CONTENTScf.orfonline.org/wp-content/uploads/2017/11/GCCS-Journal.pdf · CONTENTS 1 Vision...
Transcript of CONTENTScf.orfonline.org/wp-content/uploads/2017/11/GCCS-Journal.pdf · CONTENTS 1 Vision...
CONTENTS
1 VisionStatement-DigitalIdentity:TheBasisofGlobalDigitalArchitecture
forFuture 4
2 Editor’sNote-OurCommonFuture 8
3 Foreword-FromLondontoNewDelhi:BuildinganOpen,Secure
InternetforAll 10
4 ForaFreeandSecureGlobalInternet 12
5 ASoutheastAsianPerspectiveTowardsCyberNormsina
Post-UNGGEWorld 15
6 Cyberspace:AForceforGood,IfGovernedbytheRuleofLaw 19
7 DevelopingaNewHumanitarianResponseintheAreaofCyberspace 22
8 TheEvolutionofInternationalCollaboration&LawRelatedtoCyberspace
andSecurity 26
9 FindingNewRulesfortheStabilityofCyberspace 31
10 CyberspaceChallenges:PastandFuture 34
3OBSERVER RESEARCH FOUNDATION
I see technology as a means to empower and as a tool that bridges the distance between
hope and opportunity.
—ShriNarendraModi,HON.PRIMEMINISTEROFINDIA
4 OUR COMMON FUTURE: THE GLOBAL CONFERENCE ON CYBERSPACE JOURNAL
Theworldisincreasingly
becomingdigital.Internet-
anextraordinarycreationof
humanmindisnolongerthe
monopolyofafew.Today,it
isthemostimportanttoolof
communication,information
andiscreatingvastopportuni-
tiesforeconomicdevelopment
andinnovation.Ithasgiven
voicetothevoicelessalso.
Therefore,themankindhasa
vitalstakeinit.Internetbeing
globalphenomenonmusthave
linkageswiththelocal-local
ideasandlocalcultures.Our
viewisveryclearthatthedigi-
talworldmustleadtodevelop-
ment,empowermentandmost
importantlyinclusivegrowth.
Aboveall,itmustbesafeand
secure,becausewhileinternet
usherspromiseitalsocauses
perilsattimes.
Ontheonehand,digital
technologiesareallowingfor
unprecedentedeconomic
growthforusers,communi-
tiesandbusinessesacrossthe
spectrum.Ontheotherhand,
thesetechnologieshavefos-
teredthegrowthofmalicious
networksthatpresentareal
threattoourcontinuedenjoy-
mentofrightsinademocracy.
ThePrimeMinisterofIndiaShri
NarendraModihaseloquently
observedthatcyberwarisakin
tobloodlesswar.Itisinthis
connectionthatIndia’sinitia-
tivesofsafeandsecuredigital
identitywithextraordinary
Aadhaarprogrammebasedon
homegrownsafe,secureand
DigitalIdentity:TheBasisofGlobalDigitalArchitectureforFuture
Ravi Shankar Prasad, Minister of Electronics and Information Technology, Government of India
VISIONSTATEMENT
5OBSERVER RESEARCH FOUNDATION
lowcosttechnologymerits
specialmention.Assuch,
nationshavehadtorespond
dynamicallytoadapttothose
changesbroughtaboutbythe
digitalworld,whetherthey
havetodowiththeeconomy,
nationalsecurityorverysim-
ply,thewaywecommunicate.
However,fewhavesucceeded
inremainingagileandcrafting
asustainabledigitaleconomy.
Thekeytocapturingthe
opportunityandmitigating
theriskbroughtaboutby
thedigitalrealmlieswith
theindividual:throughher
identity.Identityisacentral
componentofalltransactions
today.Withoutidentity,indi-
vidualsstruggleforasenseof
belonginginthecommunity,
economyorbroaderdemo-
craticpolity.Insomecases,a
senseofmisplacedidentitycan
evenfomentradicalizationand
extremism,especiallyindigital
spaces.Theimportanceofiden-
tityhasevenbeenhighlighted
intheUN’sSustainableDevel-
opmentGoals,whichcallfor
theprovisionofalegalidentity
foreveryoneby2030.Indiaas
anationwasquicktorecognize
thesignificanceofidentityas
apositivereinforcement,and,
thus,wentontocreatethe
mostsuccessfuldigitalidentity
intheworld–Aadhaar.
India’sjourneywithAadhaar
offersimportantevidenceon
howidentitycanhelpcata-
lyzethegrowthofthedigital
economy,formthebasisof
nationalsecurity,andhelpin
thedeliveryofsocialbene-
fits.Additionally,itoffersa
templateforacost-effective
digitalecosystemwhichother
countriescanemulate.Most
importantly,ithighlightsthe
centralityofidentitywithinthe
globaldigitalarchitectureof
thefuture.
Animportantdistinctionin
theAadhaarinitiativeledby
PrimeMinisterNarendraModi
isthatnowthereisarobust
lawdulypassedbythePar-
liamentwhichcreatesavery
salutaryprovisionofsafeand
securedigitalidentityprocess
andalsorespectsprivacyof
individuals.
The Identity-based Digital EconomyFewyearsago,Indiawasfaced
withaconundrum.Overhalf
itsconstituentshadnoway
ofprovingtheiridentity.This
precludedtheirparticipation
intheformaleconomy,asone
cannotopenabankaccount,
accesscreditsystems,or
acquireinsurancewithouta
personalidentificationdocu-
ment.Additionally,theinability
toidentifyhalfthepopulation
madethedeliveryofgovern-
mentservicesexceedingly
tricky.Aadhaarwasconceived
tosolvetheseissuesbycre-
atingauniquedigitalidentity
forindividualsbasedontheir
biometricdata.Today,itboasts
1.18billionenrolments,giv-
ingIndiathemostsignificant
digitalidentityfootprintinthe
world.
Farreachingtransforma-
tionalprogramslikeDigital
India,MakeInIndia,SkillIndia,
StartupIndiaarealltechnology
drivenprogramsfortransfor-
mationandempowermentof
ordinaryIndiansdesignedto
usheringreateraccesstoave-
nuesofdevelopment.Banking
theunbanked,securingthe
unsecured,fundingtheun-
funded,taxingtheuntaxedand
Thekeytocapturingtheopportunityandmitigatingtheriskbroughtaboutbythedigitalrealmlieswiththeindividual:throughheridentity.
6 OUR COMMON FUTURE: THE GLOBAL CONFERENCE ON CYBERSPACE JOURNAL
givingvoicetotheunheardare
allbeingmadepossiblethrough
verifiabledigitalidentity.
Aadhaarunderpinsahost
ofinnovativeapplicationsthat
havetransformedtheworking
ofcommerceinthecountry.
ThefirstistheAadhaar-En-
abledPaymentSystem(AEPS),
whichallowscustomersaccess
totheirAadhaar-linkedbank
accountsthroughAadhar
authentication.TheAEPShas
broughtaboutfinancialempow-
ermentatthegrassrootslevel
throughthedeploymentof
micro-ATMs.Theserviceallows
fordeposits,cashwithdrawals,
andfundtransfers.Thesecond
istheAadhaarPayapplication
whichusesanindividual’sbio-
metricinformationtoauthorize
paymentstomerchants.
ThethirdistheIndiaStack,
anopenApplicationProgram-
mingInterfacefordevelopers
thatusesAadhaarasthebasis
forverification,ane-KYCdig-
itallockerforthesafedeposit
ofdocuments,hasane-sig-
naturefeature,andaUnified
PaymentsInterfaceforfinancial
transactions.IndiaStackmakes
auserbaseofover1billion
peopleavailabletostart-ups
andentrepreneurswhowishto
buildapplicationsontopofit
tointegratepartsoftheirbusi-
nessesorcreatenewservices
fromscratch.IndiaStackmakes
cashless,presence-less,and
paperlessservicedeliveryeco-
systempossible.Now,afruit
sellercanavailofanintra-day
loanandpayitbackthesame
daythroughhermobilephone
withouthavingtowastetime
byvisitingabank.
Intoday’sworld,dataisthe
mostvaluableresourceforan
economy.Aadhaarhascreated
anopportunityforIndiaandits
citizenstoutilizethisresource
toadvancethedomesticdigital
economyandgrowittoUSD
1trillionwithinthenextfive
years.
Using Identity to Fight TerrorismTerrorrequiresfinancingto
operate.Intheabsenceof
funding,equipment,supplies,
peopleandresourcescannot
bepurchasedorattracted.The
sourcesofcapitalmaybelegal
orillegal,withmoneybeing
transferredinsmallamounts
ratherthanlargelumpsums.
Terrorfinancingisaglobal
phenomenonthatthreatensa
state’ssecurityandeconomic
stability.
Theinternethasbeenanim-
portanttoolforterrorfinanc-
ing.Itoffersbothterrorgroups
andtheirdonorsbroadreach,
efficiency,andmostimpor-
tantly,anonymity.Withaccess
becomingeasiereveryday,the
internetisapowerfulweapon
foroutreach.Billionsofindi-
vidualsfloodsocialmediaand
otherpopularwebsites.These
channelsallowterrororgani-
zationstoeffectivelylaunder
money,raisefundsdirectly,
andrecruitnewmembers.
Additionally,terrorgroupsare
drawntotheinternetbecause
itoffersthemallowsthemto
avoiddetection.
Thisiswhereidentitycomes
in.Aadhaarsnatchesawaythe
anonymitythatsheltersevil
activities.ThelinkingofAadhar
tobankaccounts,Permanent
AccountNumbers(PAN),
andmobilephoneshasbeen
instrumentalinstemmingthe
tideofblackmoneyandterror
financinginthecountryasit
haslimitedtheabilityofindi-
vidualstolaundermoneyand
transferfundsforillicitactiv-
itiesthroughthesechannels.
Illustratively,over1millionfake
PANcardshavebeencancelled
asaresultofthelinkageof
AadhaarwithPANnumbers.
Additionally,becauseAadhaar
requirestheuseofbiometric
informationforauthentication
andregistration,itcannotbe
7OBSERVER RESEARCH FOUNDATION
duplicated.Thus,itisimpos-
sibletocreateduplicitous
Aadhaarcards.
Identity-based Social WelfareCountriesspendbillionson
socialwelfareprograms,but
theseschemesaredifficultto
implementandplaguedwith
leakages.Onelimitationinthe
effectiveimplementationof
theseprogramsisthedearth
ofadequatefinancialinfrastruc-
turetofacilitatetransfersto
theintendedbeneficiaries.This
leakageoffundscanbeashigh
as70to85percent.Aniden-
tity-basedpaymentssystem
helpsovercomethisissuebyal-
lowinggovernmentstoidentify
beneficiariesandtransferwel-
faredirectlytotheiraccounts
correctly.
Inthisregard,theimplemen-
tationoftheAadhaar-based
DirectBenefitTransferscheme
hassavedtheexchequerINR
50,000croresoverthepast
threeyears.Aadhaarhasmade
thedeliveryofsocialwelfare
programsliketheNational
RuralEmploymentGuarantee
Scheme(NREGS)andSocial
SecurityPayments(SSP)more
efficientandtimely.Ration
cardsweretypicallyboundto
onePublicDistributionSys-
temoutlet,regardlessofhow
pooritsserviceswere.With
Aadhaar,rationcustomerscan
availoftheservicesofanyPDS
outlet.Illustratively,inAndhra
Pradesh’sKrishnadistrict,PDS
outletscannolongergivetheir
customersapoordeal,forfear
oflossofbusinesstobetter
qualityvendors.
The Future: An Identity-based Global Digital ArchitectureWithinashortperiod,the
implementationofAadhaarhas
propelledIndiatothecentreof
theglobaldigitalstory.Ithas
spurredthegrowthofIndia’s
digitaleconomy,fosteredfinan-
cialinclusionanddistributionof
socialwelfare,andsafeguarded
thecountryfromexternaland
internalthreats.Inthisregard,
Aadhaarhasrealisedmanyof
thegoalsidentifiedintheglob-
alcyberspaceconferencesincu-
batedbytheLondonprocess.
Aadhaarhasshownthat
genuineinnovationneednot
becomplicatedorexpensive.It
hasprovedthatgovernments
canprovidecost-effective,qual-
itydigitalinfrastructure.Lastly,
ithasestablishedtheprofound
importanceofidentitytothe
broaderglobaldigitalnarra-
tiveoftomorrow.Aroundthe
globe,4.4billionindividualsare
yettocomeonline.Aadhaar
hasshownthatgivingthema
digitalidentityisthefirststep
inthisregard.
Aadhaarisadata-driven
innovationthatservesasablue-
printforothernations.Several
countriessuchasMorocco,
Russia,Algeria,andTunisiaare
alreadycontemplatingIndia’s
modelfortheirown.Moreover,
internationalorganizationslike
theWorldBankarelookingto
useAadhaarasanarchetypeto
structuresimilarstrategiesin
otherpartsoftheworld.
Identitywillbethecorner-
stoneuponwhichtheglobal
digitalarchitectureofthefu-
tureisbuilt.Thesheerscaleof
digitaltransformationhappen-
inginIndia,touchingthelives
ofordinarypeopleinapopula-
tionofmorethan1.3billionis
goingtobeagreatbeaconfor
thedevelopingworld.India,
foritspart,willhelpseethis
throughbyguidingtherestof
theworldthroughthisjourney.
7
8 OUR COMMON FUTURE: THE GLOBAL CONFERENCE ON CYBERSPACE JOURNAL
Foramediumconsideredto
haverevolutionisedcom-munications,itisironicthat
themanystrugglesaroundthe
governanceofcyberspacestem
fromalackofcommunication–
communicationamongstates,
betweenstatesandcitizens,
andbetweenthosethatcreate
technologyandthosethatcon-sumeit.Normativeprocesses
thatwilldeterminethefuture
ofcybergovernancehave
greatlybenefitedbybringing
togetheractorswhorepresent
diversegeographical,political,
economicandsocialrealities.
Oneofthemostimportant
amongtheseprocessesisthe
GlobalConferenceonCyber-space(GCCS).
ConceivedinLondonin2011,
theGCCSisthelargestgath-eringofallstakeholderson
cyberspaceissues.Ithasalready
managedtobringintothisfold
keyinterlocutorsfromgovern-ment,civilsociety,industryand
academia.Thefiftheditionof
theconference,convenedby
India,isasignificantlandmark
intheevolutionoftheLondon
Process.GCCS2017isthe
firsttimethatthegatheringis
hostedbyanon-OECDecon-omy.Thisveryfactleadstoan
opportunityfortheinternet
communitytoengagewitha
whollynewdemographicand
differentsetofissuesanimating
thenextbillioninternetusers.
ThatIndiahoststhisprocess
nowisamessageinitselfand
augurswellforgreaterdegree
ofpluralismintheagenda,
grammarandambitionsofthis
process.
Thisideaisreflectedinthe
fourmainpillarsforGCCS2017
–inclusion,growth,diplomacy
andsecurity.Thisvolumeof
essayscapturessomeofthe
OurCommonFuture
Samir Saran, Vice President, Observer Research Foundation
EDITOR’SNOTE
9OBSERVER RESEARCH FOUNDATION
criticaldebatesontheseissues
fromforemostleaders,visionar-ies,foundersandyoungminds
intechnology,policyandgover-nance.Whilepreviouseditions
ofthisconferencehavebeen
designedashigh-levelstock-takingexercises,thisedition
hasthepotentialtogoastep
furtherandcreateanindepen-dentnorm-settinginitiative
ledbydiverseandemerging
economies.Theessaysinthis
volumeareintendedtoguide
thisendeavour.
Themultiplegoalsofpoli-cymaking--providingaccess,
securingthemediumand
spurringeconomicactivity—
arenolongermutuallyexclu-sive.Theseareallinterlinked
interests.Thereisperhapsno
betterexamplethatismore
illustrativeofthisphenomenon
thantheopportunitypresented
bydigitalpayments.Digitalpay-mentshaveimmensepotential
inpromotingfinancialinclusion
tothoseatthebottomofthe
pyramidandinbankingthe
unbanked.Itcanenablemicro
entrepreneurshipandserveas
thebackboneforservicesinthe
digitalage.Atthesametime,
digitaltransactionshavesome-timescomeundertheshadow
oftechnologicalvulnerabilities
andintheunsafepracticesof
userswhomakethem.Gov-ernmentstodayhavetojuggle
policyprioritiesthatareoften
atoddswitheachother--
providingaccesscannotignore
concernsaroundsecurityand
securingthemediumcannot
comeatthecostofstifling
innovation.Reconcilingthese
challengesinpursuitofone
goalisthedigitaltrilemmafor
cyberspacepolicymakerstoday.
Addressingthesechallenges
willrequirepolicymakingthat
isbothtechnologicallyand
sociallydynamic.Itwillrequire
normativeguidancethatistar-getedandyetinclusive.With
formalmultilateralprocesses
suchastheUNGroupofGov-ernmentalExpertsonDevel-opmentsintheFieldofInfor-mationandCommunication
Technologiesendinginalackof
consensusthisyear,initiatives
suchastheGCCSassumemore
importance.Theconference
canserveasaforumtomake
theglobaldiscoursearound
cyberspacemorerepresentative
andplural–thisyearwewill
witnesssomeofthenormative
conversationsbegunbybodies
liketheGlobalCommissionon
theStabilityofCyberspaceand
havetheseideasdeliberated
upon.
Theessaysinthisvolume,
coveringarangeoftopicsfrom
cyberconflicttodigitalconnec-tivity,aimtobringadiversity
ofinterestsandperspectiveson
tothesametable,inthehopes
thattheywillguidediscus-sionsforfuturegatheringsand
maybeevenanswersomeof
thelongcontestedissuesfor
policymakerstoday.
Asiaisnotonlyhometothe
largestnumberofinternet
usersintheworld,itisalso
poisedtoleadtheworldin
technology,innovationsand
regulatorypolicy-itisthere-foreonlyfittingthatGCCS
2017isbeingstewardedby
India.Theprocesswillbenefit
fromthedemocraticethosof
policyconversationsinIndia
andwillallowvoicesthathave
remainedonthesidelinesto
havetheirchancetoshapeour
commondigitalfuture.7
Themultiplegoalsofpolicymaking—providingaccess,securingthemediumandspurringeconomicactivity—arenolongermutuallyexclusive.
10 OUR COMMON FUTURE: THE GLOBAL CONFERENCE ON CYBERSPACE JOURNAL
ON12MAY,hospitalsacrossBritainwerestruckbyaran-somwareattackknownasWannaCry.AsourNationalCyberSecurityCentre(NCSC)beganitsemergencyresponse,reportsofsimilarincidentsstartedcominginfromacrosstheworld.InSpain,telecomscompanieswerehit;inIndia,variouspoliceforcesfellvictim;inGermany,itwastransportandrailwaysthatsuffered;inRussiatheinteriorministrywasinfected.Itsoonbecameclearthatover100countrieshadfelttheeffectsofWannaCry,demonstratingtheglobalandindiscriminatenatureofthisthreat.HereinBritain,theNCSC’s
expertshelpedourNationalHealthServicetogetbacktonormal–althoughthesitua-
tionwouldhavebeenworseifhospitalstaffhadnotrevert-edtomanualsystems.WhiletheWannaCryattackwasnotthe‘CyberArmageddon’thatsomehavepredicted,thefactthatthisransomwarespreadlikewildfire–andruthlesslyexploitedoldandunpatchedsoftware–exposedthepolicyproblemscreatedbythiskindofthreat.Putsimply,bordersareirrelevantandnogovern-mentcanprotectitspeopleinisolation.“Cyber”isderivedfrom
kubernetes,theGreekwordfor“steersman”.Howshouldwesteerourselvesacrosstheunchartedwatersofthedigitalage?TheUKwasthefirsttohostthisconferencein2011,andoursharedaimmustbetoagreecommonprinciplesfor
FromLondontoNewDelhi:BuildinganOpen,SecureInternetforAll
BORISJOHNSONSecretary of State for Foreign and Commonwealth Affairs, United Kingdom
FOREWORD
11OBSERVER RESEARCH FOUNDATION
behaviourwithinandbetweenstatesinthedigitalage.In-ternationallawappliesonlineasitdoesoffline–andsotooshouldtheconventionsthatguideourbehaviourinotheraspectsoflife.Tothisend,theUKisdevelopingaDigitalCharterwiththeaimofagree-inghowpeopleandbusinessesshouldbehaveonlineinordertocreateanenvironmentforsocietiesandeconomiestoflourish.Butthechallengesnev-
erstandstill.Allaroundus,newtrendsareevident,fromcyber-enabledinterferenceindemocraticelectionstothespreadofterroristpropagandaacrosstheinternet,evenasthegroupsthemselveslosecontrolofrealterritory.Meanwhile,criminalsmakeincreasinglysophisticatedattemptstosepa-rateordinarypeoplefromtheirmoney.Espionage,propagandaandtheftareasoldashuman-ity,buttodaytheyoccuronahugescale–andatlightning
speed–whencarriedintocyberspace.Hencethenecessityofcre-
atingasecureInternet,wherepeopleanddataareproperlyprotected.Thisdoesnotmeansacrificinghumanrightsforthesakeofsecurity–thetwocanandshouldgohand-in-hand.Itdoesmeanendingimpunityformaliciousactors,developingnetworksthataresecurebydefaultandensuringthatbasicprecautionsareuniversal.De-spiteepisodeslikeWannaCry,manyattackssucceedusingrelativelyprimitivetechniques.ThevastmajorityofincidentsreportedintheUKcouldbeavoidedwithsafeguardsaselementaryasinstallingnewsecuritypatches,orupdatingdefaultpasswords.Cyberspacealsochallenges
ourtraditionalideasofle-galjurisdiction.Dataabout
onecountry’scitizenscanbesubjecttothelawsofanoth-ersimplybecauseofwhereitisphysicallystored.ThoserepresentedatthisGlobalConferenceonCyberspacewillholddifferentviewsonhowtorespond:thatispreciselywhyweneedtotalk.Weareallstrongerwhen
weshareknowledge,improveourcooperationandinvestineachother’scapabilities.Inthisspirit,Iamdelightedthatthisyear’sconferencewillagreeaGlobalAgendaforCyberCa-pacityBuilding.Oneofthegreatestdebates
ofourtimeishowtocreateafree,openandsecurecyber-spaceforthebenefitofall.Youarethesteersmenchartingourwaythroughthisextraordinari-lycomplexlabyrinth–andIwishyoueverysuccess.7
Weareallstrongerwhenweshareknowledge,improveourcooperationandinvestineachother’scapabilities.
12 OUR COMMON FUTURE: THE GLOBAL CONFERENCE ON CYBERSPACE JOURNAL
Theinternethasbeena
globalforceforhumande-
velopment,sincetheearlydays
ofitsinception.Ithasoffered
opportunitiestolearn,toreach
newmarkets,toinnovate.Ina
worldofgrowinginequalities,
accesstotheinternetisthe
keyformarginalisedcommuni-
tiesallovertheworldtogrow,
studyandconnect.
Yet,inrecenttimes,weare
allincreasinglyawareofthe
threatsrunningontheweb:
cyber-attackshavetoooften
madethenews;ourdefence
systemscannotignorethe
possibilityofcyber-warfare;and
toomanyofouryoungpeo-
plehavebeenexposedtothe
onlinepropagandaofterrorist
groups.
Cyberspaceisaglobal
common,andweallsharean
interesttokeepitsafe.Iam
convincedthatcyberspacecan
beatthesametimesafeand
open,andthattheopportu-
nitiesofglobalconnectivity
outnumberitsdangers,byfar.
Ifwewanttopreserveand
expandtheseopportunities,we
mustalsoinvestinthesecuri-
tyandthegovernanceofour
cyberspace.
Forthisreason,weEurope-
ansbelievethatinternational
cooperationmustbethemain
pathto“promoteafreeand
secureglobalinternet”–inthe
wordsofourGlobalStrategy
forforeignandsecuritypolicy,
whichIpresentedlastyear.The
EuropeanUnionisactivelycon-
tributingtothecapacityofour
internationalpartnerstofight
ForaFreeandSecureGlobalInternet
Federica Mogherini, High Representative of the European Union for foreign and security policy, and Vice-President of the European Commission
13OBSERVER RESEARCH FOUNDATION
cybercrimeandaddresscyber
threats:wehavelaunched
globalcapacitybuildingpro-
grammestopromotetherule
oflawincyberspace,training
lawenforcementofficialsto
investigateandprosecute
cybercrime.WithourGlobal
Strategy,theEuropeanUnion
hascommittedtoengagingin
cyberdiplomacyandtoseek-
inginternationalagreements
onresponsiblebehaviourin
cyberspace,basedonexisting
internationallaw.Aglobal
frameworkoncybersecurityis
anintegralpartofourefforts
tobuildastrongerglobalgov-
ernance,andamorecoopera-
tiveworldorder.
Thisisaviewwesharewith
India:atlastmonth’sEU-India
SummitinNewDelhiwejoint-
lyreaffirmedthatinternational
lawisapplicableincyberspace,
andthatthereis“aneedto
continueanddeependeliber-
ationsontheapplicabilityof
internationallawtocyberspace
andsetnormsofresponsible
behaviourofStates.”
Whileweworkatbetter
globalcyber-rules,wemust
alsotackletheimmediate
cyber-threatsthatalreadyhave
animpactonourcitizens’lives.
Cyber-insecuritytranscends
nationalbordersbydefinition:
joiningforcesamongcountries
iscrucialtoeffectivelyaddress
thischallenge,andtheEuro-
peanUnion’sinstitutionsand
MemberStatesaresteppingup
cooperationinthisfield.
Toprotectourcyberspace,
weneedbettercapabilities,
moreresearch,moretraining
andexercisesonhowtore-
spondtoanattack.Inthelast
fewmonthswehavealready
setupanumberofnewinitia-
tivesandstructureswithafo-
cusoncyber-security.Lastyear
wesignedaJointDeclaration
forcooperationwithNATO:
outof42commonactionswe
haveagreedupon,sevencover
cyber-securityissues.Weinau-
guratedaEuropeanCentrefor
CounteringHybridThreatsin
Helsinki,undertheleadership
ofFinlandandotherMember
States.TheEuropeanDe-
fenceAgency,whichIlead,is
workingonaEuropeanCyber
DefenceTrainingandExercise
Platform.Andjusttwomonths
ago,theEuropeanCommis-
sionhasproposedtocreate
anEUCybersecurityAgency:
theAgencywouldsupportour
MemberStatestopreventand
reacttocyber-attacks,butalso
putinplaceanEU-widecerti-
ficationframeworktoensure
thatproductsandservicesare
cyber-secure.
Overthelastyear,the
EuropeanUnionhastakenun-
precedentedstepstoimprove
cooperationamongitsMem-
berStatesondefenceissues.
Manyoftheinitiativeswehave
launched–suchasthePerma-
nentStructuredCooperation
ondefence,theCoordinated
AnnualReviewofnationalde-
fencebudgets,andtheEuro-
peanDefenceFund–provide
uswithgreatopportunities
toresearchanddevelopnew
capabilitiesforcyber-security,
inamorecooperativeand
efficientmanner.
Wearealsogettingready
torespondtocyber-attacks
throughourforeignpolicy
tools,includingeconomic
sanctions.InJune2017,with
theEuropeanUnion’sministers
offoreignaffairs,wedecided
todevelopaso-calledCyber
Cyber-insecuritytranscendsnationalbordersbydefinition:joiningforcesamongcountriesiscrucialtoeffectivelyaddressthischallenge.
14 OUR COMMON FUTURE: THE GLOBAL CONFERENCE ON CYBERSPACE JOURNAL
DiplomacyToolbox,thatis,a
blueprintforajointEUdiplo-
maticresponsetomalicious
cyberactivities.
Beyondtheriskofattacks
againstourcriticalinfrastruc-
tureandourdata,thereis
anothersecurityissuelinked
totheinternet,moresubtle,
whichwecannotignore.Ter-
roristgroupslikeDaeshhave
usedthewebtospreadtheir
lies,radicaliseandrecruitall
aroundtheworld,fromEurope
toSouthAsia.Theirpropagan-
daneedstobeconfrontedfirst
andforemostbytakingdown
theillegalcontentsfromthein-
ternet.Toaddresstheissueof
theaccessibilityofterroristma-
terials,theEuropeanCommis-
sionhasestablishedanInternet
ReferralUnitwithinEuropol,
theEuropeanagencyforpolice
cooperation.TheUnitactive-
lyscansforterroristcontent
onlineandthenrefersittothe
relevantinternetcompanies–
suchasGoogleorFacebook.In
justacoupleofyears,theUnit
hasalreadyreferredtensof
thousandsofpages.Andin90
percentofcases,theinternet
companieshaveremovedthe
material.
Ifwewantourinternettobe
trulysafe,whatisillegaloffline
mustalsobeillegalonline.At
thesametime,allthefreedoms
andtheinalienablerightsthat
we,astheEuropeanUnion,
cherishandprotectmustalso
beguaranteedontheinternet.
Inrecentyears,wehaveseen
toughpenaltiesagainstblog-
gers,lawstocriminaliselegit-
imatedissentonsocialmedia,
internetshutdowns.Wemust
callthingsbytheirname:these
areviolationsofhumanrights,
crimesagainstfreespeech.And
theEuropeanUnionwillalways
sidewiththevictims,working
toprotectthemandtorestore
theirfreedoms.
Thecyberspacecanonlybe
freeifitissecure,andcanonly
besecureifitisfree.Thisis
whatweEuropeansbelieve,
andthisisalsothespiritofthe
GlobalConferenceonCyber-
space.Weshareyourgoalof
“ASecureandInclusiveCyber-
spaceforSustainableDevelop-
ment”.Andwe,astheEurope-
anUnion,arereadytoengage
withallthosewhosharethis
goal–inourpartnercountries,
inthecivilsocietyandinthe
businesssector.Togetherwe
canfindinnovativeandcoop-
erativesolutionstomakethe
internetatrueforceforgood,
freeandsecureforallmankind.
7
15OBSERVER RESEARCH FOUNDATION
The2016/2017United
NationsGroupofGovern-
mentalExperts(UNGGE)’sin-
abilitytoreachconsensuswas
asetback,butweshouldnot
letthisdeterourjointefforts
toimplementasetofinterna-
tionalcybernorms.Theworld
needsthesenormsmorethan
ever,givenhowdigitalisedand
connectedweare,andinre-
sponsetothecommonscourge
ofcyberthreats.Singapore
remainsdeeplycommittedto
suchefforts,andwillcontinue
toworkwithourregionaland
internationalpartnerstorealise
thissharedobjective.
Why Cyber Norms Matter to UsSingaporefullysupportsthe
developmentofinternational
cybernorms.Asasmallcity-
state,Singaporereliesonclear
“rulesoftheroad”thatapply
toallcountries,bigandsmall.
Wearealsooneoftheworld’s
mostconnectedcities;each
Singaporeanhasalmosttwo
handphonesonaverage,and
ournationalbroadbandinfra-
structureistheworld’sfastest1.
Whileourhighqualitydigital
infrastructurehascatalysedour
economyandimprovedour
qualityoflife,italsomakesus
vulnerabletocyber-attacks.
Singaporeisalsolocated
inthecentreofoneofthe
world’sfastestgrowingre-
gions,SoutheastAsia.South-
eastAsiahasapopulationof
morethan600millionpeople
–largerthantheEuropean
Union–andhasoneofthe
fastest-growingmiddleclasses
intheworld,withmorethan
200millionpeopleexpectedto
jointhemiddleclassby2020.
ASoutheastAsianPerspectiveTowardsCyberNormsinaPost-UNGGEWorld
Yaacob Ibrahim, Minister-in-charge of Cyber Security, Singapore
16 OUR COMMON FUTURE: THE GLOBAL CONFERENCE ON CYBERSPACE JOURNAL
Thiseconomicanddemograph-
icdividendwillboostdemand
forgreaterconnectivityand
digitalisation,whichinturnwill
drivetheAssociationofSouth-
eastAsianNation(ASEAN)’s
digitaleconomy.Asafeand
trustworthycyberspaceisthus
anenablerandanimperative
forSoutheastAsia’seconomic
prosperity.
Therapidpaceofdigitalisa-
tioninSingapore’sdomestic
andregionalenvironments
makesitmoreessentialto
secureourcyberspace.After
all,cyber-attacksarenota
theoreticalthreat.Earlierthis
year,theITnetworksoftwo
universitiesinSingaporewere
foundtohavebeenbreached
byAdvancedPersistentThreat
actors,possiblytostealinfor-
mationrelatedtogovernment
orresearch.InearlyNovember
2017,regionalthreatactors
alsocompromisedthewebsites
ofASEANandothergovern-
mentagenciesinSoutheast
Asia.
Thesedevelopmentsunder-
scoretheneedforaconsis-
tentsetofrulesornormsfor
allstatesandstakeholdersin
cyberspace,soastobuildasafe
andtrustworthycyberspacefor
all.
Building on the Work of the UNGGE through Multiple, Complementary FrontsSingaporebelievesthatthe
UNmustcontinuetoplay
animportantroleinmoving
internationaldiscussionson
cybersecurityissuesforward.
Itisonlyatopenandinclusive
platformssuchastheUNthat
allstates,especiallysmallones
likeSingapore,canhavean
equalstakeandanopportunity
toshapetheglobaldiscourse
onarules-basedinternational
orderforcyberspace.
ThatiswhySingaporefully
supportstheworkoftheUN-
GGE,eventhoughwearenot
amember.TherecentUN-
GGEprocesshasshownthat
consensusacrossthebroad
internationalcommunitymay
bedifficulttoachieve,given
thediversecircumstances
betweencountriesandregions.
Butthisshouldnotholdus
back.Itremainsimportantto
buildontheUNGGEconsen-
susreportin2015–which
setout11voluntarynormsof
responsiblestatebehaviourin
cyberspace–throughinterna-
tionalandregionaldialogue,to
operationalisetheUNGGE’s
recommendations.
Singaporeandotherstates
must,therefore,strivetoraise
awarenessandapplicabilityof
theUNGGEnorms,through
regionalandinter-regional
conversationsthatcancomple-
menttheUNprocess.Group-
ingssuchastheOrganisation
ofAmericanStates,theEuro-
peanUnionandASEANplayan
importantroleincontributing
toabroad-basedconversation
oncybernorms.
Tothisend,Singaporeisplay-
inganactiveroleinSoutheast
Asiatomovetheconversation
oncybernormsforward.We
dosointhreeways:promot-
ingmoredialogue,developing
informalregionalnorms,and
catalysingpracticalcoopera-
tion.
Togetherwithourregionalandinternationalpartners,wewillcontinueoureffortstochampiontheadoptionofcybernorms–throughpromotingmoredialogue,developinginformalregionalnorms,andcatalysingpracticalcooperation–tobuildasafeandtrustworthycyberspaceforall.
17OBSERVER RESEARCH FOUNDATION
Promoting More DialogueFirst,Singaporebelievesthat
dialogueisessentialtofocus
theattentionoftheinterna-
tionalcommunityonkeycyber
issues.
Tofacilitategreaterdialogue
amongseniorgovernment
officialsintheinternational
community,Singaporehosts
theannualSingaporeInterna-
tionalCyberWeek(SICW).
The2ndSICWwasheldin
September2017,andprovided
aplatformformorethan7,000
stakeholders,includingpoli-
cy-makers,industryexpertsand
non-governmentalorganisa-
tions,toforgepartnershipsand
engageincriticaldialogueon
salientissuesincybersecurity.
TheInternationalCyberLead-
ers’Symposium,forexample,
featuredarobustpaneldiscus-
sionbetweenthought-leaders
fromgovernmentandindustry
onthechallengesinimple-
mentingnormsofresponsible
cyberbehaviour.Itisthrough
suchdialoguethatwehave
abetterappreciationofeach
other’sperspectivesandchal-
lenges,andthusthebasisfor
developingeffectivenormsand
embarkingonpracticalcooper-
ation.
Developing Informal Regional Norms Second,Singaporehasalso
beenworkingwithourregional
partnerstodevelopandimple-
mentasetofinformalregional
cybernorms,whicharecon-
gruentwiththe2015UNGGE
norms.
Developingregionalnormsis
noeasyfeatinSoutheastAsia,
giventhedifferencesindigital
maturity,cybercapabilities,and
policychallenges.Nonetheless,
ASEAN’s50-yearhistoryofmu-
tualcooperationhasenabled
memberstatestoembracethe
taskofdevelopingcybernorms
withconfidenceandtrust.
Thatiswhycollaboration
betweenASEANmemberson
cyberissueshasbeenencourag-
ing.Forinstance,attheinaugu-
ralASEANMinisterialConfer-
enceonCybersecurity(AMCC)
hostedbySingaporeinOctober
2016,ASEANMinistersand
theASEANSecretary-General
agreedontheimportanceof
forgingcloserASEANcyberse-
curitycooperationintheareas
ofcyberpolicycoordination,
capacity-buildingandcyber
normsofresponsiblestate
behaviour.Atthe2ndAMCC
inSeptember2017,participants
agreedthatitwasimportantto
establishinternationalvolun-
tarycybernormsofresponsible
Statebehaviourasthefoun-
dationforarules-basedcyber-
space.Regionalplatformssuch
astheAMCCreflectSingapore
andtheregion’scommitment
toworktogether,toenhance
regionalcybersecuritydiscus-
sionsandcooperation.
Catalysing Practical Coopera-tionFinally,Singaporerecognises
thatdialogueandnormsmust
becomplementedbypractical
cooperation.Afterall,techni-
calcapabilities,resources,and
accesstoinformationaffecta
state’sabilitytorespondeffec-
tivelytocyberthreats.Practical
cooperationalsohonescapa-
bilities,andbuildsconfidence
amonglike-mindedpartners.
Theseinturncultivateanenvi-
ronmentofmutualtrustwith
oneanother.
Singaporehasleanedforward
tofacilitateregionalcyber
capacity-buildingeffortsand
confidencebuildingmeasures
(CBMs).Forexample,Singapore
launchedaS$10millionASEAN
CyberCapacityProgramme
(ACCP)todeveloptechnical,
policyandstrategybuilding
capabilitieswithinASEAN,and
withinternationalorganisa-
tionssuchastheUNOfficefor
18 OUR COMMON FUTURE: THE GLOBAL CONFERENCE ON CYBERSPACE JOURNAL
2For example, Singapore has agreed to provide sponsorship for the UNODA Flagship Online Training Course on the Use of ICTs in the Context of International Security.
DisarmamentAffairs(UNO-
DA).2Undertheauspicesofthe
ACCP,Singaporehaslaunched
initiativessuchastheASEAN
CyberNormsworkshop,and
announcedplansforanASEAN
CybersecurityIndustrial-At-
tachmentProgramme(CS-IAP),
whichwouldprovidepartic-
ipantswithtrainingonthe
operationsandmanagementof
SecurityOperationsCentres.
Takentogether,thecultiva-
tionofcapacity-buildingand
CBMseffectivelycomplement
ongoingdiscussionsoncyber
norms,tocreateamutually
reinforcing“virtuoustriangle”
thatalignstheinterestsof
states,andfostersgreatertrust
andcollaborationincyberspace.
The Way Forward in a Post-UNGGE WorldIhopeSingapore’sexperience
provesusefulinnavigating
apost-UNGGEworld.Itis
hearteningtonotetheinterest
acrossthevariousstakeholders
tosustaindiscussiononthe
adoptionofvoluntarycyber
norms.Regionalconferences
suchastheGCCSalsoplayan
importantroleintakingthe
conversationoncybernorms
forward.
AsSoutheastAsiacontin-
uesitsdigitaltransformation
journey,Singaporeremains
firmlypluggedintothisglobal
conversation.Togetherwith
ourregionalandinternational
partners,wewillcontinueour
effortstochampiontheadop-
tionofcybernorms–through
promotingmoredialogue,
developinginformalregional
norms,andcatalysingpractical
cooperation–tobuildasafe
andtrustworthycyberspacefor
all.7
19OBSERVER RESEARCH FOUNDATION
Backintheearlyyearsof
the17thcentury,when
DutchlawyerHugoGrotius
laidthefoundationsformod-
erninternationallaw,noone
couldhaveguessedthatone
day,itsscopewouldhavetobe
extendedintonew,exoticand
unimaginabledomains.After
startinginthenavalsphere,it
soonreachedtheskieswith
theadventoftheaeroplane.
Andnow,inour21stcentury,
itisenteringanewandelusive
dimension:cyberspace.
Theword‘cyberspace’itself
firstappearedin1984,inthe
cultclassicsciencefictionnovel
Neuromancer.Whenauthor
WilliamGibsoncoinedthe
term,hesaidsomethingwhich
stillringstruetoday:
“Cyberspace is not good or bad.Modern techniques are morally neutral – until we apply them.”
Indeed,inrecentyears,
cyberspacehasproventobe
apowerfulforceforgood.In
manycountriesaroundthe
world,cyberspacehasprovid-
edaninnovativeboostand
broughtimpressiveeconomic
growth.
Thedigitaleconomyaccounts
for7.7percentofthetotal
Dutcheconomy,anumber
whichisrapidlygrowing.The
digitalworldisnowmoreim-
portanttotheeconomythan
Amsterdam’sSchipholAirport
andthePortofRotterdam
combined!Bitsandbyteshave
cometooutweighBoeingsand
Cyberspace:AForceforGood,IfGovernedbytheRuleofLaw
Halbe Zijlstra, Minister of Foreign Affairs, The Netherlands
20 OUR COMMON FUTURE: THE GLOBAL CONFERENCE ON CYBERSPACE JOURNAL
boats.
Inothercountries,thedigital
economyisreachingsimilarlev-
elsofimportance.TakeIndia:
amajorcyberpowerwitha
well-deservedreputationfor
itsinnovative,world-beatingIT
sector.Here,thecybersector
contributesstronglytoIn-
dia’sstaggeringsevenpercent
growth.
But,aswitheverytechno-
logicalinnovation,thereisa
downside.
First,growingdigitaldepen-
dencycreatesnewvulnera-
bilitiesandrisks.Notonlyto
criminals,whopreyonour
citizensandcompanies.But
alsotohostilestates,whouse
cyberoperationsforespionage,
disinformationandmilitary
gain.
Second,thegainsofcyber-
spacearenotequallydistrib-
uted.With60percentofthe
worldpopulationstillhavingno
accesstotheinternet,thereis
ahugeglobalconnectivitygap.
Ifwewantcyberspaceto
remainaforceforgood,these
areissuesweneedtourgently
address.
Governmentscannotdothis
alone.Otherpartiesneedto
stepinaswell.Cyberspace
belongstoeveryoneandto
noone.Butultimately,weall
sharethesameinterests.
Thisiswhy,in2016,we
launchedtheGlobalCom-
missionontheStabilityof
Cyberspace,theonlyforum
wheregovernment,industry,
technologistsandcivilsociety
arejoiningforcestoreacha
commongoal:adigitalfuture
inwhichthefruitsofanopen,
freeandsecurecyberspaceare
thereforalltoenjoy.
Mostimportantly,atthe
GlobalConferenceonCyber
Space,wediscusswaysto
dealwiththevulnerabilities
andrisksImentionedearlier.
Challengesthatriskturning
cyberspaceintotheopposite
ofaforceforgood.Ajungle
bynight,wheremightmakes
right,andtheperpetrators
ofattackscannotbeheldto
account.
Preventingthisisinallour
interests.Andhere,thekeyto
successliesinclearrules,which
applytoeveryoneequally.
Thismaysoundhorriblycom-
plicated.Butthegoodnewsis
thatwedon’tneedtodevelop
anythingnew.Theserulesare
readilyavailable.
Webelieve,asdomanyoth-
ercountries,thattheexisting
bodyofinternationallaw,
whichhaslongunderpinnedre-
lationsbetweenstates,applies
equallyincyberspace.Andit
providesthebestguarantees
formaintaininganopen,free
andsecurecyberspace,where
humanrightsareprotected,
makingitauniversalforcefor
good.
Ofcourse,thequestionis,
howdoesinternationallaw
applytothisnewdimension?
Thisistheheartofthe
matter,anditissomething
thatmustbeactivelydebat-
edatconferenceslikethis.
Variousinitiativesinthisarea
havealreadybeenlaunched.
TheUnitedNations’Groupof
GovernmentalExpertspro-
cessmadeimportantheadway
withits2013and2015reports.
Indiahasplayedanimportant
andconstructiveroleinthis
process.Weshouldallbuild
ontheimportantprogressthat
Thegainsofcyberspacearenotequallydistributed.With60percentoftheworldpopulationstillhavingnoaccesstotheinternet,thereisahugeglobalconnectivitygap.
21OBSERVER RESEARCH FOUNDATION
hasbeenachieved.
TheTallinnManual2.0and
theHagueProcessareother
usefulexamples,providing
guidanceonhowtoapply
long-establishedlegalprinciples
inthecyberdomain,suchas
sovereignty,non-intervention,
duediligenceandstaterespon-
sibility.Butalsoonthelawap-
plicabletotheuseofforceand
internationalhumanitarianlaw.
And,mostimportantly,they
helpshedlightonthelegal
frameworksurroundingcyber
operationsthatdon’tmeetthe
thresholdofanarmedattack.
Take,forinstance,asituation
whereforeign(state-backed)
hackersmeddleinelections.Or
wheretheycompromisebank
accountsorcitizens’private
data.Orwhentheydisrupta
country’selectricitysupply.
Whatlegaloptionsdoesa
victimstatehavewithwhichto
respond?Manyofthesecyber
operationsareclearlymalicious.
Theymayevenrisetothelevel
ofaninternationallywrongful
act,butatthesametimefall
shortofwhatcanbedefinedas
anarmedattack.
Weneedtoresolvethese
questions.Andweneedtodo
sourgently.Becauseinrecent
years,tensionsandoutright
hostilityamongstateshasbeen
ontherise.Cyberincidents
haveoccurredwithincreasing
frequency.Inthemeantime,
themoodintheinternational
debateatUNlevelonstability
incyberspacehassoured–at
theverymomentweneedit
themost.
Forme,thisallservestoun-
derscoretheimportanceofthe
GCCSprocess.
Thatiswhyit’ssoimportant
thatthisconferenceworksto
movethediscussionforward.
Withallstakeholders:nation
states,thetechcommunity,
companies,non-governmental
organisationsandacademics,
andsoon.Together,underthe
ableleadershipofIndia–one
ofthekeyemergingeconomies
andgreatpowersofthe21st
century—wemustnowtake
thenextsteps.
Weareverygratefulfor
India’swillingnesstohostthis
year’seditionoftheGCCS,and
wefeelconfidentinpassing
thebaton.Indiaisuniquely
positionedtobroadenthe
GCCSagendatotakeinissues
regardingequitabledevelop-
mentanddigitalinclusion.Itis
worthrememberingthatnotall
countriesareatthesamelevel
ofeconomicdevelopment.And
thesameholdstrueinthedig-
italdomain.Inordertotackle
thedigitaldivide,wehaveset
uptheGlobalForumonCyber
Expertise(GFCE),investingin
capacity-buildingindeveloping
countries,thushelpingthem
keeptheinternetopenand
free.
Asco-chairs,theNetherlands
andIndiaarecollaboratingon
anagendainwhicheconomic
growth,digitalsecurityandon-
linefreedomgohandinhand;
Cyber4All,asthisyear’stheme
oftheGCCSaptlyputsit.With
manyofthenext500million
internetuserscomingfrom
India,itmakesperfectsensefor
Indiatotakethelead.
Let’sallworktogether
towardsourcommongoal:
asafeandsecurecyberspace
whereclearrulesapplytoall.
Acyberspacethatisgoverned
bytheinternationalruleof
law.Acyberspaceofwhichour
nationalhero,HugoGrotius,
wouldundoubtedlyapprove:a
universalforceforgood.7
Theexistingbodyofinternationallaw,whichhaslongunderpinnedrelationsbetweenstates,appliesequallyincyberspace.
22 OUR COMMON FUTURE: THE GLOBAL CONFERENCE ON CYBERSPACE JOURNAL
Wearelivinginarapidly
changingworld,where
technologicaladvancesand
digitalizationareoccurringat
anever-fasterpace.
Technologyiscreating
profoundchangesinser-
vicedelivery,triggeringnew
partnershipsandinnovations.
InIndia,forexample,informa-
tiontechnologyhasbeenused
successfullytoreachpoorer
sectionsofsocietybylinking
theirmobile-phoneservices
andgovernment-issuedIDsto
theirbankaccounts,sothat
governmentsubsidiescanbe
delivereddirectlytobeneficia-
ries.
TheInternationalCommit-
teeoftheRedCross(ICRC)
hasalsobeenaffectedbythis
globaldigitaltransformation,
whichhassignificantlyaltered
theenvironmentandmanner
inwhichweoperate.Thisshift
offersbothopportunitiesand
challengesintermsofhowwe
respondtoincreasinghumani-
tarianneeds.
First,improvedanalysisof
externaldataenablestheICRC
tobetteranticipate,under-
standandrespondtohuman-
itariancrises.Wecanachieve
thisthroughbig-dataanalytics
andevidence-basedanalysis
ofspecificsituationsormore
globaltrends.
Second,cyberspaceoffers
theICRCgreateropportunities
toengagedigitallywithpeo-
pleinneedandfacilitatesour
accessandresponsetothem.
Similarly,digitalconnectivity
withbeneficiariesandother
DevelopingaNewHumanitarianResponseintheAreaofCyberspace
Peter Maurer, President, International Committee of the Red Cross
23OBSERVER RESEARCH FOUNDATION
keystakeholders–including
partiestoarmedconflict–can
beextremelyusefulwhen
movementsarelimitedbythe
securitysituation,orsimplybe-
causepeopleprefertoengage
withtheICRCthisway.
Cyberspacealsoallowsben-
eficiariestobeinvolvedinthe
designofresponsestotheir
needs,methodstorecover
theirlivelihoodandwaysto
enhancethewell-beingoftheir
communities.Thisdirectinput
andfeedbackallowtheICRC
constantlytoadaptitsre-
sponsetotheprevailingneeds.
However,digitalproximity
willneverfullyreplaceour
presenceontheground.
Directcontactwithpeople
andcommunitiesiskeytohow
weoperateandisoftenthe
onlywaywecanrespondto
certainspecifichumanitarian
needs.Thisisallthemoretrue
inthecaseofthosewhodo
nothaveaccesstocyberspace
andsocouldbethemostvul-
nerableofall.
Third,theICRCisalways
lookingforopportunitiesto
usetechnologytoprovidenew
typesofservicesorimprove
existingservicesinresponseto
beneficiaries’changingneeds.
TheICRCispioneeringtheuse
ofcyberspaceinitsworkto
locateandreconnectpeople
separatedduringcrises.Asfar
backasthe2004tsunamiand,
morerecently,duringthe2015
Nepalearthquake,weoffered
survivorssatellitephonesand
aninternetplatformtohelp
themre-establishcontactwith
theirlovedones.Today,we
continuetoexplorehowto
harnessthepotentialofnew
technologytoimproveourhu-
manitarianresponseonbehalf
ofthoseinneed.
TheICRCalsorelieson
remote-sensingtechnologyin
itseffortstoprotectcivilians
fromtheeffectsofhostilities.
Forexample,aspartofour
workaroundMosul,Iraq,toxic
industrialchemicalinstallations
weremappedusingacombi-
nationofsatelliteimageryand
specializedinternetsearch
engines,amongother.Where
possible,wesubsequentlyused
thisinformationinourdialogue
withpartiestotheconflictsin
theareaontheobligationto
takeallfeasibleprecautionsto
protectthecivilianpopulation
fromtheeffectsofhostilities.
Protecting humanitarian dataDigitalizationhasalsoledto
atremendousincreaseinthe
numberanddiversityofICRC
data,andwearekeenlyaware
ofthevariousprivacyand
securityrisksthisentails.The
ICRC,likeallorganizations,
couldfallvictimtoacyber
attack–somethingthatcould
ultimatelyaffectthedeliveryof
humanitarianservices.Bene-
ficiariesmightunwittinglyex-
posethemselvestounwanted
consequenceswhentheyuse
insecuredigitalplatformsto
availofhumanitarianservices,
orifthedataisthenusedfor
otherpurposes.
TheICRCworkscontinuously
tostrengthenprotectionof
thedataitgeneratesorgath-
ers,inlinewiththeorganiza-
tion’srobustdata-protection
frameworkandstandards,and
conformingtothe“DoNo
DigitalHarm”maxim.Infact,
theICRCistakingtheleadin
thehumanitariancommunity
intermsofreflectiononthe
protectionofpersonaldata.
Cyberwarfare and international humanitarian law (IHL)TheICRC’srole,astheguard-
ianofIHL,istoreaffirmthe
protectionaffordedbythis
legalframeworkthatseeks
tolimittheeffectsofarmed
conflict.IHLprotectspeople
whoarenotorarenolonger
participatinginhostilitiesand
24 OUR COMMON FUTURE: THE GLOBAL CONFERENCE ON CYBERSPACE JOURNAL
restrictsthemeansandmeth-
odsofwarfare-includingdig-
ital-thatbelligerentscanuse.
Asinthecaseofanynewweap-
on,itgovernstheuseofcyber
militarycapabilities.Thereisno
legalvacuumincyberspace.
TheICRCunderstands“cyber
warfare”tomeanoperations
againstacomputer,oracom-
putersystem,throughadata
stream,whenusedasmeans
andmethodsofwarfareinthe
contextofanarmedconflict.
Inthisrespect,theICRCis
pleasedthatthe2013and2015
ReportsoftheUnitedNations
GroupofGovernmentalEx-
pertsonDevelopmentsinthe
FieldofInformationandTele-
communicationintheContext
ofInternationalSecuritycon-
firmedthat“internationallaw,
andinparticulartheCharterof
theUnitedNations,isapplica-
ble”andnoted“theestablished
internationallegalprinciples,
including,whereapplicable,the
principlesofhumanity,necessi-
ty,proportionalityanddistinc-
tion”.
Assertingthatcyberwarfare
mustrespecttherulesofIHLis
bynomeansanencouragement
tomilitarizecyberspace,nor
doesitlegitimizecyberwarfare.
AnyresorttoforcebyStates,
whetherphysicallyorviacyber
space,remainssubjecttothe
provisionsoftheUNCharter
(jusadbellum).Thekeypoint,
however,isthat–inaddition
to,andindependentlyof,the
requirementsundertheUN
Charter–thelimitsimposed
byIHLgovernandconstrain
anycyberoperationstowhich
Statesorotherpartiestoan
armedconflictmightresort.It
isthereforecrucialtoensure
that,likeanynewtechnology,
newcybertechnologiesthat
are,orcouldbedevelopedor
usedformilitarypurposesare
capableofbeingusedinaway
thatcomplieswithexistingIHL.
Thesedays,cybertechnology
impactsmostaspectsofcivilian
life.TheICRCisparticularly
concerned,therefore,about
thepotentiallydevastating
humanitarianconsequencesof
cyberattacksontransportation
systems,electricitynetworks
andessentialservicessuchas
watersupply,healthsystems,
damsornuclearplants.
InDecember2015,acyber
attacktargetedelectricity
networksinKyiv,Ukraine–a
countryinvolvedinanarmed
conflict.Sincethen,Ukraine
hassufferedvariousother
cyberattacks,includingonein
June2017,whichaffectedthe
Chernobylnuclear-powerplant.
Criminalcyberattacksin2017
(ransomware)havealsohigh-
lightedthevulnerabilityofthe
medicalsector.
Suchattacksheightencon-
cernsaboutthepotential
humancostofcyberoperations
andunderlinetheimportance
ofIHL’sprotectivefunctionasa
legal“firewall”incyberwarfare
tolimittheeffectsofcyber
operationsinanarmedconflict.
Accordingtotheprincipleof
distinction–oneofthecorner-
stonesofIHL–directlyattack-
ingcivilianinfrastructureis
prohibited.IHLaffordsspecial
protectiontoessentialcivilian
infrastructure,suchaswater
installations.Theprinciplesof
proportionalityandprecaution
affordadditionalprotectionto
civilians,evenwhenthetarget
isamilitaryobjective.Already
inpeacetime,allfeasiblemea-
suresmustbetakentoprotect
AssertingthatcyberwarfaremustrespecttherulesofIHLisbynomeansanencouragementtomilitarizecyberspace,nordoesitlegitimizecyberwarfare.
25OBSERVER RESEARCH FOUNDATION
thecivilianpopulationfrom
theeffectofhostilities.These
includesegregatingmilitary
andciviliancyberinfrastructure
andnetworks,takingmeasures
toguardagainstmalicious
softwareandmakingarrange-
mentstoensurevitalcomputer
systemscanbequicklyrestored
followingacyberattack.
However,thespecificcharac-
teristicsofcyberwarfarealso
raisechallengesintermsof
theapplicationofIHL.Firstly,
theanonymityofcyberspace
makesitdifficulttoidentifythe
perpetratorsofcyberattacks.
Furthermore,somefocusonly
onthephysicaldamagewhen
assessingthelegalityofacyber
operation.IntheICRC’sview,
sucharestrictiveunderstand-
ingofthenotionofattackas
somethingthatcausesonly
physicaldamageignoresthe
harmfuleffectsthatcanbe
causedbyrenderingsomething
dysfunctionalwithoutphysically
damagingit.Thiswouldmake
suchunderstandingincom-
patiblewiththeaimofIHLto
ensureprotectionofcivilians
andcivilianobjectsagainstthe
effectsofhostilities.Ifthesup-
plyofelectricitytothecivilian
populationisdisrupted,andif
essentialinfrastructuresuchas
medicalservicesisaffectedasa
resultandpatientsdieininten-
sive-careunits,itisirrelevant
whetherthedisruptiontothe
electricalnetworkwascaused
byagraphitebomboracyber
operation.Whiletheintercon-
nectivityofcyberspacemakes
distinguishingbetweenmilitary
andcivilianobjectsmorechal-
lenging,inmostcasesknock-
oneffectsareforeseeableand
mustthereforebetakeninto
accountwhenplanningorde-
cidinguponacyberoperation.
Today,cyberspaceisanin-
tegralpartofdailylifeinmost
partsoftheworld.Itbrings
enormousbenefitsbutalsopos-
esinherentrisksandthreats.
Wemustalladapttothisnew
reality,andtheICRC,forits
part,isconstantlyexploringthe
opportunitiesthatcyberspace
offerswhilebeingfullyawareof
thechallengesandrisksdigitali-
zationentails.TheICRCcontin-
uesalsotoremindallpartiesof
theimportanceofapplyingIHL
inarmedconflicttoprotect
civiliansfromtheeffectsofhos-
tilities,whethertheyarecyber
orkineticinnature.7
26 OUR COMMON FUTURE: THE GLOBAL CONFERENCE ON CYBERSPACE JOURNAL
Morethan30governments
haveacknowledged
thattheyhaveoffensivecyber
capabilities.However,unlike
withconventionalweapons,
cyberarsenalsareclandestine
andintangible.Theirsourceis
difficulttotrackandidentify.It
isthereforelikelythatthereal
numberisnotonlymuchhigh-
er,butwillgrowinthecoming
monthsandyears.Moreover,
becauseofthisambiguity,gov-
ernmentsaremorewillingto
deploytheseweapons–testing
capabilitieswithstrikes,while
tuningtheirstrategiesbehind
closeddoors.
The cyber arms race is clearly under way. However,theriskanddan-
gersofcyberweaponsarenot
wellunderstood.Thesetwois-
suestogether–theclandestine
natureandtheunpredictability
ofoffensiveonlineactivityare
creatingvulnerabilitiesata
scaleandspeedthatwehav-
en’tseenbefore.Howcanwe
managetheresultingrisk,risk
thatcanmanifestitselfboth
onlineandoffline?
International law applies to cyberspaceMicrosoftbelievesthatexisting
internationallawappliesto
cyberspace.Thisshouldhardly
beasurprise.Onlineactivi-
tiesinvolverealpeopleusing
tangibleobjectsthathavelong
beensubjecttovariouslegal
frameworks.However,ittook
governmentsalittlelongerto
cometothisconclusion.The
UnitedNationsalmosttwo
TheEvolutionofInternationalCollaborationandLawRelatedtoCyberspaceandSecurity
Kaja Ciglic, Director Cybersecurity Policy and Strategy
27OBSERVER RESEARCH FOUNDATION
decadesagosetupaworking
bodytoensureagreementis
reachedonhowtohandlethe
thenrelativenewfieldofin-
formationtechnology(IT),and
inparticulartheincreasingly
difficultquestionofcybersecu-
rity.Ittookawhile,butin2015
theUnitedNationsGroup
ofGovernmentalExpertson
DevelopmentsintheField
ofInformationandTelecom-
municationsintheContext
ofInternationalSecurity(UN
GGE)confirmedthatinterna-
tionallawappliestocyberspace
.Theconsensusreportwas
unanimouslyadoptedbythe20
countriesthatparticipatedin
theprocess,includingtheUSA,
China,Russia,France,andthe
UnitedKingdom.Thisposition
hasbeensubsequentlyreaf-
firmedinseveralstatements
byindividualgovernments,and
indeedbytheGroupof7(G7)
inearlyAprilofthisyear.
Significantly,thisstanceis
echoedinbilateralcybersecu-
ritydealsbetweenwhatIcall
“cybersuperpowers”.From
theSino-Russian,US-China,
US-IndiaandSino-Anglocy-
bersecurityagreementstothis
year’sChina-Australiacyberse-
curitycooperationagreement
,therearemanyandvaried
referencestotheUNGGE
andexpressionsofsupportfor
cybersecuritynorms.Regional
groupshavesimilarlyacknowl-
edgedtheapplicabilityof
internationallawtocyberspace,
includingtheASEANRegional
ForumandtheOrganization
ofAmericanStates.Bilateral
andregionalagreementsare
importantsteps,buttheydo
notaddresstheneedfora
strategicinternationalcyberse-
curityframework.
Today,therefore,theonly
waytoensurethatthebehav-
iorofstatesincyberspaceis
subjecttocertainrulesand
normsisthroughtherecogni-
tionofinternationallaw.The
challenge,fromourperspec-
tive,isnotabouttheapplicabil-
ityofinternationallawbutits
sufficiencyandimplementation
duringtimesofpeace.
Commitment to international law is not sufficient Despitewhatappearstobe
almostunanimousagreement,
itisprovingdifficulttotrav-
elfrombroadpositionsof
supporttoconcretecommit-
ments.TheUNGGEhasbeen
akeyandconstantpartofthis
journey,themainhighway,
whereotherforarepresented
minormotorways.Now,we
seemtohavehoweverhita
deadend.
Sowheredowegofrom
here?Wedohavetheadvan-
tageofstartingthiscomplicat-
edjourneywithanagreement
on11cybersecuritynorms
fromthe2015UNGGE.We
alsohaveseveralproposals,
includingthoseputforwardby
MicrosoftaspartoftheDigital
GenevaConvention,andeven
partialagreementswithinnar-
rowergroups,suchastheG7.
Butthesearebarelythefirst
coupleofstepsonalongroad.
Tomakesignificantprog-
ress,wehavetounmask
thefactthatunfortunately
thereislittlespecificityinthe
agreementsreachedsofar.
Thissituationallowsstatesto
continuetoactinviolationof
establishednorms,withoutthe
internationalcommunityhav-
inganyrecoursetorespond.
Forexample,international
Today,therefore,theonlywaytoensurethatthebehaviorofstatesincyberspaceissubjecttocertainrulesandnormsisthroughtherecognitionofinternationallaw.
28 OUR COMMON FUTURE: THE GLOBAL CONFERENCE ON CYBERSPACE JOURNAL
lawprohibitstheuseofforce
bystatesexceptinself-de-
fenseinresponsetoanarmed
attackandtheUNGGEnorms
callforstatestorefrainfrom
internationalmaliciousactivity.
Thequestionsarehowthese
statementsshouldapplytocy-
berspace,howconceptssuchas
maliciousactivityaredefined.
Thisiswheretheworksofar
fallsshort.Tomoveforward,
thesegapswillneedtobeiden-
tifiedandaddressed.Thework
oftheGlobalCommissionon
StabilityofCyberspacearound
whatconstitutescoreinternet
infrastructurecouldyieldim-
portantresultsinthisregard.
Moreover,thecurrentlistof
normsdoesnotfullyaddress
thecoredriversofinstability
incyberspace.Alimitedsetof
additionalcybersecuritynorms
inareaswhereexistingrulesare
eitherunclearormayfallshort
inprotectingciviliansincyber-
spaceneedtobedeveloped.
Thiscouldincludenormswhich
explicitlyarticulateprotections
forcivilians,eveniftheyare
implicitlycontainedelsewhere
ininternationallaw.Thedevel-
opmentofthesenormsshould
beinformednotjustbygovern-
ments,butalsobycivilsociety
andtheprivatesector.
Thirdinthisprocessisthe
actualimplementationofes-
tablishednorms,which–un-
derpinnedbythelegalopinions
ofexpertsinthistopic-would
leadtothedevelopmentof
customaryinternationallaw.
Inthisprocess,governments
neednotonlyadheretothe
normsthemselves,buthold
othernationstatesaccountable
–whetherthroughpunitive
actions,suchaseconomicsanc-
tionsorwordsofcondemna-
tion.Evenwherethereseems
sufficientevidence,statesoften
choosenottoact,inaneffort
tonotrockotherrelations.But
thatisseenbyothergovern-
mentsasanexamplethatsuch
behaviorispermissible.
Only then we reach the final step in this process - the development of a binding international agree-ment akin to a new or “Digital” Geneva Convention. Most experts agree that this final step is likely to take decades, something we have been very clear about when we launched our idea earlier this year.
Core principles to guide prog-ress towards a Digital Geneva Convention Sowhatdidweintroduceback
inFebruary?Wecalledonthe
worldtoacknowledgethatwe
liveinaworldthatisgrowing
moreinsecureeveryday.We
suddenlyfindourselvesliv-
inginaworldwherenothing
seemsofflimitstonation-state
attacks,online.Thereare
increasingrisksofgovernments
attemptingtoexploitoreven
weaponizesoftwaretoachieve
nationalsecurityobjectives,
andgovernmentalinvestments
incyberoffensearecontinu-
ingtogrow.Ourproposed
responsewasaDigitalGeneva
Convention,thatwouldcom-
mitgovernmentstoadoptand
implementnormsthathave
beendevelopedtoprotect
civiliansontheinternet,with-
outintroducingrestrictions
ononlinecontent.Justasthe
world’sgovernmentscame
togetherin1949toadoptthe
FourthGenevaConventionto
protectciviliansintimesofwar,
aDigitalGenevaConvention
wouldprotectcitizensonlinein
timesofpeace.
Moreover,weacknowledged
thatnosinglestepbyitselfwill
besufficienttoaddressthis
problem.Weencouragedthe
techsectortosteptogetherto
domore,givenitsuniquerole
astheinternet’sfirstrespond-
ersandcommitourselvesto
collectiveactionthatwillmake
theinternetasaferplace,
affirmingaroleasaneutral
DigitalSwitzerlandthatassists
29OBSERVER RESEARCH FOUNDATION
customerseverywhereand
retainstheworld’strust.We
alsocalledforgreateractionin
improvingthecurrentattribu-
tionefforts–acriticalchallenge
intheonlinespace.
However,asmentioned
above,whilethedirectionof
travelmightbeclear,westill
needtomapouttherouteto
gettherebecause,ashighlight-
edbefore,themainhighway
hasbeenwashedaway.Ibelieve
thatifweregroupasawid-
ercommunityofpoliticians,
diplomats,technologistsand
citizenswecanfindourway
tothenextstep.Notonlyare
therenumerousexistingfora
andgroupsthatcouldbelev-
eragedforthispurpose,there
isincreasingrecognitionthat
somethingneedstobedone,
andthatitneedstobedone
beforeacyberattackesca-
latesbeyondcontrol.Inother
words,somethingneedstobe
donenow.
However,wealsoneedto
beclearabouthowweareto
makethisjourney.Thereare
threemainprinciplesthatmust
berecognizedandadheredto
foranyefforttobesuccessful:
1)Wemusthaveanopen,
multi-stakeholder
processthatrepresents
governments,thetech
sector,civilsociety
NOW 2-5 years 5 years +
GLOBAL LAWS FOR CYBERSPACE
UNKNOWNS:•TECHNOLOGYCHANGES•EXISTENTIALCRISESORCONFLICTS
AGREETHATINTERNATIONALLAWAPPLIESTOCYBERSPACE
DEVELOPCONFIDENCEBUILDINGMEASURES
DEVELOPINTERNATIONALCYBERNORMS
IMPLEMENTINTERNATIONALCYBERNORMS
ALIGNDOMESTICLAWS
CREATECUSTOMERYINTERNATIONALLAW
BINDINGGOVERNMENTAGREEMENT
CREATIONOFANATTRIBUTIONORGANISATION?
30 OUR COMMON FUTURE: THE GLOBAL CONFERENCE ON CYBERSPACE JOURNAL
groupsandacademia;
2)Allpartsoftheworld
needtoberepresented
andactivelyinvolved,
fromnorthandsouth,
eastandwestandnot
justthe“usualsuspects”;
3)Theprocesscannotbe
lockedawayincommit-
teesthathidebehind
technicallanguage,it
mustbeopenandtrans-
parent,sothateveryone
dependingoncyberspace
canseewhatishappen-
ingandcanholdtheir
governments,thetech
sectorandothersto
account.
Ifweignorethesebasic
principlesandallowtheprocess
tofallbacktoclosed,narrow
groupsthentheworldwillstay
whereitcurrentlyis.Wemay
makeincremental,patchwork
progressbutitwillbefarslow-
erandmorelimitedthanthe
rapidevolutionofcyberspace
andtheattacksthattakeplace
withinit.
Microsofthasmadethe
caseforanewcommitmentto
theroleofinternationallaw
incyberspacebycallingfora
DigitalGenevaConvention.
Ourproposalrepresentsthe
endofthejourneyIdescribed
here.Therealquestioninour
mindsisthereforenothowfast
wecangettoanewConven-
tion,buthowquicklywecan
makemeaningfulprogress
onthepathoutlinedabove.
Waitingemboldensthestatus
quowhichmeansmoreattacks
onciviliansincyberspace–with
everincreasingconsequences,
effectivelymakingcyberspace
alawlessterritory.Wewon’t
gettheretomorrow.Whilethis
willbeajourneythroughmany
iterationsandstagingposts,
thedestinationofastableand
securecyberspacewillsurelybe
worththeeffort.7
31OBSERVER RESEARCH FOUNDATION
Inaprescientspeechatthe
2011MunichSecurityCon-ference,theUK’sthen-Foreign
SecretaryWilliamHaguecalled
foracollectiveresponseto
the“darkside”ofcyberspace.
Haguewanteda“compre-hensive,structureddialogue
tobegintobuildconsensus
amonglike-mindedcountriesto
laythebasisforagreementon
asetofstandardsonhowcoun-triesshouldactincyberspace.”
Hagueidentifiedseven,prin-ciplestoguideworkonnorms
andpledgedtohostaninter-nationalconference.TheGlobal
ConferenceonCyberspaceto
beheldinDelhi,isthefifthof
theseriesofinternationalcon-ferencesthatHaguebegan.
Withoneexception-the
2015ConferenceinDenHaag
-thesepreviousconferences
havefallenfarshortoftheorig-inalexpectations.Theystrayed
fromHague’soriginalideaof
bringinglike-mindedcoun-triestogethertogivenorms
“realpoliticalanddiplomatic
weight.”Theconferenceorga-nizers.Theagendastendedto
plowoldground,takinga“big
tent”approachthatencom-passedarangeofissuesrelated
insomewaytocyberspace.
Politicaltimidityguidedthese
earlierConferences.
TheGlobalConferencestook
placeagainstthebackdropof
theworkoftheUN’sGroup
ofGovernmentExperts(GGE).
UnlikemostGGEs,whereaca-demicexpertsexploreatopic,
these“CyberGGEs”werein
factproxynegotiations,with
FindingNewRulesfortheStabilityofCyberspace
James Lewis, Commissioner, Global Commission on the Stability of Cyberspace
Marina Kaljurand, Chair, Global Commission on the Stability of Cyberspace
32 OUR COMMON FUTURE: THE GLOBAL CONFERENCE ON CYBERSPACE JOURNAL
countriessendingdiplomats
ratherthanacademics.There
havebeenfiveGGEs.Thefirst
in2004failed,largelybecause
ofAmericanintransigence.The
last,in2017alsofailed,this
timebecauseofdeepdisputes
overinternationallaw.Butthe
threeGGEsinbetween2004
and2017succeededinreach-ingconsensusonnormsfor
responsiblestatebehaviorin
cyberspace.
AllthreeGGEsweredifficult
negotiations.The2010GGE
Reportlaidouttheinternation-alnegotiatingagenda:cooper-ationamongstatesonnorms,
CBMS,andcapacitybuilding.
The2013GGEReportreshaped
thepoliticallandscapeofcy-berspacewithitsconclusions
thatinternallaw,sovereignty,
andtheUNCharterapplied
incyberspace.Thisanchored
discussionfirmlyinthecontext
ofexistinginternationalrela-tions.Buildingonthis,the2015
Reportlaidoutasequenceof
normstoguidestatebehavior:
itsreportwasendorsedbythe
membersoftheUNGeneral
Assembly.The2013and2015
GGEsproviderecommenda-tionsonnormsthatcanpro-videthebasisforinternational
cooperationonresponsible
statebehavior.
RumoursoftheGGE’sde-misehavebeengreatlyexag-gerated,butwhetherthefail-uretoreachconsensusin2017
isonlyapauseinnegotiation
orwhethertheGGEprocess
willbereplacedbysomething
elseremainsanopenquestion.
Tobefair,theleadingcyber
powers-thosewhohavethe
capabilitiestoexercisepowerin
cyberspace-arenotreadyfor
agreement.Absentsometruly
pressingcrisis,progressto-wardsthegoalsHaguelaidout
willcontinuetobedesultory.
Onedevelopmentthat
complicatesdefiningthenext
stepisthatcybersecurityhas
gonefromaspecializedissue
toonethattouchesmany
socialandeconomicactivities.
AlltheGGE’sactedunderthe
auspicestheUN’sFirstCom-mittee,whichisresponsiblefor
disarmamentandinternational
security,butnowabroadrange
ofgovernmentalandnon-gov-ernmentbodiesareattracted
totheideaofdeveloping
norms.Thereismuchroomfor
manygroupstowork,ascyber-securitycoversabroadrangeof
issues,butthecoreissueofin-
ternationalsecuritywillremain
closelyheldbystates.Similarly,
normsthatdonotwinthe
acceptanceofpowerfulstates,
suchasthememberofthefive
permanentmembersoftheUN
SecurityCouncilortheG-20,
willnothaveusefuleffect.This
isahardtruthfrominterna-tionalpolitics,butthisexplains
whytheunfocusedeffortsof
theGlobalConferencesbefore
DenHaagmadelittleprogress.
The2015GCCSheldinthe
Netherlandswasanexcep-tionbecauseitcreatedformal
structuresoncapacitybuild-ing,informationsharing,and
ahigh-levelCommissionto
considerhowbesttomake
cyberspacemorestableand
secure.Theseongoingefforts
arevaluable,andtheGlobal
CommissionontheStability
ofCyberspace(GCSC)most
directlyaddressesthechal-lengesofbuildingstabilityin
cyberspace.
TheCommissionhasachal-lengetaskanditfacessomeof
theproblemsthatafflictthe
GCCSseries.TheCommission’s
twenty-sevenmembers,drawn
fromindustry,technicaland
Therearemanycontendingagendasincyberspaceandpowerfulvoicestoadvocatethem.
33OBSERVER RESEARCH FOUNDATION
civilsocietyhavevariedexper-tiseandnationalities.There
aremanydifferentnegotiating
culturesinthegroup.Internet
engineerswantprecisetechni-caldefinitions;businesspeople
wantsdetailedcontractswith
subparagraphsforallcontingen-cies.Diplomatsknowthevalue
ofambiguityingettingstates
toactuallyagree-detailscanbe
workedoutoncethereispolit-icalagreement,notbefore.But
allagreeontheseminalidea
behindtheGCSC,thatidentify-ingnormsforstateandprivate
sectorbehaviorcanincrease
stabilityandsecurity.
Therearemanycontending
agendasincyberspaceandpow-erfulvoicestoadvocatethem.
TheCommissionisanother
voiceanditfacessignificant
butsurmountableobstacles.
Thefirstisfindingthebalance
betweentheroleofthepublic
andprivatesectors.Thegravi-tationalpullofthemultistake-holdermodelthathasguided
internetgovernanceispowerful
andmanyadvocateusingitto
defineandimplementcyber-securitynorms.Thesecondis
decidingwhethermorenorms
areneededortheexistingin-ternationallawandtreatiesand
theGGEReportsareenough.
Thetemptationtopropose
additionalnormsisalsopower-ful.Thethirdishowtoscope
itsworkandwhethertofocus
oninternationalsecurityorto
bringinotherissues.
Inthenearterm,theGCSC
hasconsideredproposinga
normtoprotectthepublic
coreoftheinternet,aproposal
advancedatthe2017GGE.The
draftlanguagebeingdiscussed
is:
Statesshouldnotconductor
allowICTactivitywithintheir
territoriesthatwouldaffectthe
generalavailabilityofthecore
namingandforwardingfunc-tionsoftheinternet.
Whilethislanguagedidnot
meetwithuniversalagreement
amongGGEparticipantnations,
theGCSChasthefreedomto
recommenditoranamend-edversionofitforrenewed
considerationbyinternational
bodiesliketheG-20orothers.
Inthelongterm,theGCSC
couldusefullyconsiderhow
normscanbemademore
effective,theroleofattribution
inthis,andwhetheranorma-tivestructurerequiressome
kindofaformal,institutional
frameworkoraconvention.In
consideringalltheseissuesthe
GSCScanhelpredefinethe
relationshipofthemultistake-holdermodeltointernational
security.
TheGCSCoffersthebestthe
opportunitytofulfilHague’s
wishforacomprehensive,
structureddialoguetobuild
consensusandlaythebasisfor
agreementonnorms.Itcan
onlymakerecommendations
forotherstoactupon,butit
hasauniquestatusandwith
that,auniqueopportunityto
identifythepathforwardfor
stabilityincyberspace.7
34 OUR COMMON FUTURE: THE GLOBAL CONFERENCE ON CYBERSPACE JOURNAL
Nextyear,computer
networkswillbe50years
old.InAugust1968,Iwaslucky
tobepartofasmallgroupof
researchersandstudentsin
sunnyCaliforniawhostarted
tryingtoconnectcomputers
locatedindifferentphysical
locations.
Bytheendof1969,there
wasonerudimentarynetwork
linkingfourcomputersatfour
researchcentres:Universityof
California,LosAngeles(where
Iwasastudent);Stanford
ResearchInstitute;University
ofCalifornia,SantaBarbara;
andUniversityofUtahinSalt
LakeCity.Iofferedtoorgan-
iseourearlynotes.Whatwas
supposedtobeasimplechore
causedmeconsiderabletrepi-
dation.
Wewantedtoencourage
otherstochimein,butI
worriedwemightsoundas
thoughweweremakingofficial
decisionsorassertingauthori-
ty.TomakesurethatIdidnot
missanyinputsfrompeersor
seniorprofessors,Iwrotea
notewhichIlabelled“Request
forComments1”(RFC1),
leavingmanyquestionsunan-
swered.ThoughRFC1would
soonbecomeobsolete,the
RFCsthemselvestookrootand
flourished.Theybecame—and
stillare—theformalmethod
ofpublishinginternetprotocol
standards,andtoday,thereare
morethan8,000[RFCs],all
readilyavailableonline.
Overthepast20years,the
CyberspaceChallenges:PastandFuture
Stephen D. Crocker, Former Chairman of the Board, ICANN
35OBSERVER RESEARCH FOUNDATION
internethasdeliveredthe
powerofconnectivitythatwas
unimaginable50yearsago.
Morethan3.7billionpeople
areconnectedthroughthe
networkofnetworkswecall
the“internet,”withmorethan
$2.3trillionchanginghands
throughe-commerce.Access
tothetop-leveldomainofthe
internetisnowavailablein20
non-Latinscripts,something
Iampersonallyverypleased
about.Expansionofthe
networkisrapidlycontinuing
acrossdifferentoperatingsys-
temsanddevices,mostnotably
inthemobilesphere.
Alongwiththeexpansion
comesnewchallengesandop-
portunities.Ourchallenges50
yearsagowereverydifferent
fromthechallengesweface
today.Whereoncewegrap-
pledwiththeinitialchalleng-
esofconnectingcomputers
ofdiversemanufacture,we
nowworkwithamultitude
ofapplications,communities
andlanguages.And,ofcourse,
wealsohavetocontendwith
serioussecuritychallenges.
Thankfully,sustainablegover-
nancestructuresnowexistto
facilitatethespreadofnet-
worksacrosstheglobe.There
areforumsavailableforthose
whowishtoparticipateand
contributeinbuildingthe“in-
ternetofthefuture,”whether
inthetechnicalspaceorthe
policyspace,withtheInter-
netCorporationforAssigned
NamesandNumbers(ICANN)
andtheInternetEngineering
TaskForceasjusttwoexam-
ples.Weneedtocontinueto
worktogetherwitheachother
toaddressthesechallenges.
TheFifthGlobalConference
onCyberspace(GCCS),taking
placeinNewDelhi,offersthe
worldanimportantopportu-
nitytodojustthat.Thekey
themesforthisconference—
cybergrowth,cyberinclusion,
cybersecurityandcyber
diplomacy—arewherethe
discussionsneedtobe,where
weneedtocontinuetodevel-
opsolutions,forthebenefitof
humanity.
Sincetheconferencetakes
placeinIndia,Iamreminded
ofmyfirstvisittoBangalore
in1994.Iwasinvitedtogivea
talkattheIndianInstituteof
Science,andaspartofthevisit,
Iwasintroducedtoastudent
whohadbuiltafairlycomplex
softwaresystem.Impressed,I
askedwherehehadlearnedto
dosomuch.Hesimplysaid,“I
downloadedtheRFCsandread
them.”Thisisthepowerofthe
internet.Weneedtocontinue
todomore.
Inclosing,Iwishthehosts—
theGovernmentofIndia,and
theparticipantsattheGCCS
conference—everysuccess.I
lookforwardtoreadingthe
takeawaysfromthismeeting.7
Alongwiththeexpansioncomesnewchallengesandopportunities.Ourchallenges50yearsagowereverydifferentfromthechallengeswefacetoday.
36 OUR COMMON FUTURE: THE GLOBAL CONFERENCE ON CYBERSPACE JOURNAL