Eleven years ago Estonia was the first country in the world to fall under politically motivated cyber-attacks. A lot has changed since then. Cyber-attacks have become a new normality, they target states as well as companies and citizens, they have become global and massive in their scale, they even challenge the genuine political independence. There have been positive developments, including more awareness about cyber-security compared to 11 years ago. Cyber security has become a topic that is discussed at different forums, starting with international organizations and finishing with secondary schools. And still, many questions remain unanswered and are as topical as they were in 2007: applicability of international law, responsibility of states, including for the acts of non-state actors, attribution, defensive and offensive capabilities, international cooperation, role and responsibility of different stakeholders.
Alex Stamos’ keynote at Black Hat USA 2017 addressed, among other things, social skills and diversity - an urging need to include people with different backgrounds, education, culture into the world of cyber security that was for years left to and governed by technical folks.
This is true both at a company level and at a larger scale – on national and international level. States have a unique role in providing security, including cyber security, in applying and interpreting international law etc., but states cannot efficiently do it alone. Despite states’ traditional dominance over national and international security, their role within the overall cyberspace ecosystem is limited. After all, the internet is governed by a complex system of stakeholders, and governments alone cannot decide on all aspects of cyberspace. A space where private sector owns nearly all digital and physical assets; where industry develops and provides online services; where civil society and academia contribute to research and carry the role of watchdogs of democracy.
The keynote will address the lessons learned from 2007, challenges we face in 2018/2019, role of states and other stakeholders, developments in international cooperation and propose some thoughts/ideas for future. The keynote will also introduce the work of the Global Commission on Stability in Cyberspace (GCSC) – as an example of multi-stakeholder model that contributes to international discussion and policy-making.