Neutrality and Cyberspace

The project explores what neutral countries should or should not do in terms of cyber defence. It analyses the example of Switzerland as a neutral country. Switzerland has an over 200 years old tradition of neutrality policy and has come up with the purest implementation of thereof. Swiss neutrality exceeds the definition of a neutral country in The Hague Convention of 1907.

In particular, the focus of this work is the dilemma between classical defence and neutrality thinking, which is based on territorial boundaries, and the interconnected nature of cyberspace. Furthermore, the knowledge exchange of a neutral country with other entities is intricate: while police level collaboration is common practice, the exchange of expert knowledge (i.e. cyber weapons) can cause a breach in neutrality policy. In cyber security, however, the distinction between police tools, cyber weapons or espionage capabilities is very unclear. Finally, the expected behaviour of a neutral country in and before a cyber conflict relies on international cyber norms and the necessity of the international community to rely on the services of a neutral partner.
The project aims at producing a deep analysis cyber neutrality and a variety of recommendations for the future role of neutral countries in cyberspace. Moreover, it should yield an outline of how such capabilities are developed and maintained.


This project comes under the EPSRC Cyber Security research theme

It is part of the nature of Cyber Security - and a key reason for the urgency in developing new research approaches - that it now is a concern of every section of society, and so the successful CDT will have a very broad impact indeed. We will ensure impact for:

* The IT industry; vendors of hardware and software, and within this the IT Security industry;

* High value/high assurance sectors such as banking, bio-medical domains, and critical infrastructure, and more generally the CISO community across many industries;

* The mobile systems community, mobile service providers, handset and platform manufacturers, those developing the technologies of the internet of things, and smart cities;

* Defence sector, MoD/DSTL in particular, defence contractors, and the intelligence community;

* The public sector more generally, in its own activities and in increasingly important electronic engagement with the citizen;

* The not-for-profit sector, education, charities, and NGOs - many of whom work in highly contended contexts, but do not always have access to high-grade cyber defensive skills.

Impact in each of these will be achieved in fresh elaborations of threat and risk models; by developing new fundamental design approaches; through new methods of evaluation, incorporating usability criteria, privacy, and other societal concerns; and by developing prototype and proof-of-concept solutions exhibiting these characteristics. These impacts will retain focus through the way that the educational and research programme is structured - so that the academic and theoretical components are directed towards practical and anticipated problems motivated by the sectors listed here.