This research paper is part of Chatham House’s Project on Cyber Security and Space Security, a multi-year research project within the International Security Department examining the security challenges at the intersection of cyber security and space security. The paper aims to identify and raise awareness of the challenges common to both domains through a compilation of articles by cyber security experts and space security experts that assess each field and consider the linkages between the two.
Part I is made up of a series of country studies in which experts from eight countries (China, France, India, Italy, Japan, Russia, the United Kingdom and the United States), drawn from think tanks, academia and industry, set out their views on their country’s cyber security and space security policies. Part II presents international institution perspectives, with contributors from three major bodies (the European Union, the Organisation for Economic Cooperation and Development and the UN) providing high-level assessments of challenges at the intersection of cyber security and space security.
Among the major security challenges described in the papers that are common to both the cyber and space domains – and all linked to a growing militarization in both sectors – are:
- An ‘escalatory cycle’ of militarization in the cyber and space fields, prompted by the increasing militarization of a small number of states: The militarization of both the cyber and space sectors appears in part attributable to a small number of states’ increasingly militarized actions in these (and other) domains. Other states, responding to a ‘perceived threat’, are thus more likely to ramp up the military aspects of their own cyber and space programmes. This, in turn, prompts an even greater number of states to militarize.
- Lack or inadequacy of national policy documents in the cyber and space realms: The lack or inadequacy of national policy documents in the cyber and space spheres creates opacity concerning state objectives, which in turn fosters ‘ambiguity of intent’ surrounding state actions and renders states more likely to construe other states’ actions as offensive. The absence of such documents also hinders dialogue, reducing prospects for international cooperation.
- Lack or insufficiency of internationally agreed definitions of key terminology in the cyber and space domains: Given that robust definitions are fundamental to the establishment of enduring treaties, the lack or insufficiency of internationally agreed definitions of key cyber security and space security terminology impedes the development of multilateral arms control agreements. It also hinders international cooperation.
- A blurring line between ‘non-military’ and ‘military’ roles in the cyber and space sectors – including a rise in dual-use technologies: The distinction between ‘non-military’ and ‘military’ roles is increasingly blurred in the cyber and space arenas, with many technologies being dualuse. This makes it more difficult to define key terminology (especially that involving warfare), contributing to the lack or inadequacy of internationally agreed definitions. Dual-use technologies also mean that banning certain technologies outright and implementing adequate measures to verify compliance are often unfeasible, leading to difficulties in reaching multilateral arms control agreements. Furthermore, dual-use technologies make it more difficult to ascertain whether a country is developing a military programme in addition to its civilian activities.
- A blurring line between ‘offensive’ and ‘defensive’ actions in the cyber and space fields – or a shifting line to permit increasingly ‘offensive’ activities under the justification of ‘defensive’ activities: The norms of acceptable behaviour in cyber and space are shifting towards the ‘offensive’ end of the spectrum, permitting increasingly offensive activities under the guise of ‘defensive’ ones.
- Asymmetric threats in the cyber and space domains – i.e. ‘offence is easier and cheaper than defence’: The cyber and space fields both face asymmetric threats. This contributes to the increasingly blurred line between ‘offensive’ and ‘defensive’ activities in cyber and space. Technologically, offence is easier and more cost-effective than defence. Geopolitically, the consequence is that highly advanced countries are particularly vulnerable to attack from less developed states (as well as from terrorist groups and other actors).
Devising a flowchart
In identifying and analysing some of the common challenges in the cyber and space domains, the submissions to this paper point to the existence of an escalatory cycle of militarization in both domains, apparently driven by a set of common factors. The paper examines the interactions of these factors, and presents a flowchart that depicts how they relate to one another and to the escalatory cycle.