BGF

Boston Global Forum Launches the BGF-G7 Summit Initiative

Marketwired | January 26, 2016

BOSTON, MA and CAMBRIDGE, MA–(Marketwired – January 26, 2016) – Boston Global Forum has introduced the BGF-G7 Summit Initiative, which will cooperate with this year’s G7 host country, Japan, to convene leading scholars and business, government, technology and other leaders to seek solutions to pressing global issues involving peace, security and development.

As a part of the initiative, the BGF-G7 Summit Initiative weekly newsletter has been launched today, Jan. 26, to provide fresh news and commentary from experts around the world.

The G7 represents the seven leading industrial democracies.

Proposals from the initiative will be sent to the national leaders at this year’s G7 Summit, to be held in Japan on May 26-27. Based in Boston and Cambridge, Massachusetts, Boston Global Forum brings together thought leaders from around the globe who participate in forums to discuss critical world issues.

The initiative will include 60-minute-long online dialogues featuring one speaker in each discussion — usually an internationally recognized scholar or government, business or technology leader — who will present his or her perspective on an issue, followed by interactions among 100 discussants of a wide range of ages and backgrounds who will participate online from around the world.

The discussion will continue as participants send questions and opinions to each other by email. Boston Global Forum’s Special Editorial Board will gather the insights and send them to the speaker.

There will be 12 of these dialogues, with the first on Feb. 2 and the final conference to be held on May 9 at the Harvard University Faculty Club, when the most promising ideas from these dialogues will be summarized and then reported to the national leaders meeting in Japan.

This year’s main topic will be Strategies for Combating Cyberterrorism.

Boston Global Forum will also cooperate with the Japanese government in organizing an online dialogue on “The Role of Japan in Peace, Security and Development in the World Today.”

A similar program will be held every year before each G7 summit, in which Boston Global Forum will cooperate with the host country, with a particular issue to be selected as the focus.

Another mission this year will be to promote a sense of global citizenship and mutual responsibility. This project will include collaboration with the Graduate School of Education and Information Studies at the University of California at Los Angeles. The program is titled the Global Citizenship Education for Peace, Security and Development program.

Distinguished moderators at these forums will include former Massachusetts Gov. Michael Dukakis, a co-founder and the chairman of Boston Global Forum; Prof. Joseph Nye, University Distinguished Service Professor at Harvard University, Jose Manual Barroso, former president of the European Commission, and Vaira Vike-Freiberga, former president of Latvia and president of the World Leadership Alliance Club de Madrid.

Other distinguished professors as well as several people named by Time magazine as being among the 100 most influential people in the world, and some people listed by Foreign Policy magazine as among the 100 top global thinkers, will join in building the initiatives.

Boston Global Forum report: Global Cybersecurity Day 2016

Preventing Cyber Conflict: A 21st Century Challenge 

Allan Cytryn, Nazli Choucri, Michael Dukakis, Ryan C. Maness,  Tuan Nguyen, Derek S. Reveron, John E. Savage, and David Silbersweig

At the 2016 G-7 Summit at Ise-Shima, Japan, countries affirmed their commitment to support an open, secure, and reliable cyberspace through the application of international law to state behavior in cyberspace, voluntary norms of responsible state behavior in peacetime, and close cooperation against malicious cyber activity. Absent from formal communiqué were statements on cyber conflict. While cyber-enabled criminal activity and espionage preoccupy cyber discussions today, dozens of countries are building military cyber commands. Given the potential devastation a cyber conflict with advanced cyber weaponry would bring civilian populations; it is essential to develop ways to prevent the proliferation of cyber weaponry. Thus far, states have shown remarkable restraint in using overt cyber weaponry, the exceptions being acts such as Stuxnet and Shamoon. It is important that the international community build upon this restrained behavior and push toward norms that would make their use taboo.

Cyber weapons are new, not well understood, and if not properly controlled, likely to lead to escalation, a process that can lead to serious unexpected consequences, including conventional war. Development costs are minuscule relative to conventional military power and has expanded the range of threats. Differentiating the intent of software designed for espionage from a cyber weapon, designed for sabotage is easily confused that can cause miscalculation. Thus, implantation of foreign software in an adversary’s military or critical infrastructure systems poses a serious threat of both harm and escalation. In a worst-case scenario, if a computer system in question consists of a state’s nuclear weapons command and control center, nuclear conflict may result especially with states locked in unresolved conflict, such as India and Pakistan.

Under the UN Charter, an attack is a use of force, to which states have the right to self-defense. We define a cyber attack to be an action launched via computer and/or networking technology that either produces physical damage equivalent to the use of force or corrupts critical information sufficient to cause damage to the national welfare akin to that produced by the use of force. We define cyber to be a conflict that largely consists of cyber attacks. Given the novelty of cyber conflict and the opportunities for miscalculation, cyber conflict has the potential to lead to conventional conflict using both kinetic and cyberspace technologies. In the event countries think they may lose a capability due to a cyberattack, they could prematurely escalate a conflict through pre-emptive military strikes.

Targets of cyber attacks could be a) a nation’s military command and control system, which includes military satellites, its logistical systems, and one of its major wartime commands; b) its economy, which includes its critical infrastructure such as power, water and banking; or c) operation of its system of governance, including its major agencies and its national electoral system. Whether the damage done by a cyber action arises to the level of force will need to determined. However, loss of GPS during a period of heightened tensions could be considered a use of force, as could the disabling of a significant fraction of the electricity grid of a state under similar circumstances. Altering the outcome of the election of a national executive, an act tantamount to the forceful replacement of the executive, may also rise to a use of force.

Because national economies are much more tightly integrated today than at any previous time in human history, cyber conflict, whether it escalates to kinetic warfare or not, is likely to cause serious economic or political damage to many states. Given how widespread a cyberattack can be impacting telecommunications, banking, and power generations, civilians are at grave risk. Citizens regardless of nationality are exposed to risks created by cyber insecurity. International cooperation is essential and countries must prioritize ways to reduce the risk of cyberwar.

Yet the use of cyber weapons that do physical harm remain rare, and we must promote their non-use further, while at the same time recognizing the proliferation of certain types of acts that continue to have real impact: espionage and disruptive cyber events. Chinese espionage on US intellectual property has had real monetary impacts in the billions of dollars. Russian disruptive campaigns against the electoral processes in the West have sown discontent in institutions among these populations. The prevention of these types of attacks should be at the forefront, as their continued use could lead to retaliation with cyber and conventional weapons, and possibly major power war. The battle over information is being fought now, and measures must be taken to stem its tide.

Progress has been made in this battle. As a result of a bilateral agreement between the United States and China struck in September 2015, the incidence of “theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sectors” has greatly subsided. (See http://www.nbcnews.com/news/us-news/russia-may-be-hacking-us-more-china-hacking-us-much-n664836.)

Risk reduction must begin with identification of critical assets and the risks to which they are exposed. States must then create a system to reduce risks. This will include acquiring the necessary expertise, whether available domestically or not, to reduce software vulnerabilities and cooperate with other nations to improve transparency. This cooperation can take the form of information sharing, bilateral and multilateral agreements, articulation of norms of state behavior, and the creation of risk reduction centers designed to control escalation and equipped with “hot lines” to other national risk reduction centers.

Restraint is strengthened by implementing norms against unacceptable behaviors and creates a more mindful attitude towards using cyber systems. Fostering collective action, which is necessary to protect cyber capabilities needed by individuals, groups, and societies, enhances restraint. There may be a time when the international community establishes an international center to monitor and combat cyber threats, and to coordinate actions to protect computer systems and disrupt non-state actors that operate in cyberspace. States may have to surrender some sovereignty to do this, but it may be reflective of the non-sovereign Internet.

Cyber risk reduction begins with adherence to the GGE Norms (UN A/70/174), the G7 Ise-Shima norms, and the G20 Norms. However, it goes beyond these and should include the following measures:

  • Sharing in depth of best practices to secure computers and networks.
  • Public identification of critical national infrastructure asset classes.
  • National prioritization of assets by value.
  • Reduction of the risk of compromise of high-priority assets.
  • Creation and proper manning of risk reduction centers.
  • Establishment of regular security drills both domestically and with other risk reduction centers.
  • Banning of the implantation of software in another state’s high-value systems during peacetime.
  • Applying the law of armed conflict in cyberspace.
  • Improving attribution through forensics and context.

Cyber attacks present a new danger to the security of states. Thus, states are urgently encouraged to begin discussion of mechanisms to address these issues.

Ethics Code of Conduct for Cyber Peace and Security (ECCC) version 2.0

Governor Michael Dukakis, Mr. Nguyen Anh Tuan, Mr. Allan Cytryn, Prof. Nazli Choucri, Prof. Thomas Patterson, Prof. Derek Reveron, Prof. John E. Savage, Prof. John Quelch, Prof. Carlos Torres.

The Boston Global Forum’s Ethics Code of Conduct for Cyber Peace and Security (ECCC) makes the following recommendations for maintaining the security, stability and integrity of cyberspace.

Net Citizens Should

  • Engage in responsible behavior on the Internet, e.g.
    • Conduct oneself online with the same thoughtfulness, consideration and respect for others that you expect from them, both online and offline
    • Do not visit suspicious websites
  • Learn and apply security best practices, e.g.
    • Update software when notified by vendors.
    • Ensure your PC has virus protection software installed and running.
    • Use strong passwords, change them periodically, and do not share them.
    • Do not transmit personally identifiable information to unknown sites.
    • Maintain a healthy suspicion of email from unknown sources.
    • For web communication use HTTPS instead of HTTP when possible.

 Policy Makers Should

  • Endorse and implement recommendations made by the 2015 UN Group of Government Experts (GGE), the Group of Seven (G7) and the Group of Twenty (G20). Below we summarize the important norms concerning information and communication technologies (ICTs).
    1. [GGE] International law, including the UN Charter, applies online.
    2. [GGE] States should help limit harmful uses of ICTs, especially those that threaten international peace and security.
    3. [GGE] States should recognize that good attribution in cyberspace is difficult to obtain, which means miscalculation in response to cyber incidents is possible.
    4. [GGE] States should not knowingly allow their territory to be used for malicious ICT activity.
    5. [GGE] States should assist other states victimized by an ICT attack.
    6. [GGE] States, in managing ICT activities, should respect the Human Rights Council and UN General Assembly resolutions on privacy and freedom of expression.
    7. [GGE] States should protect their critical infrastructure from ICT threats.
    8. [GGE] A state should not conduct or permit ICT use that damages the critical infrastructure of another state or impairs its operations.
    9. [GGE] States should work to ensure the integrity of the supply chain so as to maintain confidence in the security of ICT products.
    10. [GGE] States should prevent the proliferation of malicious ICT tools and techniques and the use of harmful hidden functions.
    11. [GGE] States should encourage reporting of ICT vulnerabilities and the sharing of remedies for them.
    12. [GGE] States should not knowingly attempt to harm the operations of a computer emergency response team. Nor should it use such a team for malicious international activity.
    13. [G7] No state should conduct or support ICT-enabled theft of intellectual property, trade secrets or other confidential business information for commercial gain.
    14. [G7] If ICT activity amounts to the use of force (an armed attack), states can invoke Article 51 of the UN Charter in response.
    15. [G7] States should collaborate on research and development on security, privacy and resilience.
    16. [G7] States are encouraged to join the Budapest Convention.

 IT Engineers Should

  • Apply best practices in the design, implementation and testing of hardware and software products so as to
    • Avoid ICT vulnerabilities,
    • Protect user privacy and data
  • Make use of the NIST “Framework for Improving Critical Infrastructure Cybersecurity” as a guide for improving the security of critical applications.

Business Firms and Business Leaders Should

  • Take responsibility for handling sensitive corporate data stored electronically.
  • Create employment criteria to ensure that employees are qualified to design and implement products and services that meet high security standards.
  • Ensure that IT engineers are kept abreast of the latest ICT security threats.
  • Implement effective Cyber Resilience in your business.
  • Engage in information sharing of ICT hazards, subject to reasonable safeguards, with other companies in similar businesses.

Educators, Influencers/Institutions Should

  • Teach the responsibilities of net citizens described above, including fostering good behavior and avoidance of malicious activity.
  • Ensure that IT engineers are taught the skills necessary to produce safe, reliable and secure ICT products and services.
  • Educate and lead global citizens to support and implement the ECCC.
  • Create honors and awards to recognize outstanding individuals who contribute greatly to a secure and safe cyberspace.