Two Day Online Workshop on “Cyber Technologies, Artificial Intelligence and International Security”
in collaboration with
The United Nations Institute for Disarmament Research (UNIDIR), Geneva
The Arms Control and Disarmament Centre (ACDC) at the Institute of Strategic Studies Islamabad (ISSI) organised a Two Day Online Workshop on “Cyber Technologies, Artificial Intelligence and International Security” in collaboration with the United Nations Institute for Disarmament Research (UNIDIR), Geneva on January 24 -25.
On Day 1, the opening session was moderated by Ms Moliehi Makumane, Researcher, UNIDIR while Ambassador Aizaz Ahmad Chaudhry, Director General ISSI, made the opening remarks and said that with global arms races picking up, arms control collapsing, there could be efforts to weaponise these emerging technologies and effective regulations are vital. India is rapidly weaponising the technologies that pose a threat to regional security. In his welcome remarks Dr Robin Geiss, Director, UNIDIR, said that digital transformation is a key driver of military affairs and international security. While the field of new technologies is limitless – two key issues that are prominent at the UN and most challenging need particular attention are – Artificial Intelligence (AI) and cyber technologies. Ambassador Khalil Hashmi, Pakistan’s Permanent Representative to the UN in Geneva, made remarks where he said that while cybersecurity and IA stand out in discussion at the UN for many years, progress remains elusive. These technologies provide huge multiplier effects to existing and new military capabilities. Pakistan has followed a preventive approach whereby it has highlighted that international regulation should be developed promptly.
Session I on “Cybersecurity 101” was moderated by Dr Andraz Kastelic, Researcher, UNIDIR, while speakers were Dr Mehreen Afzal, Associate Professor, Department of Cybersecurity, Air University Islamabad and Dr Samuele Dominioni, Researcher, UNIDIR. Dr Afzal said that key concepts of cybersecurity are espionage and sabotage. The use of technology has made espionage and sabotage easier. She recommended a hybrid approach to deal with cyber threats – a combination of education and effective security controls. Dr Dominioni said that tremendous global digitisation is also increasing cyber risks. Cybersecurity is a complex domain due to security paradox where it is impossible to distinguish between offensive and defensive capabilities, opacity, asymmetry, the problem of attribution.
Session II on “Cybersecurity and UN” was moderated by Dr Tughral Yamin Dean CIPS, NUST, and speakers were Mr Usman Jadoon, Director General, UN Division, Ministry of Foreign Affairs, Pakistan and Ms Moliehi Makumane, Researcher, UNIDIR. Mr Jadoon said that Cyberwarfare has emerged as a new domain of warfare, a new weapon of mass destruction – a challenge that requires a global response. Discussion in the UN framework is facing a stalemate over the issues of “applicability of International Law, including International Humanitarian Law” and “Attribution.” He emphasised the urgent need to formulate acceptable norms for state behaviour, as well as to develop clarity regarding the applicability of existing rules and responsibilities to both states and other stakeholders operating in cyberspace. Ms Makumane said that norms rules, CBMs and capacity building are some of the issues under discussion at the UN but that framework is not legally binding. Malicious use of Information and Communications Technologies (ICTs) is having devastating effects on countries and Member states have called for more regulations vis a vis emerging technologies.
Session III on “Responsible and Coordinated Vulnerability Disclosure” was moderated by Dr Andraz Kastelic, Researcher, UNIDIR, and speakers were Mr Ahmer Bilal Soofi, former Federal Minister for Law, Justice & Parliamentary Affairs and Founding Partner of ABS & Co and Ms Kaja Ciglic, Senior Director, Digital Diplomacy, Microsoft. Mr Soofi provided a comprehensive overview of the procedures for vulnerability disclosure developed by various states like Pakistan and the US. These procedures allow organisations to identify and visualise the threat landscape to accelerate digital transformation and brand protection. These procedures also set the rules of engagement for ethical hackers to discover security flaws and facilitate data exchange. While defining the basic concept and processes of vulnerability disclosure, Ms Kaja Ciglic said that it is about minimising risk for customers, businesses and critical infrastructures. Governments could bring together all stakeholders to raise awareness, increase legal certainty and develop clear principled-based policies.
Session IV on “Global Supply Chains” was moderator Dr Samuele Dominioni, Researcher, UNIDIR. Speakers included Mr Khawaja Ali, Head Technology Strategy, Risk & Governance, National Bank of Pakistan and Ms Anastasiya Kazakova, Senior Manager for Public Affairs, Kaspersky. Ms Kazakova said that the scope of hard, soft and connectivity components of digital technologies is extremely broad and complex. The global supply chains experience a security dilemma where they cannot trust everyone but they have to trust everyone. Attacks like software, firmware and hardware implants on supply chains are further poisoning the existing trust, policy, operational, safety and security mechanisms. Mr Ali said that in addition to supply chains related to hardware and software, the global supply chains of the services sector has been impacted by cyber-attacks. He stressed designing the global norms and treaties for the management of global supply chains. In the closing session of Day 1 Dr Giacomo Persi Paoli, Head of Programme, UNIDIR, made remarks. He said that given the complexity of issues, there is still a lot to discuss and debate to achieve clarity and consensus. The multi-stakeholder approach is the key where governments remain key actor when it comes to policymaking, standard making and legislation for a robust framework to promote peace and stability in cyberspace. However, the private sector has a significant role to play to achieve cybersecurity culture.