The Stimson Center and the Washington Foreign Law Society
present
Due Diligence in Cyberspace?
Tuesday, March 14, 1:30 pm EST
**Register and submit questions below**
Due diligence has become a hot topic among States. But what is that and what does it obligate a State to do, especially when it comes to malicious actors using many States’ territories to perpetrate a cyberattack? States agreed that they “should not knowingly allow their territory to be used for internationally wrongful acts using ICTs [information and communications technologies] in the UN Group of Governmental Experts’ 2015 final report, but progress has been slow in defining how diligent a State must be to act on this voluntary obligation.
Join the Stimson Center and WFLS in this webinar where former senior US Government executive the Hon. Christopher Ford talks with top experts to explore the controversy and how to move States forward on these issues.
Moderator:
Dr. Christopher Ford is a Visiting Fellow at Stanford University’s Hoover Institution. He previously served as a MITRE Fellow and founding Director of the Center for Strategic Competition (CSC) at the MITRE Corporation. In prior government service, Dr. Ford served as Assistant Secretary of State for International Security and Nonproliferation, also exercising the authorities of the Under Secretary for Arms Control and International Security, and before that as Special Assistant to the President and Senior Director for WMD and Counterproliferation at the U.S. National Security Council.
A veteran of many years as a congressional staffer, Dr. Ford has served at various points on the staffs of the U.S. Senate’s Foreign Relations Committee, Banking Committee, Appropriations Committee, Select Committee on Intelligence, Permanent Select Committee on Investigations, and Governmental Affairs Committee. He is the author of three books – China Looks at the West: Identity, Global Ambitions, and the Future of Sino-American Relations (2015), The Mind of Empire: China’s History and Modern Foreign Relations (2010), and The Admirals’ Advantage: U.S. Navy Operational Intelligence in World War II and the Cold War (2005) – and many articles and monographs. His personal website is https://newparadigmsforum.com.
Panelists:
Mariana Salazar Albornoz is a Professor of International Law, International Humanitarian Law and International Criminal Law at Universidad Iberoamericana in Mexico City. She recently concluded her 4-year mandate as a Member of the Inter-American Juridical Committee of the Organization of American States, where she served as Rapporteur on International Law Applicable to Cyberspace, promoting further transparency and understanding of the topic among the American States. Her last report of the Inter-American Juridical Committee. International Law Applicable to Cyberspace, published in October 2022, can be found here. She also served as Rapporteur on Privacy and Data Protection in the same Committee.
Ms. Salazar is currently a Member of the ICRC’s Global Advisory Board on the Protection of Civilians from Digital Threats during Conflicts, as well as of the Editorial Board of the International Review of the Red Cross. She has been recently appointed by the UN Secretary-General as Member of the Board of the UN Register of Damage Caused by the Construction of the Wall in the Occupied Palestinian Territory. She is an Academic Programs Associate for the Auschwitz Institute for the Prevention of Genocide and Mass Atrocities. Previously, she served for 13 years at the Ministry of Foreign Affairs of Mexico as, among others, Coordinator of International Law. Ms. Salazar holds a Law degree from Universidad Iberoamericana and a master’s degree in International Law from the Graduate Institute of International and Development Studies in Geneva. She is also a member of the International Law Association and of the Mexican Council on Foreign Relations.
Dr. Andraz Kastelic is Lead Cyber Stability Researcher of the Security and Technology Programme at the United Nations Institute for Disarmament Research (UNIDIR) in Geneva, Switzerland. Prior to joining UNIDIR, Andraz held various research positions in different international organizations and research institutions around the world. Andraz holds a PhD in International Law, MA in Diplomacy and speaks 3 languages, including English. He is the author of the UNIDIR publications Due diligence in cyberspace: Normative expectations of reciprocal protection of international legal rights and Non-Escalatory Attribution of International Cyber Incidents: Facts, International Law and Politics, as well as other works.
Host: Giuliana Canè
Giuliana Canè served as President of WFLS until 2021 and continues as a Member of the WFLS Board of Governors. An Italian national, has been appointed by the IDB Board of Executive Directors to serve as the Executive Secretary of the IDB Group Administrative Tribunal, starting on January 19, 2016. Ms. Canè joined the IDB from the World Bank where most recently she was Legal Counsel in the International Centre for Settlement of Investment Disputes (ICSID). Previously, she worked for in various departments of the World Bank Group, including the Investment Climate Advisory Service and the Legal Department (2010-2014 and 2004-2007). Prior to rejoining the World Bank, she worked at the Italian Prime Minister’s Office where she was in charge of the Investment Chapter of the G8 Italian Presidency (2008-2009). She began her legal career with the law firm Baker & McKenzie in Rome (2001 – 2002). Ms. Canè holds degrees from Georgetown University Law Center (LL.M. in International Legal Studies), the College of Europe in Bruges (Master in Law in European legal studies), and LUISS-Guido Carli University, Rome, Italy (Laurea in Giurisprudenza). She is admitted to practice law in the State of New York, the District of Columbia (inactive), the US Supreme Court, and in Italy (inactive). She serves Board Member of Georgetown Law Center European Law Alumni Advisory and served as President of the Washington Foreign Law Society in 2020 and 2021. Since August 2023 she serves as First Ambassador and Chapter leader of the Luiss Alumni Washington DC Chapter. She speaks English, French, Spanish, Italian, and some Portuguese.
Further resources:
A Due Diligence Standard of Attribution in Cyberspace – Tallinn Manual: https://cyberlaw.ccdcoe.org/wiki/Due_diligence
The Oxford Process - https://www.elac.ox.ac.uk/the-oxford-process/
Oxford Institute for Ethics, Law and Armed Conflict - finalreport-bsg-elac-cyberduediligenceininternationallawpdf.pdf
Report of the Inter-American Juridical Committee. Second Report: International Law Applicable to Cyberspace, 21 October 2022: CJI-doc_671-22_rev2_corr1_ENG.pdf (oas.org)
UNIDIR Reports: Due diligence in cyberspace: Normative expectations of reciprocal protection of international legal rights http://unidir.org/duediligence; Non-Escalatory Attribution of International Cyber Incidents: Facts, International Law and Politics http://unidir.org/attribution; International Cooperation to Mitigate Cyber Operations Against Critical Infrastructure https://www.unidir.org/criticalinfrastructure)
UN Reports and Official Statements
UN Group of Governmental Experts 2015 Report A/70/174: https://undocs.org/Home/Mobile?FinalSymbol=A%2F70%2F174&Language=E&DeviceType=Desktop&LangRequested=False
UN Group of Governmental Experts on Advancing Responsible State Behaviour in Cyberspace in the Context of International Security A/76/135, July 2021: https://documents-dds-ny.un.org/doc/UNDOC/GEN/N21/075/86/PDF/N2107586.pdf?OpenElement
States’ Voluntary Contributions on Due Diligence to Group of Governmental Experts Report, A/76/136, July 2021: https://front.un-arm.org/wp-content/uploads/2021/08/A-76-136-EN.pdf
Open-ended Working Group 2021 Final Report and Statements:
https://www.un.org/disarmament/open-ended-working-group/
Open-ended Working Group 2021-25: https://meetings.unoda.org/open-ended-working-group-on-information-and-communication-technologies-2021#:~:text=On%2031%20December%202020%2C%20the,substantive%20sessions%20in%20New%20York. [See documents and statement links at top of page]
Attribution:
A Guide to Cyber Attribution, US Office of the Director of National Intelligence: http://dl.icdst.org/pdfs/files3/db004a6f55f96c056a23fc4efc6a23ac.pdf
Various threat reports:
https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RWMFIi#page=47
https://www.trellix.com/en-us/advanced-research-center/threat-reports/feb-2023.html
https://blog.cyberproof.com/blog/which-countries-are-most-dangerous
https://www.verizon.com/business/resources/T250/reports/dbir/2022-data-breach-investigations-report-dbir.pdf[See MITRE attack flow project with Verizon]
See our related webinar on “Technical Aspects of Attribution”: https://www.stimson.org/event/the-technical-characteristics-of-attribution-how-do-you-know-who-did-it/.
This event is also supported by the DC Bar and the Luiss Alumni Association DC Chapter.