This paper addresses the growing commercialization of cyber intrusion capabilities and the challenges that arise from the availability of these tools in global markets. It proposes a framework of principles for state actors to navigate the complex landscape of cyber intrusion, offering guidance on responsible use, regulation, and intervention. The paper distinguishes between "permissioned" and "unpermissioned" intrusion, emphasizing the need for states to align their policies across markets, separate legitimate cybersecurity practices from malicious use, and ensure adherence to international law and human rights standards. By analyzing state behavior and existing interventions, the paper offers practical strategies for governments to manage the proliferation of commercial cyber intrusion capabilities while safeguarding security and privacy. The work also integrates insights from workshops and expert discussions on this topic, providing a multi-stakeholder perspective. A companion paper, State Permissive Behaviours and Commercial Offensive-Cyber Proliferation, published by RUSI, sets out the evidence drawn on to develop this paper: https://coilink.org/20.500.12592/4cn1pds.
Authors
- Published in
- United Kingdom