Shades of grey: cyber intelligence and (inter)national security
In this paper, Dennis Broeders and Camino Kavanagh examine cyber intelligence in the context of national and international security. It is a call for greater attention to cyber-intelligence operations in diplomatic processes relevant to the use of cyberspace/ICTs by states.
- Dennis Broeders, Camino Kavanagh
- 16 October 2023
- Read the full paper here
The paper acknowledges that despite earlier assumptions, cyberspace is less a war fighting domain than one in which there is constant competition between intelligence agencies. It highlights the scope, scale and tenacity of many of the intelligence and intelligence-led cyber operations discovered over the past decade, each of which has set new precedents in terms of the number of government institutions, businesses and individuals affected, has caused much consternation, yet has led to little discernible action in terms of discussing, let alone agreeing on, possible legal or normative restraints or limits at the international level.
The paper nonetheless highlights some of the normative actions that are slowly taking place at the national level, or in specialised bodies that shape national-level decisions, to place some restraints on the means and methods used in intelligence and intelligenceled cyber operations. It notes that such action often results more from societal pushback to state activity revealed in significant leaks or breaches than from a pre-emptive effort to ensure that intelligence activity is conducted in accordance with existing rules and principles. Some of these developments are important, particularly where privacy, data protection and broader human rights are concerned. And while some such developments have served to provide a legal base for existing activity, in some instances they have resulted in new or reinforced oversight and accountability mechanisms and privacy guardrails. The paper also highlights the increasingly expansive nature of foreign intelligence/counter-espionage legislation in some jurisdictions, and how this contrasts with the limited restraints placed on the cyber-activity of a given state’s own intelligence agencies abroad. It asks whether this expansion of foreign intelligence legislation is resulting from or driving reciprocal action on the part of other states.
Finally, the paper calls for a franker discussion among states on intelligence-led cyber operations and the different types of action (espionage/intelligence collection, covert action) that they consider to fall under that rubric. Such a discussion can start bilaterally or among a small number of states, but at some stage it will need to be broadened. The paper puts forward some suggestions on what such a discussion could focus on.