Cyberspace Cooperation
The Global Cooperation in Cyberspace Initiative seeks to reduce conflict, crime and other disruptions in cyberspace and promote stability, innovation and inclusion.
Bruce McConnell Talks NotPetya and Systemic Cyber Risk
EWI Executive Vice President Bruce McConnell appeared on The Security Ledger podcast to discuss how insurers are responding to systemic cyber risk as a result of the NotPetya malware outbreak in 2017.
"The exposure that insurance companies are figuring out is something called "silent cyber"—where cyber is included in a general policy because it's not listed as an exclusion," says McConnell. "This is where people are starting to realize that they should eliminate this vague, grey area in cyber and write the policies explicitly."
Click here to listen to the full podcast.
Click here to read EWI's report Cyber Insurance and Systemic Market Risk, which provides a framework to better understand and address the systemic nature of cyber risk and the challenges it presents to the burgeoning cyber insurance industry.
Beyond Cyber Defense, How Can Cyber Conflict Be Prevented?
On June 20-21, at the International Cybersecurity Congress, EWI’s Bruce McConnell encouraged the international audience to think beyond cyber defense and called on the private sector to take appropriate actions against malicious cyber acts.
EWI’s Executive Vice President Bruce McConnell was a guest speaker at the second International Cybersecurity Congress, which took place from June 20-21 in Moscow. During a session on Legal Environment, McConnell emphasized the risk of destabilization and escalation from state-sponsored cyber attack campaigns. The conference was hosted by Sberbank.
Beyond Cyber Defense
McConnell’s remarks focused on the accountability of malicious actors in cyberspace, which remains one of the key challenges to protect cyberspace. While the international community has been working towards “rules of the road” to restrain the use of cyber weapons, it remains an open question how to effectively enforce them. When states break such rules, common responses include diplomatic outreach and threats, economic sanctions, indictments, public shaming and joint investigations, among others.
“Such techniques are proving ineffective and potentially destabilizing,” McConnell noted. “These methods can create unexpected collateral damage to civilian populations, raising the risk of escalation. In today’s world, state and state-sponsored cyber attack campaigns present a grave threat to the stability and long-term viability of cyberspace.”
Current practices in which major cyber powers put malicious implants in each other’s electric grid and other critical infrastructure paint a grim outlook on the future direction of states’ and actions and responsibility for their behavior in cyberspace. In fact, the more aggressive practices of states are contrary to what many experts have been working towards, include groups like the Global Commission on the Stability of Cyberspace.
Role of the Private Sector
As regards the role of the private sector, McConnell noted that companies, particularly in the ICT industry and operators of critical infrastructure, can play an important role. Essentially, cyberspace is owned and operated by the private sector. The EastWest Institute has been asking how this vantage point can be best leveraged by private firms to take appropriate actions, such as raising the attacker’s cost of conducting an illegal cyber act. For example, ICT companies and Internet service providers can increasingly take steps such as:
- Scan customer devices and request/require them to improve their security;
- Send a notice of findings to the hosting services that the attacker is using;
- Circulate attribution evidence in the community;
- Block or quarantine selected traffic coming from the attacker; and
- Stop doing business with the attacker.
McConnell suggested that any adverse consequences resulting from such actions can be mitigated by legislative protections that states would have to enact.
This year’s Cybersecurity Congress was attended by leading international cybersecurity experts, business leaders as well as senior level government officials from Russia and worldwide and included dignitaries such as the Russian Prime Minister Dmitry Medvedev, who addressed the main plenary on Day 2. The plenary panel also featured the Governor of the Central Bank of Russia Elvira Nabiullina, Herman Gref, CEO, Chairman of the Executive Board, Sberbank, Alois Zwinggi, Member of the Managing Board, Head of the Centre for Cybersecurity, World Economic Forum, Kairat Kelimbetov, Governor, Astana International Financial Centre, and Maxim Akimov, Deputy Prime Minister, Russian Federation.
Global Commission Meeting in The Hague, The Netherlands
The Global Commission on the Stability of Cyberspace will hold its third meeting of 2019 in The Hague, the Netherlands, on June 16-17. The Commission meeting will take place prior to EuroDIG, being held at the World Forum in The Hague from June 19-20.
The Commission will convene in closed sessions on Sunday June 16 and Monday June 17. The GCSC meeting represents another opportunity for the Commission to discuss its proposals, to be included in the GCSC report due by the end of 2019. The conversations in The Hague will be focused on further defining the key components of the cyberstability framework, including underlying principles aimed at supporting international efforts to advance peace and security in cyberspace.
The GCSC will help kick off the EuroDIG conference by holding a Zero-Day event on Tuesday June 18 from 14:30-16:00 (Pre 07: “Global Commission on the Stability of Cyberspace – Towards a Cyberstability Framework). The GCSC is focused on bringing in voices and expertise from the Internet governance, civil rights and technical communities to the traditionally state-led discussions on international peace and security. During this Zero-Day event it looks forward to engaging with the Internet governance community at EuroDIG, shedding further light on how it intends to address gaps in the international cybersecurity architecture and sharing ideas with the participants, soliciting feedback on its proposals and recommendations.
For more information on the GCSC Zero-Day event at EuroDIG on June 18, please follow this link.
For more information on the EuroDIG conference, please follow this link.
EastWest Institute Announces New Distinguished Fellow
The EastWest Institute (EWI) announced today that Dr. Gulshan Rai has joined the team as a Distinguished Fellow. Dr. Rai will contribute toward the institute’s programmatic initiatives working closely with the Global Cooperation in Cyberspace program.
“We take great pleasure in welcoming Dr. Rai, who will prove to be a valuable member of our team,” said Bruce McConnell, EWI executive vice president. “Offering years of experience in both the fields of law and policymaking, we very much look forward to Dr. Rai's contributions and unique insights to our programmatic work on cyberspace security.”
Dr. Gulshan Rai holds a master's degree in technology and doctorate and has over 30 years of experience in different areas of Information Technology, which include different aspects of e-Governance, cybersecurity, cyber laws and several related fields.
He recently retired from government service as the National Cyber Security Coordinator, Government of India in the Office of Prime Minister. Prior to that he was in the Ministry of Electronics & Information Technology. He held the prestigious post of Director General, CERT-In (Indian Computer Emergency Response Team) and headed E-Security & Cyber Law Division, STQC and other Divisions.
Click here to read his full bio.
Dr. Gulshan Rai
Marina Kaljurand Hands Over Chairmanship of the Global Commission
Marina Kaljurand, former Foreign Minister of Estonia, announced during the meeting in Kobe, Japan, that she has handed over the chairmanship of the Global Commission on the Stability of Cyberspace (GCSC). Her chairmanship will be continued by the two Co-Chairs Michael Chertoff and Latha Reddy.
The GCSC Chair was elected to the Estonian Parliament (Riigikogu) as a member of the Social Democratic Party (SDE). In this context, Marina stepped down as GCSC Chair.
“It is sad to no longer chair the Commission” said Marina. “After two years of working together, we have become close friends. I led different delegations and working groups, but this Commission is unique in terms of its composition and level—25 prominent Commissioners representing a wide range of geographic regions as well as government, industry, technical and civil society stakeholders. On the other hand, I am looking forward to becoming a member of the Estonian parliament while remaining a GCSC Commissioner under the leadership of Latha Reddy and Michael Chertoff.”
“Marina’s leadership was crucial in starting the Commission and getting us where we are today” said Co-Chair Latha Reddy, former Deputy National Security Advisor of India. “While we regret to see her go, we are pleased that she will remain with the Commission, and continue to provide us with her insights” said GCSC Co-Chair Michael Chertoff, former U.S. Secretary of Homeland Security.
Alexander Klimburg, Director of the GCSC Secretariat stated that “we are grateful for Marina’s efforts and we hope you will all join us in wishing her the very best in her political life.”
The members of the Commission, The Hague Centre for Strategic Studies, the EastWest Institute, the partners and sponsors of the Commission all want to express their gratitude to Marina for the strong leadership and commitment she has shown in taking the Commission forward.
Global Commission Launches Public Consultation on Proposed Norms
The Global Commission on the Stability of Cyberspace started a public consultation process on its new Norm Package, published on November 8, 2018, featuring six new global norms to help promote the peaceful use of cyberspace. The norms were developed with the express purpose of being adopted by public and private sector actors towards creating an architecture to improve international security and stability in cyberspace.
The intent of the feedback prosses, launched on December 17, is to encourage and facilitate feedback from external stakeholders on the current deliberations of the Commission, in particular on the proposed norms considered here. Once public comments have been received, the GCSC Consultation team (consisting of the GCSC Secretariat and Chairs of the Research Advisory Group) will collect and present the received comments to the GCSC Commissioners at the next GCSC meeting in Geneva at the end of January 2019. The GCSC may consider to implement the suggestions and/or feedback at any time, but is likely to focus on including any potential changes in the GCSC Report to be published by Q1 2020.
You can learn more about the consultation and submit your comments on the GCSC website.
Launched at the Munich Security Conference in February 2017, the GCSC is a group of 28 prominent, independent leaders in cyberspace from 16 countries, including Chair Marina Kaljurand (Estonia) and Co-Chairs Latha Reddy (India) and Michael Chertoff (USA). Its mission is to enhance international peace, security and stability by developing norms and policy proposals to guide responsible state and non-state behavior in cyberspace.
It aims to bring the knowledge, expertise and perspectives of private actors and civil society, including the technical community and academia, into the traditionally state-led dialogue in international peace and security in cyberspace, to reflect the multi-stakeholder reality of this space.