage on industries that relate to national security. High technology-related industries, such as machine tools, chemical industries, and defence industries are all high-value targets of foreign cyber-espionage. The three states are already beginning to develop cooperation in these three areas: in December 2011, Tokyo eased the ban on arms export and indicated its interest in joint development of arms with the UK. In July 2013, the UK and Japan signed a defence equipment cooperation framework and information security agreement[1], indicating that this trend towards closer security cooperation is continuing. Such cooperation, however, is an Achilles’ heel for cyber-attack and requires trilateral detection and protection efforts. Information leaks can erode national security for all three. A prime example of this growing interoperability and the resultant vulnerability is the alleged exfiltration of information on the Lockheed F-35 fighter, which will be procured by all three countries. That China’s military stole data on the design, electronic system, and performance of the aircraft affects the security interests of all three.

Potential areas for deeper coordination

To counter cyber-espionage, both policy and technical approaches are necessary. The governments have to reach a consensus on the AOR and a watch list to cover. This decision-making should be assisted by geopolitical risk analysis and their strategic interests in terms of defense, economy, and social well-being. The governments will review the AOR and the watch list on a yearly basis to reflect the dynamics of cyber threats.

 Information-sharing

 It would be beneficial for the three governments to share the methodology of cyber-attacks and alerts on ongoing or potential threats to minimize damages in a timely manner. To do this, the three governments must establish a procedure and secure communication to exchange such information. They first need to assign a point of contact in relevant departments and ministries and reach an agreement on how to exchange information in a safe manner.

 Supply Chains

 Finally, it is indispensable for the three governments to minimize the risks of supply chains, which may lead to cyber espionage or sabotage on sensitive government/military equipment and critical infrastructures. For example, Bloomberg Businessweek warned in May 2012 that China is the “dominant source” of counterfeit components to the US defense supply chain.[2] Also, the 2012 US congressional report about Huawei and ZTE[3] indicates possible implanting of malicious software, hardware, or kill switches in electronic devices. These reports have made it clear that vulnerable supply chains can lead to cyber espionage and sabotage.

 Given the globalization and limited resources, it is challenging for the three countries to track every single component. Thus, they have to make a priority list on the types of equipment and systems to protect first. At the same time, it is necessary to reach an agreement on how to exchange information and prevent malicious components from going into their systems.

 Regulatory Framework

 London, Tokyo, and Washington must launch a trilateral cybersecurity cooperation framework to protect their shared interests and values and minimize cyber-threats on their critical infrastructures and military and economic strength. At the same time, the three governments should work with their allies and friendly countries to establish an international agreement on what constitutes “uses of force” in cyberspace.

To read this chapter in the original report, please click here.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

The Syrian Intifada

a-shab yurid iskat an-nizam

Jeremy S. Maxie

Energy & Political Risk Consultant

In Pace

Peace in Korea and beyond

southseaconversations 讨论南海

China comments on the South (China) Sea disputes

Christopher Phillips

Academic, Writer, Commentator

tokyocooney

(does america)

Philosophical Politics

political philosophy of current events

Minh Thi's blog

pieces of me

North Korea Leadership Watch

Research and Analysis on the DPRK Leadership

National Post

Canadian News, World News and Breaking Headlines

Quartz

Quartz is a digitally native news outlet for the new global economy.

TIME

Current & Breaking News | National & World Updates

Moscow-on-Thames

Sam Greene - London & Moscow

kirstyevidence

Musings on research, international development and other stuff

The Rights Angle

Francesca Pizzutelli's blog on human rights and human beings

Bayard & Holmes

If you're in a fair fight, you're using poor tactics

Grand Blog Tarkin

A roundtable of strategists from across all space and time.

Sky Dancing

a place to discuss real issues

Oscar Relentos

Welcome to my catharsis

mkseparatistreport

A Blog Focused on Bringing Policy and Chinese language Translations Relating to Separatists and Terrorism

playwithlifeorg

4 out of 5 dentists recommend this WordPress.com site

HarsH ReaLiTy

A Good Blog is Hard to Find

Variety as Life Spice

“Man is least himself when he talks in his own person. Give him a mask and he will tell you the truth.” - Oscar Wilde

KURT★BRINDLEY

writing ★ producing ★ editing

Foreign Policy

the Global Magazine of News and Ideas

Top 10 of Anything and Everything!!!

Animals, Gift Ideas, Travel, Books, Recycling Ideas and Many, Many More

Eleanor Yamaguchi

Specialist in Japanese History and Culture

ABDALLAH ATTALLAH

Futurist | Disruptor | Coach | Reformer

Anglo-Japan Alliance

A new type of alliance

Small House Bliss

Small house designs with big impact

Europe Asia Security Forum

European perspectives on Asian security, and vice-versa

Shashank Joshi

Royal United Services Institute | Harvard University

secretaryclinton.wordpress.com/

A PRIVATE BLOG DEVOTED TO FOREIGN POLICY & THE SECRETARY OF STATE

Adventures in (Post) Gradland

Thoughts on life after the PhD

springdaycomedy

Just another WordPress.com site

James Strong

Junior academic working on British foreign policy

Justice in Conflict

On the challenges of pursuing justice

Politics: Middle East

an analysis of the contemporary middle east

Sino-NK

Sino-NK is a research website for Sinologists and Koreanists.

%d bloggers like this: