Moving Forward: Fragmentation, Polarization and Hybridity in Cyberspace | Online Conference | 10-12 November 2020
Register for free now

< Return to program overview

Panel 5


‘How it applies’: international law and responsible state behaviour in cyberspace

Dennis Broeders

Dennis Broeders (@DennisBroeders) is Associate Professor of Security and Technology and Senior Fellow of The Hague Program for Cyber Norms at Institute of Security and Global Affairs of Leiden University. His research and teaching broadly focuses on the interaction between security, technology and policy, with specific areas of interest in cyber security governance, internet governance, surveillance and Big Data and security studies. He teaches in the Bachelor program Security Studies and in the master program at the Cyber security Academy.

He is the author of the book The Public Core of the Internet (Amsterdam University Press, 2015) and has contributed to the national and international debate on cyber security and international norms in many different fora, including the UN Geneva, the IGF, CyFy and CyCon. He has provided input into policy processes such as the Sino-EU cyber dialogue and the UN GGE.

He has held visiting fellowships at the Social Science Center WZB in Berlin (2008), and the Oxford Internet Institute (2011). Prior to joining ISGA he was a senior research fellow at the Netherlands Scientific Council for Government Policy.

In addition to his appointment at Leiden University he was professor of Technology and Society at the department of Public Administration and Sociology of the Erasmus University Rotterdam (until 1 November 2018).

Els de Busser

Dr. Els De Busser is Assistant Professor Cyber Security Governance at the Institute of Security and Global Affairs and Educational Director of the Cyber Security Academy, both at Leiden University, the Netherlands. She is a researcher in the The Hague Program for Cyber Norms and a lecturer in the Bachelor in Safety and Security Studies, Master Crisis and Security Management and Executive Master Cyber Security, Leiden University.

Her research is focused on cyber security, data protection, European and international cooperation and information exchange in criminal matters especially in the transatlantic relationship, accompanied by a list of publications. She is a frequent speaker at international events and guest lecturer on these topics.

She is Deputy Secretary-General of the International Association of Penal Law (AIDP) and a member of the Standing Committee of Experts on International Immigration, Refugee and Criminal Law (Meijers Committee).

Her book Data Protection in EU and US Criminal Cooperation (Maklu, 2009) was awarded with the 2014 Siracusa Prize for Young Penalists by the Association Internationale de Droit Pénal (AIDP) and the Siracusa International Institute for Criminal Justice and Human Rights.

Fabio Cristiano

Fabio Cristiano (@cristiano_fab) is a post-doctoral researcher at the Institute of Security and Global Affairs at Leiden University

Fabio’s research and teaching broadly lies at the intersection of critical security studies and international relations theory, with a specific interest for automation, autonomy, and international norms in the context of cyber and information warfare. Other areas of interest include cyber diplomacy, digital rights, blockchain technology, and digital pedagogy. Fabio has published on a wide array of topics, such as national cybersecurity policies, cyberwar game simulations, internet access as human right, augmented reality videogames, cyborg theory, aesthetics by algorithms, and more.

Tatiana Tropina

Tatiana Tropina (@gap_the_mind) is an Assistant Professor in Cybersecurity Governance at the Institute of Security and Global Affairs at Leiden University

Dr. Tatiana Tropina is Assistant Professor in cybersecurity governance at the Institute of Security and Global Affairs, Leiden University. Previously, she worked as a senior researcher at the Max Planck Institute for Foreign and International Criminal Law in Freiburg, Germany. She has more than 15 years of experience in academic research, policy and advocacy in the field of cybercrime, cybersecurity, ICT regulation and Internet governance, including several years of volunteer involvement in policy-making and Internet governance processes at ICANN, Freedom Online Coalition Advisory Network, and European Dialogue on Internet Governance.

The projects she worked on at the international level include a cybercrime study for the Global Symposium of Regulators (ITU, 2010), UNODC Comprehensive Cybercrime Study (2012-2013), research on the illicit financial flows and digital technologies for the World Bank’s World Development Report 2016, project with German Federal Criminal Police Office on improving mutual legal assistance on interception of electronic communications in the EU (2015-2018), and others.

Tatiana holds a doctoral degree in criminal law and criminology from the Far Eastern Federal University (Russia) and a Master’s degree from the University of Strathclyde, UK.



Revisiting past cyber operations in light of new cyber norms and interpretations of international law: Inching towards lines in the sand?

This article traces the evolution of interpretations of international law and international cyber norms on responsible state behaviour in cyberspace by reassessing five major - and allegedly state-led - cyber operations: Stuxnet 2010, Belgacom 2013-2014, Ukrainian power grid 2015, US Presidential election 2016, and NotPetya 2017. Taking recent normative developments and emerging state practices as primary points of reference, it investigates how the current normative landscape can shed light on the nature, (il)legitimacy, and (il)legality of these past operations. For each case, the analysis engages with i) the elements triggering the violation of norms, principles, and international law; ii) the legal and normative significance of recent sources of norms and interpretations of international law; and iii) the legal and political obstacles still laying beyond their application. Taken together, the reassessment of these cyber operations reveals how, in hindsight, the international community has come a long way in calibrating its normative language and practices in calling out irresponsible behaviour in cyberspace. With states taking small, but unprecedented, steps through public attributions and statements on international law in cyberspace, most of the analyzed past cyber operations would arguably feature an attribution under the current state of play. At the same time, substantial differences in national interpretations of international law continue to stand in the way of clarity on the terms of its application. In this light, this article ultimately suggests that cyber norms and the interpretations of international law require further granularity to become ‘lines in the sand’.