Cyberspace Cooperation

The Global Cooperation in Cyberspace Initiative seeks to reduce conflict, crime and other disruptions in cyberspace and promote stability, innovation and inclusion.

Learn More

Global Commission Introduces Six Critical Norms Towards Cyber Stability

The Global Commission on the Stability of Cyberspace (GCSC) today announced the release of its new Norm Package, featuring six new global norms to help promote the peaceful use of cyberspace. The norms were developed with the express purpose of being adopted by public and private sector actors towards an architecture to improve international security and stability in cyberspace.

“The GCSC has introduced universal norms that seek to address individual risks to the stability of cyberspace,” stated Marina Kaljurand, Chair of the GCSC. “We trust that decision makers within the government, private sector and civil society recognize that these norms will help guide how we as a global society define cyber stability. The interdependent nature of cyberspace demands established ‘rules of the road’ the global community can agree on—this effort is an important step in that direction.”

The norms introduced by the GCSC focus on the following areas:

  • Norm to Avoid Tampering
  • Norm Against Commandeering of ICT Devices into Botnets
  • Norm for States to Create a Vulnerability Equities Process
  • Norm to Reduce and Mitigate Significant Vulnerabilities
  • Norm on Basic Cyber Hygiene as Foundational Defense
  • Norm Against Offensive Cyber Operations by Non-State Actors

The complete GCSC Norm Package can be found here.

This Norm Package is the result of contributions and extensive consultations by GCSC Commissioners, advisory experts and the GCSC Research Advisory Group. It was finalized at the fourth full Commission meeting held in Singapore on September 19-20, which featured a public hearing to facilitate stakeholder engagement.

At the hearings, the proposed norms were discussed by senior representatives from the United Nations Office for Disarmament Affairs (UNODA), the United Nations Institute for Disarmament Research (UNIDIR), the UN Secretary-General’s High-Level Panel on Digital Cooperation, the Organization for Security and Co-operation in Europe (OSCE) and the European Union. Cyber coordinators and senior officials from Australia, Belgium, Canada, Estonia, Finland, France, Germany, Hungary, India, Japan, Kenya, Mexico, the Netherlands, New Zealand, Norway, Poland, Singapore, Switzerland, the United Kingdom and the United States participated in the meeting as well. Civil society and other organizations were also represented, including the Asia-Pacific Network Information Centre (APNIC), FIRST, ICANN, Microsoft, JPMorgan Chase, and the S. Rajaratnam School of International Studies, among others.

“The calls for responsible behavior in cyberspace will only grow louder, in step with the very real risks cyber poses for international stability,” commented Izumi Nakamitsu, United Nations Under-Secretary-General and High Representative for Disarmament Affairs. “All stakeholders should continue the discussion on norms and what they represent in advancing a global understanding of what is—and what is not—acceptable, in cyberspace.”    

The Norm Package builds on previous norms introduced by the GCSC concerning the disruption of elections through cyber attacks on electoral infrastructure and a Call to Protect the Public Core of the Internet. The Commission welcomes comments and suggestions from all stakeholders on wording and possible levers of implementation for each of the norm proposals to inform its future deliberations. 

Launched at the Munich Security Conference in February 2017, the GCSC is a group of 28 prominent, independent leaders in cyberspace from 16 countries, including Chair Marina Kaljurand (Estonia) and Co-Chairs Latha Reddy (India) and Michael Chertoff (USA). Its mission is to enhance international peace, security and stability by developing norms and policy proposals to guide responsible state and non-state behavior in cyberspace.

The organization is facilitated by a Secretariat comprised of The Hague Centre for Strategic Studies and the EastWest Institute. To learn more and see the full list of Commissioners, visit www.cyberstability.org.

For general inquiries, please contact Louk Faesen at loukfaesen@hcss.nl or Anneleen Roggeman at aroggeman@eastwest.ngo.

For media inquiries, please contact Conrad Jarzebowski at cjarzebowski@eastwest.ngo.

Global Commission Agrees on Five Critical Norms to Protect Cyberspace

The Global Commission on the Stability of Cyberspace (GCSC) agreed to five new norms of responsible behavior in cyberspace, focusing on improving and maintaining the stability and security of cyberspace. It is the intention of the GCSC that these norms be adopted by governments, companies and other players in their behavior, policies and laws.

This norms package was developed by the GCSC Commissioners, advisory experts and the GCSC Research Advisory Group, and refined by extensive debate. The new norms were agreed at the fourth full Commission meeting on September 20 in Singapore, held during the Singapore International Cyber Week (SICW). The finalized norms package will be released in the next few weeks.

“This package of norms recognizes the increasing interdependence of people around the world who rely on a stable and secure Internet. They aim to prevent the very real consequences of any major disruption,” stated Marina Kaljurand, Chair of the GCSC. “They represent an important step towards defining and promoting changes in behavior on the part of all parties involved.”

Once finalized, the norms will urge governments and others to avoid taking actions that would substantially impair the stability of cyberspace, including inserting vulnerabilities into products and services, commandeering others’ devices to create botnets, and allowing non-state actors to conduct offensive cyber operations. The norms will also urge action to preserve the stability of cyberspace, including establishing vulnerabilities equities processes and ensuring basic cyber hygiene. The GCSC agreed to continue discussions on artificial intelligence, on the cybersecurity responsibilities of product and service providers and on principles and definitions. The GCSC will next meet in Wuhan, China, in early December.

“Maintaining the integrity of cyberspace and all of the benefits it provides is the responsibility of government, the private sector, manufacturers and non-state actors, among others,” said Latha Reddy, Co-Chair of the GCSC and Former Deputy National Security Advisor of India. “The norms set forth by the GCSC today acknowledge the role of each organization and individual in maintaining appropriate standards and refraining from compromising the Internet, for the greater good.”

The norms package builds on previous norms introduced by the GCSC concerning the disruption of elections through cyber attacks on electoral infrastructure and a Call to Protect the Public Core of the Internet.

To inform its work, the Commission held a public hearing in Singapore. The hearing featured the participation and input of senior representatives from international organizations including Izumi Nakamitsu, United Nations Under-Secretary-General and High Representative for Disarmament Affairs, and representatives from ICANN, the United Nations Institute for Disarmament Research (UNIDIR), the Organization for Security and Co-operation in Europe (OSCE), and the Secretariat of the UN Secretary General’s High-Level Panel on Digital Cooperation. Several cyber coordinators also participated in the meeting, including from the Asia-Pacific Network Information Centre (APNIC), Australia, Belgium, Canada, Estonia, Finland, France, Germany, Hungary, India, Japan, Kenya, Mexico, the Netherlands, New Zealand, Norway, Poland, Singapore, Switzerland, the United Kingdom and the United States. Microsoft, JPMorgan Chase and other private sector actors were present as well.

For general inquiries, please contact Louk Faesen at loukfaesen@hcss.nl or Anneleen Roggeman at aroggeman@eastwest.ngo.

Commissioners to Participate in Israel’s Cyber Week in Tel Aviv

19 members of the Global Commission on the Stability of Cyberspace (GCSC) will meet during Israel’s Cyber Week in Tel Aviv from 17-21 June.

This informal, consultative meeting will build on the results of the last meeting in Bratislava, during which the Commission proposed a norm prohibiting cyber disruptions of technical infrastructure that supports elections. The Commissioners present in Tel Aviv will engage with key stakeholders on the Commission’s current and future work including norms on:

  • Barring the insertion of vulnerabilities into essential cyberspace products and services
  • Advocating for governments to actively consider disclosing software and hardware vulnerabilities to vendors
  • Further defining the elements of the public core of the Internet

In preparation for the upcoming meeting in Singapore, Commissioners will also explore norms related to private sector cybersecurity practices and the creation of a mechanism for further developing the international cyber security architecture.

Several Commissioners will also participate during the ongoing Cyber Week. Chair Marina Kaljurand will speak at the Cyber Leaders Forum and a fireside chat on norms of behavior in cyberspace, while Co-chair Latha Reddy will deliver a plenary speech on shaking up defense strategies. Jim Lewis will discuss the future of great power cyber conflicts. Alexander Klimburg will be speaking on a panel on emerging technologies in great power competition. Joseph Nye will speak at several sessions on topics including fake news, evolving norms in cyber conflict, and U.S.-China competition. Isaac Ben-Israel is one of the hosts of Israel’s Cyber Week and will moderate a number of sessions.

After Tel Aviv, the next full Commission meeting will take place on September 19-20 in Singapore in the margins of Singapore International Cyber Week.

McConnell Talks Cyber Concerns Over Foreign Tech Firms

The institute's cyber chief spoke to Nextgov on the debate whether the U.S. government should impose restrictions on foreign tech firms operating domestically due to cybersecurity concerns.

“If the (U.S.) government’s intention is to put Chinese companies out of business for security reasons ... that doesn’t seem to me to be a good road to go down,” McConnell said as quoted of the debate around Chinese phone maker ZTE.

McConnell, who was the former Homeland Security cyber chief under the Obama administration, suggests a two-part solution to government concerns about the security of ZTE and other foreign tech firms.

Read the full article here.

Pages

Subscribe to RSS - Cyberspace Cooperation