Perry World House hosted a panel to discuss how international law can be applied to cyberspace to regulate the behavior of nations engaging in cyber attacks or violence.
Temple Law School Professor Duncan B. Hollis moderated the Nov. 16 event and was joined by Estonian Ambassador for Cyber Diplomacy Heli Tiirmaa-Klaar to discuss the application of global law to cyberspace and the implementation of cyber norms for state behavior. The event was a part of Perry World House's weekly “The World Today" event series.
The panelists covered discussions that are arising with the recent movement of digitizing infrastructures, like hospitals and governments. Tiirmaa-Klaar recognized that one of the largest challenges has been the increased threats from both proxy groups doing the bidding for nation-states and other cybercrime organizations.
A September cyber attack on a hospital in Dusseldorf knocked out their servers, forcing them to turn away a female patient who later died due to a life-threatening illness, according to The Guardian. The United States has also experienced a sharp rise in cyber attacks targeting hospitals, which have been particularly vulnerable due to the pandemic, CNN reported.
Tiirmaa-Klaar also discussed her work with fellow cyber diplomats in the United Nations and political debates about how to apply international law in cyberspace. Tiirmaa-Klaar participated in a 2018 U.N. panel discussion about how international law regarding self-defense, armed conflict, and sovereignty would apply to cyberspace. There, she said that cyberspace is not lawless and advocated for further discussion about how to apply international law to cyberspace.
Hollis and Tiirmaa-Klaar also discussed attribution, or the accusation of states as perpetrators of cyber attacks, such as when the United Kingdom pointed the finger at Russia for the World Anti-Doping Agency hack in 2018, in which passwords and personal information were published. Tiirmaa-Klaar said some states are now developing national procedures that will clarify this process, with consideration of the technical, political, and legal ramifications of attribution.
Although guidelines for responsible state behaviors in regards to cyberspace were established by the United Nations Group of Governmental Experts in 2015 — which include principles like exchanging information with other states and not using internet technology for "malicious international activity" — Tiirmaa-Klaar believes that there is still a long way to go for global adoption of these cyber norms.
“We have been agreeing on those norms from five years ago, but when we are discussing cyber issues in cyber conferences there are very few people who have knowledge about those norms,” Tiirmaa-Klaar said. “So in a way we are now in a mainstreaming phase with everything cyber diplomacy related.”
Estonia was one of the frontrunners in adopting digitization after several cyber attacks in April of 2007. The country launched the e-Estonia project, which involved digitizing everything from voting to challenging parking tickets, according to the New Yorker. As an early adopter of this technological shift, the nation has been influential in increasing international cooperation in cyberspace — a growing field with now more than 20 cyber diplomats globally, Tiirmaa-Klaar said.