The rapid growth in the Asia-Pacific’s economic and political power has significant implications for global governance. Asia-Pacific countries such as Japan, India and China – and regional bodies such as ASEAN – are increasingly informing, influencing and seeking to shape international standards and norms.

This conference will bring together international law and policy experts to explore the political and legal dynamics affecting economic relations, security challenges and maritime governance in the region.

Given security and prosperity challenges within the region as well as the increasingly complex environment for global governance, to what extent is international law operating as a tool of cooperation in the Asia-Pacific? In which areas is it a source of friction?

And what are the broader implications for global governance including the development of international law?

About the Conference

At a time of geopolitical uncertainty and with multilateralism under pressure, this conference brought together diverse actors to explore the evolving role of international law on critical security and economic issues in the Asia-Pacific. From trade agreements to deep-sea mining, cyberwarfare to territorial disputes, the breadth of the discussion illustrated the growing reach of international law in the region.

Hosted by the International Law Programme and the Asia-Pacific Programme at Chatham House on 27 March 2019, the conference focused on three themes: trade and investment, maritime security and governance, and emerging security challenges. What trends are emerging in terms of engagement with international law in the region, and how can international standards play a greater role in encouraging collaboration and reducing tensions? And, with the eastward shift in geopolitical power, how will Asia-Pacific states shape the future of international law?

A healthy civic space is vital for an enabling business environment. In recognition of this, a growing number of private sector actors are challenging, publicly or otherwise, the deteriorating environment for civic freedoms.

However, this corporate activism is often limited and largely ad hoc. It remains confined to a small cluster of multinationals leaving potential routes for effective coordination and collaboration with other actors underexplored.

This roundtable will bring together a diverse and international group of business actors, civil society actors and foreign policy experts to exchange perspectives and experiences on how the private sector can be involved in issues around civic space. The meeting will provide an opportunity to explore the drivers of – and barriers to – corporate activism, develop a better understanding of existing initiatives, identify good practice and discuss practical strategies for the business community.

This meeting will be the first of a series of roundtables at Chatham House in support of initiatives to build broad alliances for the protection of civic space. 

Attendance at this event is by invitation only. 

PLEASE NOTE THIS EVENT IS POSTPONED UNTIL FURTHER NOTICE. 

The International Criminal Court cannot act when crimes are being genuinely prosecuted in a state. The meeting will discuss whether the ICC complementarity rules apply when a state puts restrictions on the prosecution of war crimes committed in particular circumstances or within a particular time period. In this context, the discussion will also cover the extent to which such restrictions are precluded by international obligations such as those in the Geneva Conventions with regard to the investigation and prosecution of war crimes.

This workshop is the second in a series in the 'Implementing the Commonwealth Cybersecurity Agenda' project. The workshop aims to provide a multi-stakeholder pan-Commonwealth platform to discuss how to take the implementation of the 'Commonwealth Cyber Declaration' forward with a focus on the second pillar of the declaration – building the foundations of an effective national cybersecurity response with eight action points. 

As such, the workshop gathers different project implementers under the UK Foreign and Commonwealth Office’s Cyber Programme, in addition to other key relevant stakeholders from the global level, to explore ongoing initiatives which aim to deliver one or more of pillar two’s action points.

The workshop addresses issues from a global perspective and a Commonwealth perspective and will include presentations from selected partners from different Commonwealth countries.

Summary

• All satellites depend on cyber technology including software, hardware and other digital components. Any threat to a satellite’s control system or available bandwidth poses a direct challenge to national critical assets.
• NATO’s missions and operations are conducted in the air, land, cyber and maritime domains. Space-based architecture is fundamental to the provision of data and services in each of these contexts. The critical dependency on space has resulted in new cyber risks that disproportionately affect mission assurance. Investing in mitigation measures and in the resilience of space systems for the military is key to achieving protection in all domains.
• Almost all modern military engagements rely on space-based assets. During the US-led invasion of Iraq in 2003, 68 per cent of US munitions were guided utilizing space-based means (including laser-, infrared- and satellite-guided munitions); up sharply from 10 per cent in 1990–91, during the first Gulf war. In 2001, 60 per cent of the weapons used by the US in Afghanistan were precision-guided munitions, many of which had the capability to use information provided by space-based assets to correct their own positioning to hit a target.
• NATO does not own satellites. It owns and operates a few terrestrial elements, such as satellite communications anchor stations and terminals. It requests access to products and services – such as space weather reports and satellite overflight reports provided via satellite reconnaissance advance notice systems – but does not have direct access to satellites: it is up to individual NATO member states to determine whether they allow access.
• Cyber vulnerabilities undermine confidence in the performance of strategic systems. As a result, rising uncertainty in information and analysis continues to impact the credibility of deterrence and strategic stability. Loss of trust in technology also has implications for determining the source of a malicious attack (attribution), strategic calculus in crisis decision-making and may increase the risk of misperception.

Summary

• The application of ‘security by design’ in nuclear new builds could provide operators with the opportunity to establish a robust and resilient security architecture at the beginning of a nuclear power plant’s life cycle. This will enhance the protection of the plant and reduce the need for costly security improvements during its operating life.
• Security by design cannot fully protect a nuclear power plant from rapidly evolving cyberattacks, which expose previously unsuspected or unknown vulnerabilities.
• Careful design of security systems and architecture can – and should – achieve levels of protection that exceed current norms and expectations. However, the sourcing of components from a global supply chain means that the integrity of even the most skilfully designed security regime cannot be guaranteed without exhaustive checks of its components.
• Security by design may well include a requirement for a technical support organization to conduct quality assurance of cyber defences and practices, and this regime should be endorsed by a facility’s executive board and continued at regular intervals after the new build facility has been commissioned.
• Given the years it takes to design, plan and build a new nuclear power plant, it is important to recognize that from the point of ‘design freeze’ onwards, the operator will be building in vulnerabilities, as technology continues to evolve rapidly while construction fails to keep pace with it. Security by design cannot be a panacea, but it is an important factor in the establishment of a robust nuclear security – and cybersecurity – culture.

As countries move towards the fifth generation of mobile broadband, 5G, the United States has been loudly calling out Huawei as a security threat. It has employed alarmist rhetoric and threatened to limit trade and intelligence sharing with close allies that use Huawei in their 5G infrastructure.

While some countries such as Australia have adopted a hard line against Huawei, others like the UK have been more circumspect, arguing that the risks of using the firm’s technology can be mitigated without forgoing the benefits.

So, who is right, and why have these close allies taken such different approaches?

The risks

Long-standing concerns relating to Huawei are plausible. There are credible allegations that it has benefitted from stolen intellectual property, and that it could not thrive without a close relationship with the Chinese state.

Huawei hotly denies allegations that users are at risk of its technology being used for state espionage, and says it would resist any order to share information with the Chinese government. But there are questions over whether it could really resist China’s stringent domestic legislation, which compels companies to share data with the government. And given China’s track record of using cyberattacks to conduct intellectual property theft, there may be added risks of embedding a Chinese provider into critical communications infrastructure.

In addition, China’s rise as a global technological superpower has been boosted by the flow of financial capital through government subsidies, venture and private equity, which reveal murky boundaries between the state and private sector for domestic darlings. Meanwhile, the Belt and Road initiative has seen generous investment by China in technology infrastructure across Africa, South America and Asia.

There’s no such thing as a free lunch or a free network – as Sri Lanka discovered when China assumed shares in a strategic port in return for debt forgiveness; or Mexico when a 1% interest loan for its 4G network came on the condition that 80% of the funding was spent with Huawei.

Aside from intelligence and geopolitical concerns, the quality of Huawei’s products represents a significant cyber risk, one that has received less attention than it deserves.

On top of that, 5G by itself will significantly increase the threat landscape from a cybersecurity perspective. The network layer will be more intelligent and adaptable through the use of software and cloud services. The number of network antennae will increase by a factor of 20, and many will be poorly secured ‘things’; there is no need for a backdoor if you have any number of ‘bug doors’.

Finally, the US is threatening to limit intelligence sharing with its closest allies if they adopt Huawei. So why would any country even consider using Huawei in their 5G infrastructure?

Different situations

The truth is that not every country is free to manoeuvre; 5G technology will sit on top of existing mobile infrastructure.

Australia and the US can afford to take a hard line: their national infrastructure has been largely Huawei-free since 2012. However, the Chinese firm is deeply embedded in other countries’ existing structures – for example, in the UK, Huawei has provided telecommunications infrastructure since 2005. Even if the UK decided tomorrow to ditch Huawei, it cannot just rip up existing 4G infrastructure. To do so would cost a fortune, risk years of delay in the adoption of 5G and limit competition in 5G provisioning.

As a result, the UK has adopted a pragmatic approach resulting from years of oversight and analysis of Huawei equipment, during which it has never found evidence of malicious Chinese state cyber activity through Huawei.

At the heart of this process is the Huawei Cyber Security Evaluation Centre, which was founded in 2010 as a confidence-building measure. Originally criticized for ‘effectively policing itself’, as it was run and staffed entirely by Huawei, the governance has now been strengthened, with the National Cyber Security Centre chairing its oversight board.

The board’s 2019 report makes grim reading, highlighting ‘serious and system defects in Huawei’s software engineering and cyber security competence’. But it does not accuse the company of serving as a platform for state-sponsored surveillance.

Similar evidence-based policy approaches are emerging in other countries like Norway and Italy. They offer flexibility for governments, for example by limiting access to some contract competition through legitimate and transparent means, such as security reviews during procurement. The approaches also raise security concerns (both national and cyber) to a primary issue when awarding contracts – something that was not always done in the past, when price was the key driver.

The UK is also stressing the need to manage risk and increase vendor diversity in the ecosystem to avoid single points of failure. A further approach that is beginning to emerge is to draw a line between network ‘core’ and ‘periphery’ components, excluding some providers from the more sensitive ‘core’. The limited rollouts of 5G in the UK so far have adopted multi-provider strategies, and only one has reportedly not included Huawei kit.

Managing the risks to cyber security and national security will become more complex in a 5G environment. In global supply chains, bans based on the nationality of the provider offer little assurance. For countries that have already committed to Huawei in the past, and who may not wish to be drawn into an outright trade war with China, these moderate approaches offer a potential way forward.

Cyber security is a vital part of the national and international strategic infrastructure and weapons systems. The increasing cyber capabilities of countries such as China, Russia and North Korea put the North Atlantic Treaty Organization’s (NATO’s) nuclear systems - capabilities that include nuclear command, control and communication, weapons systems and early warning systems - in danger.

There is an urgent need to study and address cyber challenges to nuclear assets within NATO and in key NATO countries. Greater awareness of the potential threats and vulnerabilities is key to improving preparedness and mitigating the risks of a cyber-attack on NATO nuclear weapons systems.

Chatham House produces research responding to the need for information on enhancing cybersecurity for command, control and communications. This project constitutes the beginning of the second phase of the Cyber Security of Nuclear Weapons Systems: Threats, Vulnerabilities and Consequences, a report published in January 2018 in partnership with the Stanley Foundation.

The project responds to the need both for more public information on cyber risks in NATO’s nuclear mission, and to provide policy-driven research to shape and inform nuclear policy within NATO member states and the Nuclear Planning Group.

This project is supported by the Ploughshares Fund and the Stanley Foundation.

Understanding the complexity and the wickedness of the situation allows analysts and strategic planners to approach these complex and intractable issues in new and transformative ways – with a better chance of coping or succeeding and reducing the divisions between experts.

Using complexity theory, a complex adaptive system representing the international system and its interaction with the environment can be represented through an interactive visualization tool that will aid thought processes and policy decision-making. 

Until recently, analysts did not have the tools to be able to create models that could represent the complexity of the international system and the role that nuclear weapons play. Now that these tools are available, analysts should use them to enable decision-makers to gain insights into the range of possible outcomes from a set of possible actions.

This programme builds on work by Chatham House on cyber security and artificial intelligence (AI) in the nuclear/strategic realms.

In order to approach nuclear weapons as wicked problems in a complex adaptive system from different and sometimes competing perspectives, the programme of work involves the wider community of specialists who do not agree on what constitutes the problems of nuclear weapons nor on what are the desired solutions.

Different theories of deterrence, restraint and disarmament are tested. The initiative is international and inclusive, paying attention to gender, age and other aspects of diversity, and the network of MacArthur Grantees are given the opportunity to participate in the research, including in the writing of research papers, so that the complexity modelling can be tested against a wide range of approaches and hypotheses.

In addition, a Senior Reference Group will work alongside the programme, challenging its outcome and findings, and evaluating and guiding the direction of the research.

This project is supported by the MacArthur Foundation.

The World Health Organization, US Department of Health and Human Services, and hospitals in Spain, France and the Czech Republic have all suffered cyberattacks during the ongoing COVID-19 crisis.

In the Czech Republic, a successful attack targeted a hospital with one of the country’s biggest COVID-19 testing laboratories, forcing its entire IT network to shut down, urgent surgical operations to be rescheduled, and patients to be moved to nearby hospitals. The attack also delayed dozens of COVID-19 test results and affected the hospital’s data transfer and storage, affecting the healthcare the hospital could provide.

In the UK, the National Health Service (NHS) is already in crisis mode, focused on providing beds and ventilators to respond to one of the largest peacetime threats ever faced. But supporting the health sector goes beyond increasing human resources and equipment capacity.

Health services ill-prepared

Cybersecurity support, both at organizational and individual level, is critical so health professionals can carry on saving lives, safely and securely. Yet this support is currently missing and the health services may be ill-prepared to deal with the aftermath of potential cyberattacks.

When the NHS was hit by the Wannacry ransomware attack in 2017 - one of the largest cyberattacks the UK has witnessed to date – it caused massive disruption, with at least 80 of the 236 trusts across England affected and thousands of appointments and operations cancelled. Fortunately, a ‘kill-switch’ activated by a cybersecurity researcher quickly brought it to a halt.

But the UK’s National Cyber Security Centre (NCSC), has been warning for some time against a cyber attack targeting national critical infrastructure sectors, including the health sector. A similar attack, known as category one (C1) attack, could cripple the UK with devastating consequences. It could happen and we should be prepared.

Although the NHS has taken measures since Wannacry to improve cybersecurity, its enormous IT networks, legacy equipment and the overlap between the operational and information technology (OT/IT) does mean mitigating current potential threats are beyond its ability.

And the threats have radically increased. More NHS staff with access to critical systems and patient health records are increasingly working remotely. The NHS has also extended its physical presence with new premises, such as the Nightingale hospital, potentially the largest temporary hospital in the world.

Radical change frequently means proper cybersecurity protocols are not put in place. Even existing cybersecurity processes had to be side-stepped because of the outbreak, such as the decision by NHS Digital to delay its annual cybersecurity audit until September. During this audit, health and care organizations submit data security and protection toolkits to regulators setting out their cybersecurity and cyber resilience levels.

The decision to delay was made to allow the NHS organizations to focus capacity on responding to COVID-19, but cybersecurity was highlighted as a high risk, and the importance of NHS and Social Care remaining resilient to cyberattacks was stressed.

The NHS is stretched to breaking point. Expecting it to be on top of its cybersecurity during these exceptionally challenging times is unrealistic, and could actually add to the existing risk.

Now is the time where new partnerships and support models should be emerging to support the NHS and help build its resilience. Now is the time where innovative public-private partnerships on cybersecurity should be formed.

Similar to the economic package from the UK chancellor and innovative thinking on ventilator production, the government should oversee a scheme calling on the large cybersecurity capacity within the private sector to step in and assist the NHS. This support can be delivered in many different ways, but it must be mobilized swiftly.

The NCSC for instance has led the formation of the Cyber Security Information Sharing Partnership (CiSP)— a joint industry and UK government initiative to exchange cyber threat information confidentially in real time with the aim of reducing the impact of cyberattacks on UK businesses.

CiSP comprises organizations vetted by NCSC which go through a membership process before being able to join. These members could conduct cybersecurity assessment and penetration testing for NHS organizations, retrospectively assisting in implementing key security controls which may have been overlooked.

They can also help by making sure NHS remote access systems are fully patched and advising on sensible security systems and approved solutions. They can identify critical OT and legacy systems and advise on their security.

The NCSC should continue working with the NHS to enhance provision of public comprehensive guidance on cyber defence and response to potential attack. This would show they are on top of the situation, projecting confidence and reassurance.

It is often said in every crisis lies an opportunity. This is an opportunity for the UK government to show agility in how it deals with cyber threats and how it cooperates with the private sector in creating cyber resilience.

It is an opportunity to lead a much-needed cultural change showing cybersecurity should never be an afterthought.

The study of secrecy and spies remain subjects dominated by Anglo-American experiences. In recent years there has been some effort to refocus the lens of research upon ‘intelligence elsewhere’, including the global South. This is partly because of intense interest in the Arab Spring and ‘managed democracy’, placing a wider range of secret services under the spotlight. However, the approach to research is still dominated by concepts and methods derived from studying the English-speaking states of the ‘Five Eyes’ alliance and their European outriders. This article calls for a re-examination of research strategies for Intelligence Studies and for those theorizing surveillance, suggesting that both fields have much to learn from area studies and development studies, especially in the realm of research practice and ethics. If the growing number of academics specializing in intelligence genuinely wish to move forward and examine the global South they will need to rethink their tool-kit and learn from other disciplines. We suggest there is a rich tradition to draw upon.

The Chagos archipelago in the Indian Ocean has garnered media attention recently after the UK failed to abide by a UN deadline to return the islands to Mauritius. The US has landed in the middle of the dispute as a 1965 agreement with the UK has allowed the US to establish a military base on one of the islands, Diego Garcia, which has since become instrumental in US missions in the Asia-Pacific and the Middle East. 

In February 2019, an Advisory Opinion of the International Court of Justice (ICJ) found that the Chagos archipelago was unlawfully dismembered from Mauritius, in violation of the right to self-determination and that the United Kingdom is under an obligation to end its administration of the Chagos archipelago ‘as rapidly as possible’. The UN General Assembly subsequently voted overwhelmingly in favour of the UK leaving the islands by the end of November 2019 and the right of the former residents who were removed by the UK to return. The UK does not accept the ICJ and UN rulings and argues that the islands are needed to protect Britain from security threats while Mauritius has made clear the base can remain.

Professor Philippe Sands QC, professor of law at University College London and lead counsel for Mauritius on the ICJ case on Legal Consequences of the Separation of the Chagos archipelago from Mauritius in 1965, will be joining Ambassador Richard Burt, US chief negotiator in the Strategic Arms Reduction Talks with the former Soviet Union for a discussion on the fate of the archipelago including the future of the military base and the right of return of former residents.  

Attendance at this event is by invitation only. 

With two-thirds of the country’s population estimated to be in need of humanitarian aid and one-quarter either internally displaced or living as refugees in neighbouring countries, the Central African Republic (CAR) continues to face serious and complex humanitarian challenges. The country’s forthcoming presidential elections scheduled for December 2020 risk inflaming CAR’s volatile security situation particularly with the return of former leader, François Bozizé, ousted by the Séléka rebel coalition leader, Michel Djotodia, who has also returned from exile.

At this event, Denise Brown will discuss CAR’s current security, humanitarian and development situations and the role of actors such as the United Nations Multidimensional Integrated Stabilization Mission in the Central African Republic (MINUSCA). She will also discuss prospects for much-needed governance reform and reconciliation.

Attendance at this event is by invitation only. 

Using the UK as a case study, this book provides the first systematic exploration of how accountability is understood inside the secret world. It is based on new interviews with current and former UK intelligence practitioners, as well as extensive research into the performance and scrutiny of the UK intelligence machinery.

The result is the first detailed analysis of how intelligence professionals view their role, what they feel keeps them honest, and how far external overseers impact on their work.

The UK gathers material that helps inform global decisions on such issues as nuclear proliferation, terrorism, transnational crime, and breaches of international humanitarian law. On the flip side, the UK was a major contributor to the intelligence failures leading to the Iraq war in 2003, and its agencies were complicit in the widely discredited U.S. practices of torture and 'rendition' of terrorism suspects. UK agencies have come under greater scrutiny since those actions, but it is clear that problems remain.

Secrets and Spies is the result of a British Academy funded project (SG151249) on intelligence accountability.

Open society is increasingly defended by secret means. For this reason, oversight has never been more important. This book offers a new exploration of the widening world of accountability for UK intelligence, encompassing informal as well as informal mechanisms. It substantiates its claims well, drawing on an impressive range of interviews with senior figures. This excellent book offers both new information and fresh interpretations. It will have a major impact.

Richard Aldrich, Professor of International Security, University of Warwick, UK

Gaskarth’s novel approach, interpreting interviews with senior figures from the intelligence world, brings fresh insight on a significant yet contested topic. He offers an impressively holistic account of intelligence accountability—both formal and informal—and, most interestingly of all, of how those involved understand it. This is essential reading for those wanting to know what accountability means and how it is enacted.

Rory Cormac, Professor of International Relations, University of Nottingham

About the author

Jamie Gaskarth is senior lecturer at the University of Birmingham, where he teaches strategy and decision-making. His research looks at the ethical dilemmas of leadership and accountability in intelligence, foreign policy, and defence. He is author/editor or co-editor of six books and served on the Academic Advisory panel for the 2015 UK National Security Strategy and Strategic Defence and Security Review.

Available now: Buying options

Brookings

Browns Books For Students

Eurospan Bookstore

Barnes and Noble

Insights: Critical Thinking on International Affairs