Protocol Additional to the Geneva Conventions of 12 August 1949, and relating to

the Protection of Victims of International Armed Conflicts (Protocol 1)

ADOPTED

Strengthening Cybersecurity includes National Cybersecurity Governance (i.e.

Determination of accountabilities, decision-making hierarchies up to Executive level)
re.

a. On matters affecting of National Security

 Key Cybersecurity Concerns: Cyber conflicts, use cases; examples are acts
of cyberwar, cyberespionage, hacktivism; state actors,
 Vis-à-vis cybercrime: transnational/organized crimes; election interference
 Common Ground: Critical infrastructure protection (energy, connectivity)
 (cyber) Terrorism and related terrorist activities

b. Establishment of Active Cyber Defense.

 Synchronized, real-time capability to discover, detect, analyze, and mitigate
threats and vulnerabilities. 
 Military and civilian targets

c. Cyberspace operations & support services

 Notion of cyberspace domain (in the context of NCSP or NSP)
 CICC’s role (advisory, technical assistance, capability building)

d. The military role (Pros and Cons) & cyber command structure, rules of
engagement in peace time
 National priorities
 Presidential adviser

e. Cyber civil defense

The Protocol is intended to ‘extend the rule of law further into cyberspace, protect internet
users, and help provide justice for those who become victims of crime. a imed at
enhancing co-operation and disclosure of a

Principal elements of a comprehensive national cybersecurity strategy

These are the five elements of successful national cybersecurity strategies:

 a dedicated national cybersecurity agency (NCA)

 a National Critical Infrastructure Protection program
 a national incident response and recovery plan
 defined laws pertaining to all cybercrimes
 a vibrant cybersecurity ecosystem

When setting up an NCA, countries can consider design choices, such as:
  Should the agency reside within a defense and intelligence entity or within a civilian
body?
 What level in the government does the agency report to?
 What is the scope of the agency’s control and oversight (for example, does it focus
only on critical infrastructure or also on citizens and small and midsize businesses)?

PDP – Peace and Security; Ensuring Security, Public Order, and Safety

Cyberwarfare Blurs Line between Civilian and Military Targets

Cyberattacks: A threat that unites military and civilian actors?

Hybrid warfare can involve attempts to influence the adversary’s society through
legal means such as purchasing news agencies and strategic infrastructure, as well
as through illegal spreading of mistrust such as undermining free and fair
elections (Comelec expands call on military involvement).

nimize the harm caused by any means and methods of warfare

during armed conflicts, the unique characteristics of cyberspace
as a warfare domain set new challenges in doing so.
Information Crossroads: Intersection of Military and Civilian Interpretations of Cyber Attack and
Defense

Civilian Harm Mitigation and Response Action Plan Fact Sheet

Towards a Cyber Defense Strategy in the Philippines

Military forces use GIS

Alongside these techniques, attacks on critical infrastructure and IT networks are an

increasingly common method of hybrid warfare. They may be used either as a stand-
alone operation or as a prelude to conventional military intervention, as was the case
in Russia’s attack on Ukraine in 2014 (ibid.).

The country's military has developed guidelines for cybersecurity operations

across all units, bringing the protection of cyberspace into line with the
government's other four priorities — land, sea, air and space

NCSP 2028
- Vis-à-vis Cybercrime
- Vis-à-vis NSP 2022
- New, change or enhancing NCSP 2022? Presidential EO to create NCSP
2028
- Implementation through IRR, Cybersecurity Protocols, EO, legislative Agenda
 
SC/14563
29 JUNE 2021

‘Explosive’ Growth of Digital Technologies Creating New

Potential for Conflict, Disarmament Chief Tells Security Council
in First-Ever Debate on Cyberthreats
The explosive growth of digital technologies around the world is opening new potential
domains for conflict and the ability of both State and non-State actors to carry out
attacks across international borders, the United Nations High Representative for
Disarmament Affairs said today as the Security Council held its first-ever open debate on
maintaining peace and security in cyberspace.

Izumi Nakamitsu pointed to a dramatic surge in malicious incidents in recent years,

ranging from disinformation campaigns to the disruption of computer networks,
contributing to diminishing trust and confidence among States.  Particularly at risk is
critical infrastructure — including financial institutions, health-care facilities and energy
grids — which rely heavily on information and communications technology (ICT) to
function.

EOs
 Frequency communication – AFP

‘push button, use cases, dashboard, hierarchies’

The Critical Infrastructure Centre was established in 2017 to coordinate the

management of risks to Australia’s critical infrastructure and deliver more
coordinated national security assessments to inform foreign investment decisions in
significant and complex cases.
3. In 2018, legislative coverage of critical infrastructure security was expanded from
being considered primarily under the Foreign Investment and Takeovers Act 1975, to
include regulation under:
 the Security of Critical Infrastructure Act 2018 (SoCI Act); and
 amendments to Part 14 of the Telecommunications Act 1997, or
Telecommunications Sector Security Reforms (TSSR).

o coordinate the management of risks to Australia’s critical infrastructure and deliver

more coordinated national security assessments to inform foreign investment
decisions in significant and complex cases.

providing the government with the power to declare certain critical

infrastructure assets as Systems of National Significance to which Enhanced
Cyber Security Obligations may apply.

Cyber Issues for Governments to

Consider

What this all means, of course, is that governments all over the world face
major decisions about how they use their military in the course of building
their national cybersecurity strategies. Considerations will need to
include:       

 Given all the variables, how involved should the military be in national
cybersecurity?
 Given the factors in play, how should governments balance their
cybersecurity investments across the military, law enforcement and the
private sector?
 How, if at all, should the military be used to support the private sector?

 What can be done to facilitate international cooperation by non-military

parts of the government?

 How can diplomatic initiatives reduce the need for the military to be used
in domestic cybersecurity?

 How can government act to avoid international disputes over cyber issues
(e.g. responses to Edward Snowden’s revelations about the activities of the
U.S. National Security Agency) that undermine cooperation on
cybersecurity?

The Military Role in National

Cybersecurity Governance
https://www.brookings.edu/articles/the-military-role-in-national-cybersecurity-
governance/

The ADMM Cybersecurity and Information Centre of Excellence (ACICE) was proposed by Singapore
and approved by the 15th ADMM in Jun 2021, to enhance regional cooperation among ASEAN
defence establishments in the cybersecurity and information domains. Given our increasing reliance
on digital and information technologies, the defence sectoral is well-positioned to contribute to
efforts to tackle these common security challenges. The key objectives of the ACICE are to: (a)
function as a node for confidence-building measures, information-sharing and capacity building
among regional militaries; (b) enhance regional cooperation and information sharing, focusing on
cyber security, disinformation and misinformation threats including through the dissemination of
regular and timely reports; and (c) work with international experts to improve collective resilience
against common security threats. The ACICE will host the defence sectoral’s first Malware
Information Sharing Platform, for regional militaries to share unclassified malware information. The
ACICE will also work with the ASCCE to offer training courses to defence sectoral personnel where
relevant.

The Principal Cyber Advisor advises the SECDEF and DSD on cyber related activities that
support or enable DOD's missions in, through, and from cyberspace, in coordination with the
appropriate PSAs.  The PCA leads a Department-level cross functional team that coordinates
and oversees implementation of the DoD Cyber Strategy; assesses cyber programming and
budgeting issues, making recommendation through the Program Budget Review process;
informs Department-level cyber-related budgeting and acquisition processes and forums;
and initiates projects to strengthen DoD's approach to cyber activities and missions.  The
PCA does not have operational responsibilities for DoD operations and is not in the
operational chain of command.

Central to the question of the role of the military in “defending the nation”
against cyber threats is what else governments can do. Traditionally, the
other institution that provides security is law enforcement.  Police and other
law enforcement agencies are often constrained by the laws under which
they operate and the challenges of developing cases that lead to successful
prosecutions. However, in recent years innovative agreements such as the
European Council’s 2001 Convention on Cybercrime (now with 50
signatories across every continent) have made it harder for cyber criminals
to avoid justice by basing themselves outside the country they are stealing
from. Meanwhile, law enforcement like the U.S.’s Federal Bureau of
Investigation are working with international colleagues and major
companies like Microsoft to disrupt the very worst criminals (such as the
takedown earlier this year of the Citadel network botnet used to steal over
$500 million from bank accounts).

Another potential approach for the government is to support the private

sector in providing its own security. This can be as simple as creating an
appropriate incentives structure for information-sharing between
companies or raising basic cybersecurity standards (sometimes through
government regulation). This might also involve more practical help, like
sharing secret intelligence with private sector companies, to improve their
defenses and allow Internet Service Providers to screen out known malware.

It could also involve licensing the private sector to respond to intrusions

themselves, so-called “hacking back.” Currently the law in many countries
does not permit hacking-back and for good reason, namely the risk of
inadvertently putting their own countries on an unwanted and escalatory
path towards conflict. But such approaches have strong advocates and may
 gain traction in future. More positively, government might support the
establishment of additional Computer Emergency Readiness Teams (CERTs)
to coordinate incident response by the private sector.    

Cyber National Security Threats Short of

War

In practice, therefore, the appropriate level of military involvement needs to

be informed by both the dangers to national security and the alternatives
available (including the risk of misemploying the military).  Each nation will
face different considerations. The result, however, might look something
like this:

 The theft of information from government and defense contractors

probably ranks as the most serious threats to national security, and as such,
would almost certainly justify some government action. There are various
possible motivations for such intrusions, including a commercial one, but
they also represent a compromise of future military effectiveness (especially
if the intruder is a potential adversary or is willing to give/sell their
information to one).
 The potential for a devastating attack critical on national infrastructure
(including the finance, energy, transportation, communications and other
economic sectors vital the life of a nation) is another grave concern,
although arguably less immediate a threat than the theft of national
security secrets. While the military might be expected to be ready to
support a response to an attack, in most countries some proportion of
critical infrastructure is in private hands making military approaches less
practical or acceptable. This is an area where the government’s best
approach might be use of economic incentives, including regulation to
improve security levels.
 Commercial espionage, either of intellectual property or sensitive business
information, is another area where military approaches might not be
appropriate. However, given the potential economic impact, especially
when state-backed Advanced Persistent Threat techniques are used, this
type of activity has the potential to significantly destablize international
relationships. Governments could then resort to sanctions or, if under
pressure, to licensed private responses. 

 Fourth, there is the threat of cybercrime. Although not a direct threat, it

could develop into one if left unchecked because of the potential for
terrorists or states to leverage criminal networks.  This is generally not a
role for the military but rather for law enforcement. Their challenge is
deciding whether to disrupt the criminal or to seek prosecutions.

Cyber Issues for Governments to

Consider

What this all means, of course, is that governments all over the world face
major decisions about how they use their military in the course of building
their national cybersecurity strategies. Considerations will need to
include:       

 Given all the variables, how involved should the military be in national
cybersecurity?
 Given the factors in play, how should governments balance their
cybersecurity investments across the military, law enforcement and the
private sector?

 How, if at all, should the military be used to support the private sector?

 What can be done to facilitate international cooperation by non-military

parts of the government?
 How can diplomatic initiatives reduce the need for the military to be used
in domestic cybersecurity?

 How can government act to avoid international disputes over cyber issues
(e.g. responses to Edward Snowden’s revelations about the activities of the
U.S. National Security Agency) that undermine cooperation on
cybersecurity?

Supporters of the Paris Call are therefore committed to working together to:
 Protect critical individuals and infrastructures from malicious cyber activities;
 Protect the availability and integrity of the Internet;
 Prevent interference aimed at undermining electoral processes;
 Defend intellectual property from cyber threats;
 Prevent the proliferation of malicious software and practices;
 Strengthen the security of digital products and processes;
 Improve cyber hygiene for all;
 Prevent non-state actors, including the private sector, from hacking-back;
 Strengthen international norms of responsible behaviour and confidence-
building measures.

 The plan was developed to provide relevant information and steps or
tasks to be performed at the national level on procedures for
detection, response, communication and coordination in the event of
cyberattack for protection of the Critical National Information
Infrastructure (CNII) in critical domains namely; defence and security;
banking and finance; information and communications; energy;
transportation; water; health; government services; emergency
services; and food and agriculture against cyber threats.


 NATIONAL CYBER CRISIS

MANAGEMENT PLAN (NCCMP) The NCCMP
also provides the detailed steps to be implemented by all the parties
involved in national cyber crisis management and it will become the
main reference for Sector Leads and CNII agencies/ organisations in
the development and maintenance of current related Standard
Operating Procedures (SOP) in their agencies/ organisations.