CONTENTScf.orfonline.org/wp-content/uploads/2017/11/GCCS-Journal.pdf · CONTENTS 1 Vision...

CONTENTS

1 VisionStatement-DigitalIdentity:TheBasisofGlobalDigitalArchitecture

forFuture 4

2 Editor’sNote-OurCommonFuture 8

3 Foreword-FromLondontoNewDelhi:BuildinganOpen,Secure

InternetforAll 10

4 ForaFreeandSecureGlobalInternet 12

5 ASoutheastAsianPerspectiveTowardsCyberNormsina

Post-UNGGEWorld 15

6 Cyberspace:AForceforGood,IfGovernedbytheRuleofLaw 19

7 DevelopingaNewHumanitarianResponseintheAreaofCyberspace 22

8 TheEvolutionofInternationalCollaboration&LawRelatedtoCyberspace

andSecurity 26

9 FindingNewRulesfortheStabilityofCyberspace 31

10 CyberspaceChallenges:PastandFuture 34

3OBSERVER RESEARCH FOUNDATION

I see technology as a means to empower and as a tool that bridges the distance between

hope and opportunity.

—ShriNarendraModi,HON.PRIMEMINISTEROFINDIA

4 OUR COMMON FUTURE: THE GLOBAL CONFERENCE ON CYBERSPACE JOURNAL

Theworldisincreasingly

becomingdigital.Internet-

anextraordinarycreationof

humanmindisnolongerthe

monopolyofafew.Today,it

isthemostimportanttoolof

communication,information

andiscreatingvastopportuni-

tiesforeconomicdevelopment

andinnovation.Ithasgiven

voicetothevoicelessalso.

Therefore,themankindhasa

vitalstakeinit.Internetbeing

globalphenomenonmusthave

linkageswiththelocal-local

ideasandlocalcultures.Our

viewisveryclearthatthedigi-

talworldmustleadtodevelop-

ment,empowermentandmost

importantlyinclusivegrowth.

Aboveall,itmustbesafeand

secure,becausewhileinternet

usherspromiseitalsocauses

perilsattimes.

Ontheonehand,digital

technologiesareallowingfor

unprecedentedeconomic

growthforusers,communi-

tiesandbusinessesacrossthe

spectrum.Ontheotherhand,

thesetechnologieshavefos-

teredthegrowthofmalicious

networksthatpresentareal

threattoourcontinuedenjoy-

mentofrightsinademocracy.

ThePrimeMinisterofIndiaShri

NarendraModihaseloquently

observedthatcyberwarisakin

tobloodlesswar.Itisinthis

connectionthatIndia’sinitia-

tivesofsafeandsecuredigital

identitywithextraordinary

Aadhaarprogrammebasedon

homegrownsafe,secureand

DigitalIdentity:TheBasisofGlobalDigitalArchitectureforFuture

Ravi Shankar Prasad, Minister of Electronics and Information Technology, Government of India

VISIONSTATEMENT


lowcosttechnologymerits

specialmention.Assuch,

nationshavehadtorespond

dynamicallytoadapttothose

changesbroughtaboutbythe

digitalworld,whetherthey

havetodowiththeeconomy,

nationalsecurityorverysim-

ply,thewaywecommunicate.

However,fewhavesucceeded

inremainingagileandcrafting

asustainabledigitaleconomy.

Thekeytocapturingthe

opportunityandmitigating

theriskbroughtaboutby

thedigitalrealmlieswith

theindividual:throughher

identity.Identityisacentral

componentofalltransactions

today.Withoutidentity,indi-

vidualsstruggleforasenseof

belonginginthecommunity,

economyorbroaderdemo-

craticpolity.Insomecases,a

senseofmisplacedidentitycan

evenfomentradicalizationand

extremism,especiallyindigital

spaces.Theimportanceofiden-

tityhasevenbeenhighlighted

intheUN’sSustainableDevel-

opmentGoals,whichcallfor

theprovisionofalegalidentity

foreveryoneby2030.Indiaas

anationwasquicktorecognize

thesignificanceofidentityas

apositivereinforcement,and,

thus,wentontocreatethe

mostsuccessfuldigitalidentity

intheworld–Aadhaar.

India’sjourneywithAadhaar

offersimportantevidenceon

howidentitycanhelpcata-

lyzethegrowthofthedigital

economy,formthebasisof

nationalsecurity,andhelpin

thedeliveryofsocialbene-

fits.Additionally,itoffersa

templateforacost-effective

digitalecosystemwhichother

countriescanemulate.Most

importantly,ithighlightsthe

centralityofidentitywithinthe

globaldigitalarchitectureof

thefuture.

Animportantdistinctionin

theAadhaarinitiativeledby

PrimeMinisterNarendraModi

isthatnowthereisarobust

lawdulypassedbythePar-

liamentwhichcreatesavery

salutaryprovisionofsafeand

securedigitalidentityprocess

andalsorespectsprivacyof

individuals.

The Identity-based Digital EconomyFewyearsago,Indiawasfaced

withaconundrum.Overhalf

itsconstituentshadnoway

ofprovingtheiridentity.This

precludedtheirparticipation

intheformaleconomy,asone

cannotopenabankaccount,

accesscreditsystems,or

acquireinsurancewithouta

personalidentificationdocu-

ment.Additionally,theinability

toidentifyhalfthepopulation

madethedeliveryofgovern-

mentservicesexceedingly

tricky.Aadhaarwasconceived

tosolvetheseissuesbycre-

atingauniquedigitalidentity

forindividualsbasedontheir

biometricdata.Today,itboasts

1.18billionenrolments,giv-

ingIndiathemostsignificant

digitalidentityfootprintinthe

world.

Farreachingtransforma-

tionalprogramslikeDigital

India,MakeInIndia,SkillIndia,

StartupIndiaarealltechnology

drivenprogramsfortransfor-

mationandempowermentof

ordinaryIndiansdesignedto

usheringreateraccesstoave-

nuesofdevelopment.Banking

theunbanked,securingthe

unsecured,fundingtheun-

funded,taxingtheuntaxedand

Thekeytocapturingtheopportunityandmitigatingtheriskbroughtaboutbythedigitalrealmlieswiththeindividual:throughheridentity.


givingvoicetotheunheardare

allbeingmadepossiblethrough

verifiabledigitalidentity.

Aadhaarunderpinsahost

ofinnovativeapplicationsthat

havetransformedtheworking

ofcommerceinthecountry.

ThefirstistheAadhaar-En-

abledPaymentSystem(AEPS),

whichallowscustomersaccess

totheirAadhaar-linkedbank

accountsthroughAadhar

authentication.TheAEPShas

broughtaboutfinancialempow-

ermentatthegrassrootslevel

throughthedeploymentof

micro-ATMs.Theserviceallows

fordeposits,cashwithdrawals,

andfundtransfers.Thesecond

istheAadhaarPayapplication

whichusesanindividual’sbio-

metricinformationtoauthorize

paymentstomerchants.

ThethirdistheIndiaStack,

anopenApplicationProgram-

mingInterfacefordevelopers

thatusesAadhaarasthebasis

forverification,ane-KYCdig-

itallockerforthesafedeposit

ofdocuments,hasane-sig-

naturefeature,andaUnified

PaymentsInterfaceforfinancial

transactions.IndiaStackmakes

auserbaseofover1billion

peopleavailabletostart-ups

andentrepreneurswhowishto

buildapplicationsontopofit

tointegratepartsoftheirbusi-

nessesorcreatenewservices

fromscratch.IndiaStackmakes

cashless,presence-less,and

paperlessservicedeliveryeco-

systempossible.Now,afruit

sellercanavailofanintra-day

loanandpayitbackthesame

daythroughhermobilephone

withouthavingtowastetime

byvisitingabank.

Intoday’sworld,dataisthe

mostvaluableresourceforan

economy.Aadhaarhascreated

anopportunityforIndiaandits

citizenstoutilizethisresource

toadvancethedomesticdigital

economyandgrowittoUSD

1trillionwithinthenextfive

years.

Using Identity to Fight TerrorismTerrorrequiresfinancingto

operate.Intheabsenceof

funding,equipment,supplies,

peopleandresourcescannot

bepurchasedorattracted.The

sourcesofcapitalmaybelegal

orillegal,withmoneybeing

transferredinsmallamounts

ratherthanlargelumpsums.

Terrorfinancingisaglobal

phenomenonthatthreatensa

state’ssecurityandeconomic

stability.

Theinternethasbeenanim-

portanttoolforterrorfinanc-

ing.Itoffersbothterrorgroups

andtheirdonorsbroadreach,

efficiency,andmostimpor-

tantly,anonymity.Withaccess

becomingeasiereveryday,the

internetisapowerfulweapon

foroutreach.Billionsofindi-

vidualsfloodsocialmediaand

otherpopularwebsites.These

channelsallowterrororgani-

zationstoeffectivelylaunder

money,raisefundsdirectly,

andrecruitnewmembers.

Additionally,terrorgroupsare

drawntotheinternetbecause

itoffersthemallowsthemto

avoiddetection.

Thisiswhereidentitycomes

in.Aadhaarsnatchesawaythe

anonymitythatsheltersevil

activities.ThelinkingofAadhar

tobankaccounts,Permanent

AccountNumbers(PAN),

andmobilephoneshasbeen

instrumentalinstemmingthe

tideofblackmoneyandterror

financinginthecountryasit

haslimitedtheabilityofindi-

vidualstolaundermoneyand

transferfundsforillicitactiv-

itiesthroughthesechannels.

Illustratively,over1millionfake

PANcardshavebeencancelled

asaresultofthelinkageof

AadhaarwithPANnumbers.

Additionally,becauseAadhaar

requirestheuseofbiometric

informationforauthentication

andregistration,itcannotbe


duplicated.Thus,itisimpos-

sibletocreateduplicitous

Aadhaarcards.

Identity-based Social WelfareCountriesspendbillionson

socialwelfareprograms,but

theseschemesaredifficultto

implementandplaguedwith

leakages.Onelimitationinthe

effectiveimplementationof

theseprogramsisthedearth

ofadequatefinancialinfrastruc-

turetofacilitatetransfersto

theintendedbeneficiaries.This

leakageoffundscanbeashigh

as70to85percent.Aniden-

tity-basedpaymentssystem

helpsovercomethisissuebyal-

lowinggovernmentstoidentify

beneficiariesandtransferwel-

faredirectlytotheiraccounts

correctly.

Inthisregard,theimplemen-

tationoftheAadhaar-based

DirectBenefitTransferscheme

hassavedtheexchequerINR

50,000croresoverthepast

threeyears.Aadhaarhasmade

thedeliveryofsocialwelfare

programsliketheNational

RuralEmploymentGuarantee

Scheme(NREGS)andSocial

SecurityPayments(SSP)more

efficientandtimely.Ration

cardsweretypicallyboundto

onePublicDistributionSys-

temoutlet,regardlessofhow

pooritsserviceswere.With

Aadhaar,rationcustomerscan

availoftheservicesofanyPDS

outlet.Illustratively,inAndhra

Pradesh’sKrishnadistrict,PDS

outletscannolongergivetheir

customersapoordeal,forfear

oflossofbusinesstobetter

qualityvendors.

The Future: An Identity-based Global Digital ArchitectureWithinashortperiod,the

implementationofAadhaarhas

propelledIndiatothecentreof

theglobaldigitalstory.Ithas

spurredthegrowthofIndia’s

digitaleconomy,fosteredfinan-

cialinclusionanddistributionof

socialwelfare,andsafeguarded

thecountryfromexternaland

internalthreats.Inthisregard,

Aadhaarhasrealisedmanyof

thegoalsidentifiedintheglob-

alcyberspaceconferencesincu-

batedbytheLondonprocess.

Aadhaarhasshownthat

genuineinnovationneednot

becomplicatedorexpensive.It

hasprovedthatgovernments

canprovidecost-effective,qual-

itydigitalinfrastructure.Lastly,

ithasestablishedtheprofound

importanceofidentitytothe

broaderglobaldigitalnarra-

tiveoftomorrow.Aroundthe

globe,4.4billionindividualsare

yettocomeonline.Aadhaar

hasshownthatgivingthema

digitalidentityisthefirststep

inthisregard.

Aadhaarisadata-driven

innovationthatservesasablue-

printforothernations.Several

countriessuchasMorocco,

Russia,Algeria,andTunisiaare

alreadycontemplatingIndia’s

modelfortheirown.Moreover,

internationalorganizationslike

theWorldBankarelookingto

useAadhaarasanarchetypeto

structuresimilarstrategiesin

otherpartsoftheworld.

Identitywillbethecorner-

stoneuponwhichtheglobal

digitalarchitectureofthefu-

tureisbuilt.Thesheerscaleof

digitaltransformationhappen-

inginIndia,touchingthelives

ofordinarypeopleinapopula-

tionofmorethan1.3billionis

goingtobeagreatbeaconfor

thedevelopingworld.India,

foritspart,willhelpseethis

throughbyguidingtherestof

theworldthroughthisjourney.

7


Foramediumconsideredto

haverevolutionisedcom-munications,itisironicthat

themanystrugglesaroundthe

governanceofcyberspacestem

fromalackofcommunication–

communicationamongstates,

betweenstatesandcitizens,

andbetweenthosethatcreate

technologyandthosethatcon-sumeit.Normativeprocesses

thatwilldeterminethefuture

ofcybergovernancehave

greatlybenefitedbybringing

togetheractorswhorepresent

diversegeographical,political,

economicandsocialrealities.

Oneofthemostimportant

amongtheseprocessesisthe

GlobalConferenceonCyber-space(GCCS).

ConceivedinLondonin2011,

theGCCSisthelargestgath-eringofallstakeholderson

cyberspaceissues.Ithasalready

managedtobringintothisfold

keyinterlocutorsfromgovern-ment,civilsociety,industryand

academia.Thefiftheditionof

theconference,convenedby

India,isasignificantlandmark

intheevolutionoftheLondon

Process.GCCS2017isthe

firsttimethatthegatheringis

hostedbyanon-OECDecon-omy.Thisveryfactleadstoan

opportunityfortheinternet

communitytoengagewitha

whollynewdemographicand

differentsetofissuesanimating

thenextbillioninternetusers.

ThatIndiahoststhisprocess

nowisamessageinitselfand

augurswellforgreaterdegree

ofpluralismintheagenda,

grammarandambitionsofthis

process.

Thisideaisreflectedinthe

fourmainpillarsforGCCS2017

–inclusion,growth,diplomacy

andsecurity.Thisvolumeof

essayscapturessomeofthe

OurCommonFuture

Samir Saran, Vice President, Observer Research Foundation

EDITOR’SNOTE


criticaldebatesontheseissues

fromforemostleaders,visionar-ies,foundersandyoungminds

intechnology,policyandgover-nance.Whilepreviouseditions

ofthisconferencehavebeen

designedashigh-levelstock-takingexercises,thisedition

hasthepotentialtogoastep

furtherandcreateanindepen-dentnorm-settinginitiative

ledbydiverseandemerging

economies.Theessaysinthis

volumeareintendedtoguide

thisendeavour.

Themultiplegoalsofpoli-cymaking--providingaccess,

securingthemediumand

spurringeconomicactivity—

arenolongermutuallyexclu-sive.Theseareallinterlinked

interests.Thereisperhapsno

betterexamplethatismore

illustrativeofthisphenomenon

thantheopportunitypresented

bydigitalpayments.Digitalpay-mentshaveimmensepotential

inpromotingfinancialinclusion

tothoseatthebottomofthe

pyramidandinbankingthe

unbanked.Itcanenablemicro

entrepreneurshipandserveas

thebackboneforservicesinthe

digitalage.Atthesametime,

digitaltransactionshavesome-timescomeundertheshadow

oftechnologicalvulnerabilities

andintheunsafepracticesof

userswhomakethem.Gov-ernmentstodayhavetojuggle

policyprioritiesthatareoften

atoddswitheachother--

providingaccesscannotignore

concernsaroundsecurityand

securingthemediumcannot

comeatthecostofstifling

innovation.Reconcilingthese

challengesinpursuitofone

goalisthedigitaltrilemmafor

cyberspacepolicymakerstoday.

Addressingthesechallenges

willrequirepolicymakingthat

isbothtechnologicallyand

sociallydynamic.Itwillrequire

normativeguidancethatistar-getedandyetinclusive.With

formalmultilateralprocesses

suchastheUNGroupofGov-ernmentalExpertsonDevel-opmentsintheFieldofInfor-mationandCommunication

Technologiesendinginalackof

consensusthisyear,initiatives

suchastheGCCSassumemore

importance.Theconference

canserveasaforumtomake

theglobaldiscoursearound

cyberspacemorerepresentative

andplural–thisyearwewill

witnesssomeofthenormative

conversationsbegunbybodies

liketheGlobalCommissionon

theStabilityofCyberspaceand

havetheseideasdeliberated

upon.

Theessaysinthisvolume,

coveringarangeoftopicsfrom

cyberconflicttodigitalconnec-tivity,aimtobringadiversity

ofinterestsandperspectiveson

tothesametable,inthehopes

thattheywillguidediscus-sionsforfuturegatheringsand

maybeevenanswersomeof

thelongcontestedissuesfor

policymakerstoday.

Asiaisnotonlyhometothe

largestnumberofinternet

usersintheworld,itisalso

poisedtoleadtheworldin

technology,innovationsand

regulatorypolicy-itisthere-foreonlyfittingthatGCCS

2017isbeingstewardedby

India.Theprocesswillbenefit

fromthedemocraticethosof

policyconversationsinIndia

andwillallowvoicesthathave

remainedonthesidelinesto

havetheirchancetoshapeour

commondigitalfuture.7

Themultiplegoalsofpolicymaking—providingaccess,securingthemediumandspurringeconomicactivity—arenolongermutuallyexclusive.


ON12MAY,hospitalsacrossBritainwerestruckbyaran-somwareattackknownasWannaCry.AsourNationalCyberSecurityCentre(NCSC)beganitsemergencyresponse,reportsofsimilarincidentsstartedcominginfromacrosstheworld.InSpain,telecomscompanieswerehit;inIndia,variouspoliceforcesfellvictim;inGermany,itwastransportandrailwaysthatsuffered;inRussiatheinteriorministrywasinfected.Itsoonbecameclearthatover100countrieshadfelttheeffectsofWannaCry,demonstratingtheglobalandindiscriminatenatureofthisthreat.HereinBritain,theNCSC’s

expertshelpedourNationalHealthServicetogetbacktonormal–althoughthesitua-

tionwouldhavebeenworseifhospitalstaffhadnotrevert-edtomanualsystems.WhiletheWannaCryattackwasnotthe‘CyberArmageddon’thatsomehavepredicted,thefactthatthisransomwarespreadlikewildfire–andruthlesslyexploitedoldandunpatchedsoftware–exposedthepolicyproblemscreatedbythiskindofthreat.Putsimply,bordersareirrelevantandnogovern-mentcanprotectitspeopleinisolation.“Cyber”isderivedfrom

kubernetes,theGreekwordfor“steersman”.Howshouldwesteerourselvesacrosstheunchartedwatersofthedigitalage?TheUKwasthefirsttohostthisconferencein2011,andoursharedaimmustbetoagreecommonprinciplesfor

FromLondontoNewDelhi:BuildinganOpen,SecureInternetforAll

BORISJOHNSONSecretary of State for Foreign and Commonwealth Affairs, United Kingdom

FOREWORD


behaviourwithinandbetweenstatesinthedigitalage.In-ternationallawappliesonlineasitdoesoffline–andsotooshouldtheconventionsthatguideourbehaviourinotheraspectsoflife.Tothisend,theUKisdevelopingaDigitalCharterwiththeaimofagree-inghowpeopleandbusinessesshouldbehaveonlineinordertocreateanenvironmentforsocietiesandeconomiestoflourish.Butthechallengesnev-

erstandstill.Allaroundus,newtrendsareevident,fromcyber-enabledinterferenceindemocraticelectionstothespreadofterroristpropagandaacrosstheinternet,evenasthegroupsthemselveslosecontrolofrealterritory.Meanwhile,criminalsmakeincreasinglysophisticatedattemptstosepa-rateordinarypeoplefromtheirmoney.Espionage,propagandaandtheftareasoldashuman-ity,buttodaytheyoccuronahugescale–andatlightning

speed–whencarriedintocyberspace.Hencethenecessityofcre-

atingasecureInternet,wherepeopleanddataareproperlyprotected.Thisdoesnotmeansacrificinghumanrightsforthesakeofsecurity–thetwocanandshouldgohand-in-hand.Itdoesmeanendingimpunityformaliciousactors,developingnetworksthataresecurebydefaultandensuringthatbasicprecautionsareuniversal.De-spiteepisodeslikeWannaCry,manyattackssucceedusingrelativelyprimitivetechniques.ThevastmajorityofincidentsreportedintheUKcouldbeavoidedwithsafeguardsaselementaryasinstallingnewsecuritypatches,orupdatingdefaultpasswords.Cyberspacealsochallenges

ourtraditionalideasofle-galjurisdiction.Dataabout

onecountry’scitizenscanbesubjecttothelawsofanoth-ersimplybecauseofwhereitisphysicallystored.ThoserepresentedatthisGlobalConferenceonCyberspacewillholddifferentviewsonhowtorespond:thatispreciselywhyweneedtotalk.Weareallstrongerwhen

weshareknowledge,improveourcooperationandinvestineachother’scapabilities.Inthisspirit,Iamdelightedthatthisyear’sconferencewillagreeaGlobalAgendaforCyberCa-pacityBuilding.Oneofthegreatestdebates

ofourtimeishowtocreateafree,openandsecurecyber-spaceforthebenefitofall.Youarethesteersmenchartingourwaythroughthisextraordinari-lycomplexlabyrinth–andIwishyoueverysuccess.7

Weareallstrongerwhenweshareknowledge,improveourcooperationandinvestineachother’scapabilities.


Theinternethasbeena

globalforceforhumande-

velopment,sincetheearlydays

ofitsinception.Ithasoffered

opportunitiestolearn,toreach

newmarkets,toinnovate.Ina

worldofgrowinginequalities,

accesstotheinternetisthe

keyformarginalisedcommuni-

tiesallovertheworldtogrow,

studyandconnect.

Yet,inrecenttimes,weare

allincreasinglyawareofthe

threatsrunningontheweb:

cyber-attackshavetoooften

madethenews;ourdefence

systemscannotignorethe

possibilityofcyber-warfare;and

toomanyofouryoungpeo-

plehavebeenexposedtothe

onlinepropagandaofterrorist

groups.

Cyberspaceisaglobal

common,andweallsharean

interesttokeepitsafe.Iam

convincedthatcyberspacecan

beatthesametimesafeand

open,andthattheopportu-

nitiesofglobalconnectivity

outnumberitsdangers,byfar.

Ifwewanttopreserveand

expandtheseopportunities,we

mustalsoinvestinthesecuri-

tyandthegovernanceofour

cyberspace.

Forthisreason,weEurope-

ansbelievethatinternational

cooperationmustbethemain

pathto“promoteafreeand

secureglobalinternet”–inthe

wordsofourGlobalStrategy

forforeignandsecuritypolicy,

whichIpresentedlastyear.The

EuropeanUnionisactivelycon-

tributingtothecapacityofour

internationalpartnerstofight

ForaFreeandSecureGlobalInternet

Federica Mogherini, High Representative of the European Union for foreign and security policy, and Vice-President of the European Commission


cybercrimeandaddresscyber

threats:wehavelaunched

globalcapacitybuildingpro-

grammestopromotetherule

oflawincyberspace,training

lawenforcementofficialsto

investigateandprosecute

cybercrime.WithourGlobal

Strategy,theEuropeanUnion

hascommittedtoengagingin

cyberdiplomacyandtoseek-

inginternationalagreements

onresponsiblebehaviourin

cyberspace,basedonexisting

internationallaw.Aglobal

frameworkoncybersecurityis

anintegralpartofourefforts

tobuildastrongerglobalgov-

ernance,andamorecoopera-

tiveworldorder.

Thisisaviewwesharewith

India:atlastmonth’sEU-India

SummitinNewDelhiwejoint-

lyreaffirmedthatinternational

lawisapplicableincyberspace,

andthatthereis“aneedto

continueanddeependeliber-

ationsontheapplicabilityof

internationallawtocyberspace

andsetnormsofresponsible

behaviourofStates.”

Whileweworkatbetter

globalcyber-rules,wemust

alsotackletheimmediate

cyber-threatsthatalreadyhave

animpactonourcitizens’lives.

Cyber-insecuritytranscends

nationalbordersbydefinition:

joiningforcesamongcountries

iscrucialtoeffectivelyaddress

thischallenge,andtheEuro-

peanUnion’sinstitutionsand

MemberStatesaresteppingup

cooperationinthisfield.

Toprotectourcyberspace,

weneedbettercapabilities,

moreresearch,moretraining

andexercisesonhowtore-

spondtoanattack.Inthelast

fewmonthswehavealready

setupanumberofnewinitia-

tivesandstructureswithafo-

cusoncyber-security.Lastyear

wesignedaJointDeclaration

forcooperationwithNATO:

outof42commonactionswe

haveagreedupon,sevencover

cyber-securityissues.Weinau-

guratedaEuropeanCentrefor

CounteringHybridThreatsin

Helsinki,undertheleadership

ofFinlandandotherMember

States.TheEuropeanDe-

fenceAgency,whichIlead,is

workingonaEuropeanCyber

DefenceTrainingandExercise

Platform.Andjusttwomonths

ago,theEuropeanCommis-

sionhasproposedtocreate

anEUCybersecurityAgency:

theAgencywouldsupportour

MemberStatestopreventand

reacttocyber-attacks,butalso

putinplaceanEU-widecerti-

ficationframeworktoensure

thatproductsandservicesare

cyber-secure.

Overthelastyear,the

EuropeanUnionhastakenun-

precedentedstepstoimprove

cooperationamongitsMem-

berStatesondefenceissues.

Manyoftheinitiativeswehave

launched–suchasthePerma-

nentStructuredCooperation

ondefence,theCoordinated

AnnualReviewofnationalde-

fencebudgets,andtheEuro-

peanDefenceFund–provide

uswithgreatopportunities

toresearchanddevelopnew

capabilitiesforcyber-security,

inamorecooperativeand

efficientmanner.

Wearealsogettingready

torespondtocyber-attacks

throughourforeignpolicy

tools,includingeconomic

sanctions.InJune2017,with

theEuropeanUnion’sministers

offoreignaffairs,wedecided

todevelopaso-calledCyber

Cyber-insecuritytranscendsnationalbordersbydefinition:joiningforcesamongcountriesiscrucialtoeffectivelyaddressthischallenge.


DiplomacyToolbox,thatis,a

blueprintforajointEUdiplo-

maticresponsetomalicious

cyberactivities.

Beyondtheriskofattacks

againstourcriticalinfrastruc-

tureandourdata,thereis

anothersecurityissuelinked

totheinternet,moresubtle,

whichwecannotignore.Ter-

roristgroupslikeDaeshhave

usedthewebtospreadtheir

lies,radicaliseandrecruitall

aroundtheworld,fromEurope

toSouthAsia.Theirpropagan-

daneedstobeconfrontedfirst

andforemostbytakingdown

theillegalcontentsfromthein-

ternet.Toaddresstheissueof

theaccessibilityofterroristma-

terials,theEuropeanCommis-

sionhasestablishedanInternet

ReferralUnitwithinEuropol,

theEuropeanagencyforpolice

cooperation.TheUnitactive-

lyscansforterroristcontent

onlineandthenrefersittothe

relevantinternetcompanies–

suchasGoogleorFacebook.In

justacoupleofyears,theUnit

hasalreadyreferredtensof

thousandsofpages.Andin90

percentofcases,theinternet

companieshaveremovedthe

material.

Ifwewantourinternettobe

trulysafe,whatisillegaloffline

mustalsobeillegalonline.At

thesametime,allthefreedoms

andtheinalienablerightsthat

we,astheEuropeanUnion,

cherishandprotectmustalso

beguaranteedontheinternet.

Inrecentyears,wehaveseen

toughpenaltiesagainstblog-

gers,lawstocriminaliselegit-

imatedissentonsocialmedia,

internetshutdowns.Wemust

callthingsbytheirname:these

areviolationsofhumanrights,

crimesagainstfreespeech.And

theEuropeanUnionwillalways

sidewiththevictims,working

toprotectthemandtorestore

theirfreedoms.

Thecyberspacecanonlybe

freeifitissecure,andcanonly

besecureifitisfree.Thisis

whatweEuropeansbelieve,

andthisisalsothespiritofthe

GlobalConferenceonCyber-

space.Weshareyourgoalof

“ASecureandInclusiveCyber-

spaceforSustainableDevelop-

ment”.Andwe,astheEurope-

anUnion,arereadytoengage

withallthosewhosharethis

goal–inourpartnercountries,

inthecivilsocietyandinthe

businesssector.Togetherwe

canfindinnovativeandcoop-

erativesolutionstomakethe

internetatrueforceforgood,

freeandsecureforallmankind.

7


The2016/2017United

NationsGroupofGovern-

mentalExperts(UNGGE)’sin-

abilitytoreachconsensuswas

asetback,butweshouldnot

letthisdeterourjointefforts

toimplementasetofinterna-

tionalcybernorms.Theworld

needsthesenormsmorethan

ever,givenhowdigitalisedand

connectedweare,andinre-

sponsetothecommonscourge

ofcyberthreats.Singapore

remainsdeeplycommittedto

suchefforts,andwillcontinue

toworkwithourregionaland

internationalpartnerstorealise

thissharedobjective.

Why Cyber Norms Matter to UsSingaporefullysupportsthe

developmentofinternational

cybernorms.Asasmallcity-

state,Singaporereliesonclear

“rulesoftheroad”thatapply

toallcountries,bigandsmall.

Wearealsooneoftheworld’s

mostconnectedcities;each

Singaporeanhasalmosttwo

handphonesonaverage,and

ournationalbroadbandinfra-

structureistheworld’sfastest1.

Whileourhighqualitydigital

infrastructurehascatalysedour

economyandimprovedour

qualityoflife,italsomakesus

vulnerabletocyber-attacks.

Singaporeisalsolocated

inthecentreofoneofthe

world’sfastestgrowingre-

gions,SoutheastAsia.South-

eastAsiahasapopulationof

morethan600millionpeople

–largerthantheEuropean

Union–andhasoneofthe

fastest-growingmiddleclasses

intheworld,withmorethan

200millionpeopleexpectedto

jointhemiddleclassby2020.

ASoutheastAsianPerspectiveTowardsCyberNormsinaPost-UNGGEWorld

Yaacob Ibrahim, Minister-in-charge of Cyber Security, Singapore


Thiseconomicanddemograph-

icdividendwillboostdemand

forgreaterconnectivityand

digitalisation,whichinturnwill

drivetheAssociationofSouth-

eastAsianNation(ASEAN)’s

digitaleconomy.Asafeand

trustworthycyberspaceisthus

anenablerandanimperative

forSoutheastAsia’seconomic

prosperity.

Therapidpaceofdigitalisa-

tioninSingapore’sdomestic

andregionalenvironments

makesitmoreessentialto

secureourcyberspace.After

all,cyber-attacksarenota

theoreticalthreat.Earlierthis

year,theITnetworksoftwo

universitiesinSingaporewere

foundtohavebeenbreached

byAdvancedPersistentThreat

actors,possiblytostealinfor-

mationrelatedtogovernment

orresearch.InearlyNovember

2017,regionalthreatactors

alsocompromisedthewebsites

ofASEANandothergovern-

mentagenciesinSoutheast

Asia.

Thesedevelopmentsunder-

scoretheneedforaconsis-

tentsetofrulesornormsfor

allstatesandstakeholdersin

cyberspace,soastobuildasafe

andtrustworthycyberspacefor

all.

Building on the Work of the UNGGE through Multiple, Complementary FrontsSingaporebelievesthatthe

UNmustcontinuetoplay

animportantroleinmoving

internationaldiscussionson

cybersecurityissuesforward.

Itisonlyatopenandinclusive

platformssuchastheUNthat

allstates,especiallysmallones

likeSingapore,canhavean

equalstakeandanopportunity

toshapetheglobaldiscourse

onarules-basedinternational

orderforcyberspace.

ThatiswhySingaporefully

supportstheworkoftheUN-

GGE,eventhoughwearenot

amember.TherecentUN-

GGEprocesshasshownthat

consensusacrossthebroad

internationalcommunitymay

bedifficulttoachieve,given

thediversecircumstances

betweencountriesandregions.

Butthisshouldnotholdus

back.Itremainsimportantto

buildontheUNGGEconsen-

susreportin2015–which

setout11voluntarynormsof

responsiblestatebehaviourin

cyberspace–throughinterna-

tionalandregionaldialogue,to

operationalisetheUNGGE’s

recommendations.

Singaporeandotherstates

must,therefore,strivetoraise

awarenessandapplicabilityof

theUNGGEnorms,through

regionalandinter-regional

conversationsthatcancomple-

menttheUNprocess.Group-

ingssuchastheOrganisation

ofAmericanStates,theEuro-

peanUnionandASEANplayan

importantroleincontributing

toabroad-basedconversation

oncybernorms.

Tothisend,Singaporeisplay-

inganactiveroleinSoutheast

Asiatomovetheconversation

oncybernormsforward.We

dosointhreeways:promot-

ingmoredialogue,developing

informalregionalnorms,and

catalysingpracticalcoopera-

tion.

Togetherwithourregionalandinternationalpartners,wewillcontinueoureffortstochampiontheadoptionofcybernorms–throughpromotingmoredialogue,developinginformalregionalnorms,andcatalysingpracticalcooperation–tobuildasafeandtrustworthycyberspaceforall.


Promoting More DialogueFirst,Singaporebelievesthat

dialogueisessentialtofocus

theattentionoftheinterna-

tionalcommunityonkeycyber

issues.

Tofacilitategreaterdialogue

amongseniorgovernment

officialsintheinternational

community,Singaporehosts

theannualSingaporeInterna-

tionalCyberWeek(SICW).

The2ndSICWwasheldin

September2017,andprovided

aplatformformorethan7,000

stakeholders,includingpoli-

cy-makers,industryexpertsand

non-governmentalorganisa-

tions,toforgepartnershipsand

engageincriticaldialogueon

salientissuesincybersecurity.

TheInternationalCyberLead-

ers’Symposium,forexample,

featuredarobustpaneldiscus-

sionbetweenthought-leaders

fromgovernmentandindustry

onthechallengesinimple-

mentingnormsofresponsible

cyberbehaviour.Itisthrough

suchdialoguethatwehave

abetterappreciationofeach

other’sperspectivesandchal-

lenges,andthusthebasisfor

developingeffectivenormsand

embarkingonpracticalcooper-

ation.

Developing Informal Regional Norms Second,Singaporehasalso

beenworkingwithourregional

partnerstodevelopandimple-

mentasetofinformalregional

cybernorms,whicharecon-

gruentwiththe2015UNGGE

norms.

Developingregionalnormsis

noeasyfeatinSoutheastAsia,

giventhedifferencesindigital

maturity,cybercapabilities,and

policychallenges.Nonetheless,

ASEAN’s50-yearhistoryofmu-

tualcooperationhasenabled

memberstatestoembracethe

taskofdevelopingcybernorms

withconfidenceandtrust.

Thatiswhycollaboration

betweenASEANmemberson

cyberissueshasbeenencourag-

ing.Forinstance,attheinaugu-

ralASEANMinisterialConfer-

enceonCybersecurity(AMCC)

hostedbySingaporeinOctober

2016,ASEANMinistersand

theASEANSecretary-General

agreedontheimportanceof

forgingcloserASEANcyberse-

curitycooperationintheareas

ofcyberpolicycoordination,

capacity-buildingandcyber

normsofresponsiblestate

behaviour.Atthe2ndAMCC

inSeptember2017,participants

agreedthatitwasimportantto

establishinternationalvolun-

tarycybernormsofresponsible

Statebehaviourasthefoun-

dationforarules-basedcyber-

space.Regionalplatformssuch

astheAMCCreflectSingapore

andtheregion’scommitment

toworktogether,toenhance

regionalcybersecuritydiscus-

sionsandcooperation.

Catalysing Practical Coopera-tionFinally,Singaporerecognises

thatdialogueandnormsmust

becomplementedbypractical

cooperation.Afterall,techni-

calcapabilities,resources,and

accesstoinformationaffecta

state’sabilitytorespondeffec-

tivelytocyberthreats.Practical

cooperationalsohonescapa-

bilities,andbuildsconfidence

amonglike-mindedpartners.

Theseinturncultivateanenvi-

ronmentofmutualtrustwith

oneanother.

Singaporehasleanedforward

tofacilitateregionalcyber

capacity-buildingeffortsand

confidencebuildingmeasures

(CBMs).Forexample,Singapore

launchedaS$10millionASEAN

CyberCapacityProgramme

(ACCP)todeveloptechnical,

policyandstrategybuilding

capabilitieswithinASEAN,and

withinternationalorganisa-

tionssuchastheUNOfficefor


2For example, Singapore has agreed to provide sponsorship for the UNODA Flagship Online Training Course on the Use of ICTs in the Context of International Security.

DisarmamentAffairs(UNO-

DA).2Undertheauspicesofthe

ACCP,Singaporehaslaunched

initiativessuchastheASEAN

CyberNormsworkshop,and

announcedplansforanASEAN

CybersecurityIndustrial-At-

tachmentProgramme(CS-IAP),

whichwouldprovidepartic-

ipantswithtrainingonthe

operationsandmanagementof

SecurityOperationsCentres.

Takentogether,thecultiva-

tionofcapacity-buildingand

CBMseffectivelycomplement

ongoingdiscussionsoncyber

norms,tocreateamutually

reinforcing“virtuoustriangle”

thatalignstheinterestsof

states,andfostersgreatertrust

andcollaborationincyberspace.

The Way Forward in a Post-UNGGE WorldIhopeSingapore’sexperience

provesusefulinnavigating

apost-UNGGEworld.Itis

hearteningtonotetheinterest

acrossthevariousstakeholders

tosustaindiscussiononthe

adoptionofvoluntarycyber

norms.Regionalconferences

suchastheGCCSalsoplayan

importantroleintakingthe

conversationoncybernorms

forward.

AsSoutheastAsiacontin-

uesitsdigitaltransformation

journey,Singaporeremains

firmlypluggedintothisglobal

conversation.Togetherwith

ourregionalandinternational

partners,wewillcontinueour

effortstochampiontheadop-

tionofcybernorms–through

promotingmoredialogue,

developinginformalregional

norms,andcatalysingpractical

cooperation–tobuildasafe

andtrustworthycyberspacefor

all.7


Backintheearlyyearsof

the17thcentury,when

DutchlawyerHugoGrotius

laidthefoundationsformod-

erninternationallaw,noone

couldhaveguessedthatone

day,itsscopewouldhavetobe

extendedintonew,exoticand

unimaginabledomains.After

startinginthenavalsphere,it

soonreachedtheskieswith

theadventoftheaeroplane.

Andnow,inour21stcentury,

itisenteringanewandelusive

dimension:cyberspace.

Theword‘cyberspace’itself

firstappearedin1984,inthe

cultclassicsciencefictionnovel

Neuromancer.Whenauthor

WilliamGibsoncoinedthe

term,hesaidsomethingwhich

stillringstruetoday:

“Cyberspace is not good or bad.Modern techniques are morally neutral – until we apply them.”

Indeed,inrecentyears,

cyberspacehasproventobe

apowerfulforceforgood.In

manycountriesaroundthe

world,cyberspacehasprovid-

edaninnovativeboostand

broughtimpressiveeconomic

growth.

Thedigitaleconomyaccounts

for7.7percentofthetotal

Dutcheconomy,anumber

whichisrapidlygrowing.The

digitalworldisnowmoreim-

portanttotheeconomythan

Amsterdam’sSchipholAirport

andthePortofRotterdam

combined!Bitsandbyteshave

cometooutweighBoeingsand

Cyberspace:AForceforGood,IfGovernedbytheRuleofLaw

Halbe Zijlstra, Minister of Foreign Affairs, The Netherlands


boats.

Inothercountries,thedigital

economyisreachingsimilarlev-

elsofimportance.TakeIndia:

amajorcyberpowerwitha

well-deservedreputationfor

itsinnovative,world-beatingIT

sector.Here,thecybersector

contributesstronglytoIn-

dia’sstaggeringsevenpercent

growth.

But,aswitheverytechno-

logicalinnovation,thereisa

downside.

First,growingdigitaldepen-

dencycreatesnewvulnera-

bilitiesandrisks.Notonlyto

criminals,whopreyonour

citizensandcompanies.But

alsotohostilestates,whouse

cyberoperationsforespionage,

disinformationandmilitary

gain.

Second,thegainsofcyber-

spacearenotequallydistrib-

uted.With60percentofthe

worldpopulationstillhavingno

accesstotheinternet,thereis

ahugeglobalconnectivitygap.

Ifwewantcyberspaceto

remainaforceforgood,these

areissuesweneedtourgently

address.

Governmentscannotdothis

alone.Otherpartiesneedto

stepinaswell.Cyberspace

belongstoeveryoneandto

noone.Butultimately,weall

sharethesameinterests.

Thisiswhy,in2016,we

launchedtheGlobalCom-

missionontheStabilityof

Cyberspace,theonlyforum

wheregovernment,industry,

technologistsandcivilsociety

arejoiningforcestoreacha

commongoal:adigitalfuture

inwhichthefruitsofanopen,

freeandsecurecyberspaceare

thereforalltoenjoy.

Mostimportantly,atthe

GlobalConferenceonCyber

Space,wediscusswaysto

dealwiththevulnerabilities

andrisksImentionedearlier.

Challengesthatriskturning

cyberspaceintotheopposite

ofaforceforgood.Ajungle

bynight,wheremightmakes

right,andtheperpetrators

ofattackscannotbeheldto

account.

Preventingthisisinallour

interests.Andhere,thekeyto

successliesinclearrules,which

applytoeveryoneequally.

Thismaysoundhorriblycom-

plicated.Butthegoodnewsis

thatwedon’tneedtodevelop

anythingnew.Theserulesare

readilyavailable.

Webelieve,asdomanyoth-

ercountries,thattheexisting

bodyofinternationallaw,

whichhaslongunderpinnedre-

lationsbetweenstates,applies

equallyincyberspace.Andit

providesthebestguarantees

formaintaininganopen,free

andsecurecyberspace,where

humanrightsareprotected,

makingitauniversalforcefor

good.

Ofcourse,thequestionis,

howdoesinternationallaw

applytothisnewdimension?

Thisistheheartofthe

matter,anditissomething

thatmustbeactivelydebat-

edatconferenceslikethis.

Variousinitiativesinthisarea

havealreadybeenlaunched.

TheUnitedNations’Groupof

GovernmentalExpertspro-

cessmadeimportantheadway

withits2013and2015reports.

Indiahasplayedanimportant

andconstructiveroleinthis

process.Weshouldallbuild

ontheimportantprogressthat

Thegainsofcyberspacearenotequallydistributed.With60percentoftheworldpopulationstillhavingnoaccesstotheinternet,thereisahugeglobalconnectivitygap.


hasbeenachieved.

TheTallinnManual2.0and

theHagueProcessareother

usefulexamples,providing

guidanceonhowtoapply

long-establishedlegalprinciples

inthecyberdomain,suchas

sovereignty,non-intervention,

duediligenceandstaterespon-

sibility.Butalsoonthelawap-

plicabletotheuseofforceand

internationalhumanitarianlaw.

And,mostimportantly,they

helpshedlightonthelegal

frameworksurroundingcyber

operationsthatdon’tmeetthe

thresholdofanarmedattack.

Take,forinstance,asituation

whereforeign(state-backed)

hackersmeddleinelections.Or

wheretheycompromisebank

accountsorcitizens’private

data.Orwhentheydisrupta

country’selectricitysupply.

Whatlegaloptionsdoesa

victimstatehavewithwhichto

respond?Manyofthesecyber

operationsareclearlymalicious.

Theymayevenrisetothelevel

ofaninternationallywrongful

act,butatthesametimefall

shortofwhatcanbedefinedas

anarmedattack.

Weneedtoresolvethese

questions.Andweneedtodo

sourgently.Becauseinrecent

years,tensionsandoutright

hostilityamongstateshasbeen

ontherise.Cyberincidents

haveoccurredwithincreasing

frequency.Inthemeantime,

themoodintheinternational

debateatUNlevelonstability

incyberspacehassoured–at

theverymomentweneedit

themost.

Forme,thisallservestoun-

derscoretheimportanceofthe

GCCSprocess.

Thatiswhyit’ssoimportant

thatthisconferenceworksto

movethediscussionforward.

Withallstakeholders:nation

states,thetechcommunity,

companies,non-governmental

organisationsandacademics,

andsoon.Together,underthe

ableleadershipofIndia–one

ofthekeyemergingeconomies

andgreatpowersofthe21st

century—wemustnowtake

thenextsteps.

Weareverygratefulfor

India’swillingnesstohostthis

year’seditionoftheGCCS,and

wefeelconfidentinpassing

thebaton.Indiaisuniquely

positionedtobroadenthe

GCCSagendatotakeinissues

regardingequitabledevelop-

mentanddigitalinclusion.Itis

worthrememberingthatnotall

countriesareatthesamelevel

ofeconomicdevelopment.And

thesameholdstrueinthedig-

italdomain.Inordertotackle

thedigitaldivide,wehaveset

uptheGlobalForumonCyber

Expertise(GFCE),investingin

capacity-buildingindeveloping

countries,thushelpingthem

keeptheinternetopenand

free.

Asco-chairs,theNetherlands

andIndiaarecollaboratingon

anagendainwhicheconomic

growth,digitalsecurityandon-

linefreedomgohandinhand;

Cyber4All,asthisyear’stheme

oftheGCCSaptlyputsit.With

manyofthenext500million

internetuserscomingfrom

India,itmakesperfectsensefor

Indiatotakethelead.

Let’sallworktogether

towardsourcommongoal:

asafeandsecurecyberspace

whereclearrulesapplytoall.

Acyberspacethatisgoverned

bytheinternationalruleof

law.Acyberspaceofwhichour

nationalhero,HugoGrotius,

wouldundoubtedlyapprove:a

universalforceforgood.7

Theexistingbodyofinternationallaw,whichhaslongunderpinnedrelationsbetweenstates,appliesequallyincyberspace.


Wearelivinginarapidly

changingworld,where

technologicaladvancesand

digitalizationareoccurringat

anever-fasterpace.

Technologyiscreating

profoundchangesinser-

vicedelivery,triggeringnew

partnershipsandinnovations.

InIndia,forexample,informa-

tiontechnologyhasbeenused

successfullytoreachpoorer

sectionsofsocietybylinking

theirmobile-phoneservices

andgovernment-issuedIDsto

theirbankaccounts,sothat

governmentsubsidiescanbe

delivereddirectlytobeneficia-

ries.

TheInternationalCommit-

teeoftheRedCross(ICRC)

hasalsobeenaffectedbythis

globaldigitaltransformation,

whichhassignificantlyaltered

theenvironmentandmanner

inwhichweoperate.Thisshift

offersbothopportunitiesand

challengesintermsofhowwe

respondtoincreasinghumani-

tarianneeds.

First,improvedanalysisof

externaldataenablestheICRC

tobetteranticipate,under-

standandrespondtohuman-

itariancrises.Wecanachieve

thisthroughbig-dataanalytics

andevidence-basedanalysis

ofspecificsituationsormore

globaltrends.

Second,cyberspaceoffers

theICRCgreateropportunities

toengagedigitallywithpeo-

pleinneedandfacilitatesour

accessandresponsetothem.

Similarly,digitalconnectivity

withbeneficiariesandother

DevelopingaNewHumanitarianResponseintheAreaofCyberspace

Peter Maurer, President, International Committee of the Red Cross


keystakeholders–including

partiestoarmedconflict–can

beextremelyusefulwhen

movementsarelimitedbythe

securitysituation,orsimplybe-

causepeopleprefertoengage

withtheICRCthisway.

Cyberspacealsoallowsben-

eficiariestobeinvolvedinthe

designofresponsestotheir

needs,methodstorecover

theirlivelihoodandwaysto

enhancethewell-beingoftheir

communities.Thisdirectinput

andfeedbackallowtheICRC

constantlytoadaptitsre-

sponsetotheprevailingneeds.

However,digitalproximity

willneverfullyreplaceour

presenceontheground.

Directcontactwithpeople

andcommunitiesiskeytohow

weoperateandisoftenthe

onlywaywecanrespondto

certainspecifichumanitarian

needs.Thisisallthemoretrue

inthecaseofthosewhodo

nothaveaccesstocyberspace

andsocouldbethemostvul-

nerableofall.

Third,theICRCisalways

lookingforopportunitiesto

usetechnologytoprovidenew

typesofservicesorimprove

existingservicesinresponseto

beneficiaries’changingneeds.

TheICRCispioneeringtheuse

ofcyberspaceinitsworkto

locateandreconnectpeople

separatedduringcrises.Asfar

backasthe2004tsunamiand,

morerecently,duringthe2015

Nepalearthquake,weoffered

survivorssatellitephonesand

aninternetplatformtohelp

themre-establishcontactwith

theirlovedones.Today,we

continuetoexplorehowto

harnessthepotentialofnew

technologytoimproveourhu-

manitarianresponseonbehalf

ofthoseinneed.

TheICRCalsorelieson

remote-sensingtechnologyin

itseffortstoprotectcivilians

fromtheeffectsofhostilities.

Forexample,aspartofour

workaroundMosul,Iraq,toxic

industrialchemicalinstallations

weremappedusingacombi-

nationofsatelliteimageryand

specializedinternetsearch

engines,amongother.Where

possible,wesubsequentlyused

thisinformationinourdialogue

withpartiestotheconflictsin

theareaontheobligationto

takeallfeasibleprecautionsto

protectthecivilianpopulation

fromtheeffectsofhostilities.

Protecting humanitarian dataDigitalizationhasalsoledto

atremendousincreaseinthe

numberanddiversityofICRC

data,andwearekeenlyaware

ofthevariousprivacyand

securityrisksthisentails.The

ICRC,likeallorganizations,

couldfallvictimtoacyber

attack–somethingthatcould

ultimatelyaffectthedeliveryof

humanitarianservices.Bene-

ficiariesmightunwittinglyex-

posethemselvestounwanted

consequenceswhentheyuse

insecuredigitalplatformsto

availofhumanitarianservices,

orifthedataisthenusedfor

otherpurposes.

TheICRCworkscontinuously

tostrengthenprotectionof

thedataitgeneratesorgath-

ers,inlinewiththeorganiza-

tion’srobustdata-protection

frameworkandstandards,and

conformingtothe“DoNo

DigitalHarm”maxim.Infact,

theICRCistakingtheleadin

thehumanitariancommunity

intermsofreflectiononthe

protectionofpersonaldata.

Cyberwarfare and international humanitarian law (IHL)TheICRC’srole,astheguard-

ianofIHL,istoreaffirmthe

protectionaffordedbythis

legalframeworkthatseeks

tolimittheeffectsofarmed

conflict.IHLprotectspeople

whoarenotorarenolonger

participatinginhostilitiesand


restrictsthemeansandmeth-

odsofwarfare-includingdig-

ital-thatbelligerentscanuse.

Asinthecaseofanynewweap-

on,itgovernstheuseofcyber

militarycapabilities.Thereisno

legalvacuumincyberspace.

TheICRCunderstands“cyber

warfare”tomeanoperations

againstacomputer,oracom-

putersystem,throughadata

stream,whenusedasmeans

andmethodsofwarfareinthe

contextofanarmedconflict.

Inthisrespect,theICRCis

pleasedthatthe2013and2015

ReportsoftheUnitedNations

GroupofGovernmentalEx-

pertsonDevelopmentsinthe

FieldofInformationandTele-

communicationintheContext

ofInternationalSecuritycon-

firmedthat“internationallaw,

andinparticulartheCharterof

theUnitedNations,isapplica-

ble”andnoted“theestablished

internationallegalprinciples,

including,whereapplicable,the

principlesofhumanity,necessi-

ty,proportionalityanddistinc-

tion”.

Assertingthatcyberwarfare

mustrespecttherulesofIHLis

bynomeansanencouragement

tomilitarizecyberspace,nor

doesitlegitimizecyberwarfare.

AnyresorttoforcebyStates,

whetherphysicallyorviacyber

space,remainssubjecttothe

provisionsoftheUNCharter

(jusadbellum).Thekeypoint,

however,isthat–inaddition

to,andindependentlyof,the

requirementsundertheUN

Charter–thelimitsimposed

byIHLgovernandconstrain

anycyberoperationstowhich

Statesorotherpartiestoan

armedconflictmightresort.It

isthereforecrucialtoensure

that,likeanynewtechnology,

newcybertechnologiesthat

are,orcouldbedevelopedor

usedformilitarypurposesare

capableofbeingusedinaway

thatcomplieswithexistingIHL.

Thesedays,cybertechnology

impactsmostaspectsofcivilian

life.TheICRCisparticularly

concerned,therefore,about

thepotentiallydevastating

humanitarianconsequencesof

cyberattacksontransportation

systems,electricitynetworks

andessentialservicessuchas

watersupply,healthsystems,

damsornuclearplants.

InDecember2015,acyber

attacktargetedelectricity

networksinKyiv,Ukraine–a

countryinvolvedinanarmed

conflict.Sincethen,Ukraine

hassufferedvariousother

cyberattacks,includingonein

June2017,whichaffectedthe

Chernobylnuclear-powerplant.

Criminalcyberattacksin2017

(ransomware)havealsohigh-

lightedthevulnerabilityofthe

medicalsector.

Suchattacksheightencon-

cernsaboutthepotential

humancostofcyberoperations

andunderlinetheimportance

ofIHL’sprotectivefunctionasa

legal“firewall”incyberwarfare

tolimittheeffectsofcyber

operationsinanarmedconflict.

Accordingtotheprincipleof

distinction–oneofthecorner-

stonesofIHL–directlyattack-

ingcivilianinfrastructureis

prohibited.IHLaffordsspecial

protectiontoessentialcivilian

infrastructure,suchaswater

installations.Theprinciplesof

proportionalityandprecaution

affordadditionalprotectionto

civilians,evenwhenthetarget

isamilitaryobjective.Already

inpeacetime,allfeasiblemea-

suresmustbetakentoprotect

AssertingthatcyberwarfaremustrespecttherulesofIHLisbynomeansanencouragementtomilitarizecyberspace,nordoesitlegitimizecyberwarfare.


thecivilianpopulationfrom

theeffectofhostilities.These

includesegregatingmilitary

andciviliancyberinfrastructure

andnetworks,takingmeasures

toguardagainstmalicious

softwareandmakingarrange-

mentstoensurevitalcomputer

systemscanbequicklyrestored

followingacyberattack.

However,thespecificcharac-

teristicsofcyberwarfarealso

raisechallengesintermsof

theapplicationofIHL.Firstly,

theanonymityofcyberspace

makesitdifficulttoidentifythe

perpetratorsofcyberattacks.

Furthermore,somefocusonly

onthephysicaldamagewhen

assessingthelegalityofacyber

operation.IntheICRC’sview,

sucharestrictiveunderstand-

ingofthenotionofattackas

somethingthatcausesonly

physicaldamageignoresthe

harmfuleffectsthatcanbe

causedbyrenderingsomething

dysfunctionalwithoutphysically

damagingit.Thiswouldmake

suchunderstandingincom-

patiblewiththeaimofIHLto

ensureprotectionofcivilians

andcivilianobjectsagainstthe

effectsofhostilities.Ifthesup-

plyofelectricitytothecivilian

populationisdisrupted,andif

essentialinfrastructuresuchas

medicalservicesisaffectedasa

resultandpatientsdieininten-

sive-careunits,itisirrelevant

whetherthedisruptiontothe

electricalnetworkwascaused

byagraphitebomboracyber

operation.Whiletheintercon-

nectivityofcyberspacemakes

distinguishingbetweenmilitary

andcivilianobjectsmorechal-

lenging,inmostcasesknock-

oneffectsareforeseeableand

mustthereforebetakeninto

accountwhenplanningorde-

cidinguponacyberoperation.

Today,cyberspaceisanin-

tegralpartofdailylifeinmost

partsoftheworld.Itbrings

enormousbenefitsbutalsopos-

esinherentrisksandthreats.

Wemustalladapttothisnew

reality,andtheICRC,forits

part,isconstantlyexploringthe

opportunitiesthatcyberspace

offerswhilebeingfullyawareof

thechallengesandrisksdigitali-

zationentails.TheICRCcontin-

uesalsotoremindallpartiesof

theimportanceofapplyingIHL

inarmedconflicttoprotect

civiliansfromtheeffectsofhos-

tilities,whethertheyarecyber

orkineticinnature.7


Morethan30governments

haveacknowledged

thattheyhaveoffensivecyber

capabilities.However,unlike

withconventionalweapons,

cyberarsenalsareclandestine

andintangible.Theirsourceis

difficulttotrackandidentify.It

isthereforelikelythatthereal

numberisnotonlymuchhigh-

er,butwillgrowinthecoming

monthsandyears.Moreover,

becauseofthisambiguity,gov-

ernmentsaremorewillingto

deploytheseweapons–testing

capabilitieswithstrikes,while

tuningtheirstrategiesbehind

closeddoors.

The cyber arms race is clearly under way. However,theriskanddan-

gersofcyberweaponsarenot

wellunderstood.Thesetwois-

suestogether–theclandestine

natureandtheunpredictability

ofoffensiveonlineactivityare

creatingvulnerabilitiesata

scaleandspeedthatwehav-

en’tseenbefore.Howcanwe

managetheresultingrisk,risk

thatcanmanifestitselfboth

onlineandoffline?

International law applies to cyberspaceMicrosoftbelievesthatexisting

internationallawappliesto

cyberspace.Thisshouldhardly

beasurprise.Onlineactivi-

tiesinvolverealpeopleusing

tangibleobjectsthathavelong

beensubjecttovariouslegal

frameworks.However,ittook

governmentsalittlelongerto

cometothisconclusion.The

UnitedNationsalmosttwo

TheEvolutionofInternationalCollaborationandLawRelatedtoCyberspaceandSecurity

Kaja Ciglic, Director Cybersecurity Policy and Strategy


decadesagosetupaworking

bodytoensureagreementis

reachedonhowtohandlethe

thenrelativenewfieldofin-

formationtechnology(IT),and

inparticulartheincreasingly

difficultquestionofcybersecu-

rity.Ittookawhile,butin2015

theUnitedNationsGroup

ofGovernmentalExpertson

DevelopmentsintheField

ofInformationandTelecom-

municationsintheContext

ofInternationalSecurity(UN

GGE)confirmedthatinterna-

tionallawappliestocyberspace

.Theconsensusreportwas

unanimouslyadoptedbythe20

countriesthatparticipatedin

theprocess,includingtheUSA,

China,Russia,France,andthe

UnitedKingdom.Thisposition

hasbeensubsequentlyreaf-

firmedinseveralstatements

byindividualgovernments,and

indeedbytheGroupof7(G7)

inearlyAprilofthisyear.

Significantly,thisstanceis

echoedinbilateralcybersecu-

ritydealsbetweenwhatIcall

“cybersuperpowers”.From

theSino-Russian,US-China,

US-IndiaandSino-Anglocy-

bersecurityagreementstothis

year’sChina-Australiacyberse-

curitycooperationagreement

,therearemanyandvaried

referencestotheUNGGE

andexpressionsofsupportfor

cybersecuritynorms.Regional

groupshavesimilarlyacknowl-

edgedtheapplicabilityof

internationallawtocyberspace,

includingtheASEANRegional

ForumandtheOrganization

ofAmericanStates.Bilateral

andregionalagreementsare

importantsteps,buttheydo

notaddresstheneedfora

strategicinternationalcyberse-

curityframework.

Today,therefore,theonly

waytoensurethatthebehav-

iorofstatesincyberspaceis

subjecttocertainrulesand

normsisthroughtherecogni-

tionofinternationallaw.The

challenge,fromourperspec-

tive,isnotabouttheapplicabil-

ityofinternationallawbutits

sufficiencyandimplementation

duringtimesofpeace.

Commitment to international law is not sufficient Despitewhatappearstobe

almostunanimousagreement,

itisprovingdifficulttotrav-

elfrombroadpositionsof

supporttoconcretecommit-

ments.TheUNGGEhasbeen

akeyandconstantpartofthis

journey,themainhighway,

whereotherforarepresented

minormotorways.Now,we

seemtohavehoweverhita

deadend.

Sowheredowegofrom

here?Wedohavetheadvan-

tageofstartingthiscomplicat-

edjourneywithanagreement

on11cybersecuritynorms

fromthe2015UNGGE.We

alsohaveseveralproposals,

includingthoseputforwardby

MicrosoftaspartoftheDigital

GenevaConvention,andeven

partialagreementswithinnar-

rowergroups,suchastheG7.

Butthesearebarelythefirst

coupleofstepsonalongroad.

Tomakesignificantprog-

ress,wehavetounmask

thefactthatunfortunately

thereislittlespecificityinthe

agreementsreachedsofar.

Thissituationallowsstatesto

continuetoactinviolationof

establishednorms,withoutthe

internationalcommunityhav-

inganyrecoursetorespond.

Forexample,international

Today,therefore,theonlywaytoensurethatthebehaviorofstatesincyberspaceissubjecttocertainrulesandnormsisthroughtherecognitionofinternationallaw.


lawprohibitstheuseofforce

bystatesexceptinself-de-

fenseinresponsetoanarmed

attackandtheUNGGEnorms

callforstatestorefrainfrom

internationalmaliciousactivity.

Thequestionsarehowthese

statementsshouldapplytocy-

berspace,howconceptssuchas

maliciousactivityaredefined.

Thisiswheretheworksofar

fallsshort.Tomoveforward,

thesegapswillneedtobeiden-

tifiedandaddressed.Thework

oftheGlobalCommissionon

StabilityofCyberspacearound

whatconstitutescoreinternet

infrastructurecouldyieldim-

portantresultsinthisregard.

Moreover,thecurrentlistof

normsdoesnotfullyaddress

thecoredriversofinstability

incyberspace.Alimitedsetof

additionalcybersecuritynorms

inareaswhereexistingrulesare

eitherunclearormayfallshort

inprotectingciviliansincyber-

spaceneedtobedeveloped.

Thiscouldincludenormswhich

explicitlyarticulateprotections

forcivilians,eveniftheyare

implicitlycontainedelsewhere

ininternationallaw.Thedevel-

opmentofthesenormsshould

beinformednotjustbygovern-

ments,butalsobycivilsociety

andtheprivatesector.

Thirdinthisprocessisthe

actualimplementationofes-

tablishednorms,which–un-

derpinnedbythelegalopinions

ofexpertsinthistopic-would

leadtothedevelopmentof

customaryinternationallaw.

Inthisprocess,governments

neednotonlyadheretothe

normsthemselves,buthold

othernationstatesaccountable

–whetherthroughpunitive

actions,suchaseconomicsanc-

tionsorwordsofcondemna-

tion.Evenwherethereseems

sufficientevidence,statesoften

choosenottoact,inaneffort

tonotrockotherrelations.But

thatisseenbyothergovern-

mentsasanexamplethatsuch

behaviorispermissible.

Only then we reach the final step in this process - the development of a binding international agree-ment akin to a new or “Digital” Geneva Convention. Most experts agree that this final step is likely to take decades, something we have been very clear about when we launched our idea earlier this year.

Core principles to guide prog-ress towards a Digital Geneva Convention Sowhatdidweintroduceback

inFebruary?Wecalledonthe

worldtoacknowledgethatwe

liveinaworldthatisgrowing

moreinsecureeveryday.We

suddenlyfindourselvesliv-

inginaworldwherenothing

seemsofflimitstonation-state

attacks,online.Thereare

increasingrisksofgovernments

attemptingtoexploitoreven

weaponizesoftwaretoachieve

nationalsecurityobjectives,

andgovernmentalinvestments

incyberoffensearecontinu-

ingtogrow.Ourproposed

responsewasaDigitalGeneva

Convention,thatwouldcom-

mitgovernmentstoadoptand

implementnormsthathave

beendevelopedtoprotect

civiliansontheinternet,with-

outintroducingrestrictions

ononlinecontent.Justasthe

world’sgovernmentscame

togetherin1949toadoptthe

FourthGenevaConventionto

protectciviliansintimesofwar,

aDigitalGenevaConvention

wouldprotectcitizensonlinein

timesofpeace.

Moreover,weacknowledged

thatnosinglestepbyitselfwill

besufficienttoaddressthis

problem.Weencouragedthe

techsectortosteptogetherto

domore,givenitsuniquerole

astheinternet’sfirstrespond-

ersandcommitourselvesto

collectiveactionthatwillmake

theinternetasaferplace,

affirmingaroleasaneutral

DigitalSwitzerlandthatassists


customerseverywhereand

retainstheworld’strust.We

alsocalledforgreateractionin

improvingthecurrentattribu-

tionefforts–acriticalchallenge

intheonlinespace.

However,asmentioned

above,whilethedirectionof

travelmightbeclear,westill

needtomapouttherouteto

gettherebecause,ashighlight-

edbefore,themainhighway

hasbeenwashedaway.Ibelieve

thatifweregroupasawid-

ercommunityofpoliticians,

diplomats,technologistsand

citizenswecanfindourway

tothenextstep.Notonlyare

therenumerousexistingfora

andgroupsthatcouldbelev-

eragedforthispurpose,there

isincreasingrecognitionthat

somethingneedstobedone,

andthatitneedstobedone

beforeacyberattackesca-

latesbeyondcontrol.Inother

words,somethingneedstobe

donenow.

However,wealsoneedto

beclearabouthowweareto

makethisjourney.Thereare

threemainprinciplesthatmust

berecognizedandadheredto

foranyefforttobesuccessful:

1)Wemusthaveanopen,

multi-stakeholder

processthatrepresents

governments,thetech

sector,civilsociety

NOW 2-5 years 5 years +

GLOBAL LAWS FOR CYBERSPACE

UNKNOWNS:•TECHNOLOGYCHANGES•EXISTENTIALCRISESORCONFLICTS

AGREETHATINTERNATIONALLAWAPPLIESTOCYBERSPACE

DEVELOPCONFIDENCEBUILDINGMEASURES

DEVELOPINTERNATIONALCYBERNORMS

IMPLEMENTINTERNATIONALCYBERNORMS

ALIGNDOMESTICLAWS

CREATECUSTOMERYINTERNATIONALLAW

BINDINGGOVERNMENTAGREEMENT

CREATIONOFANATTRIBUTIONORGANISATION?


groupsandacademia;

2)Allpartsoftheworld

needtoberepresented

andactivelyinvolved,

fromnorthandsouth,

eastandwestandnot

justthe“usualsuspects”;

3)Theprocesscannotbe

lockedawayincommit-

teesthathidebehind

technicallanguage,it

mustbeopenandtrans-

parent,sothateveryone

dependingoncyberspace

canseewhatishappen-

ingandcanholdtheir

governments,thetech

sectorandothersto

account.

Ifweignorethesebasic

principlesandallowtheprocess

tofallbacktoclosed,narrow

groupsthentheworldwillstay

whereitcurrentlyis.Wemay

makeincremental,patchwork

progressbutitwillbefarslow-

erandmorelimitedthanthe

rapidevolutionofcyberspace

andtheattacksthattakeplace

withinit.

Microsofthasmadethe

caseforanewcommitmentto

theroleofinternationallaw

incyberspacebycallingfora

DigitalGenevaConvention.

Ourproposalrepresentsthe

endofthejourneyIdescribed

here.Therealquestioninour

mindsisthereforenothowfast

wecangettoanewConven-

tion,buthowquicklywecan

makemeaningfulprogress

onthepathoutlinedabove.

Waitingemboldensthestatus

quowhichmeansmoreattacks

onciviliansincyberspace–with

everincreasingconsequences,

effectivelymakingcyberspace

alawlessterritory.Wewon’t

gettheretomorrow.Whilethis

willbeajourneythroughmany

iterationsandstagingposts,

thedestinationofastableand

securecyberspacewillsurelybe

worththeeffort.7


Inaprescientspeechatthe

2011MunichSecurityCon-ference,theUK’sthen-Foreign

SecretaryWilliamHaguecalled

foracollectiveresponseto

the“darkside”ofcyberspace.

Haguewanteda“compre-hensive,structureddialogue

tobegintobuildconsensus

amonglike-mindedcountriesto

laythebasisforagreementon

asetofstandardsonhowcoun-triesshouldactincyberspace.”

Hagueidentifiedseven,prin-ciplestoguideworkonnorms

andpledgedtohostaninter-nationalconference.TheGlobal

ConferenceonCyberspaceto

beheldinDelhi,isthefifthof

theseriesofinternationalcon-ferencesthatHaguebegan.

Withoneexception-the

2015ConferenceinDenHaag

-thesepreviousconferences

havefallenfarshortoftheorig-inalexpectations.Theystrayed

fromHague’soriginalideaof

bringinglike-mindedcoun-triestogethertogivenorms

“realpoliticalanddiplomatic

weight.”Theconferenceorga-nizers.Theagendastendedto

plowoldground,takinga“big

tent”approachthatencom-passedarangeofissuesrelated

insomewaytocyberspace.

Politicaltimidityguidedthese

earlierConferences.

TheGlobalConferencestook

placeagainstthebackdropof

theworkoftheUN’sGroup

ofGovernmentExperts(GGE).

UnlikemostGGEs,whereaca-demicexpertsexploreatopic,

these“CyberGGEs”werein

factproxynegotiations,with

FindingNewRulesfortheStabilityofCyberspace

James Lewis, Commissioner, Global Commission on the Stability of Cyberspace

Marina Kaljurand, Chair, Global Commission on the Stability of Cyberspace


countriessendingdiplomats

ratherthanacademics.There

havebeenfiveGGEs.Thefirst

in2004failed,largelybecause

ofAmericanintransigence.The

last,in2017alsofailed,this

timebecauseofdeepdisputes

overinternationallaw.Butthe

threeGGEsinbetween2004

and2017succeededinreach-ingconsensusonnormsfor

responsiblestatebehaviorin

cyberspace.

AllthreeGGEsweredifficult

negotiations.The2010GGE

Reportlaidouttheinternation-alnegotiatingagenda:cooper-ationamongstatesonnorms,

CBMS,andcapacitybuilding.

The2013GGEReportreshaped

thepoliticallandscapeofcy-berspacewithitsconclusions

thatinternallaw,sovereignty,

andtheUNCharterapplied

incyberspace.Thisanchored

discussionfirmlyinthecontext

ofexistinginternationalrela-tions.Buildingonthis,the2015

Reportlaidoutasequenceof

normstoguidestatebehavior:

itsreportwasendorsedbythe

membersoftheUNGeneral

Assembly.The2013and2015

GGEsproviderecommenda-tionsonnormsthatcanpro-videthebasisforinternational

cooperationonresponsible

statebehavior.

RumoursoftheGGE’sde-misehavebeengreatlyexag-gerated,butwhetherthefail-uretoreachconsensusin2017

isonlyapauseinnegotiation

orwhethertheGGEprocess

willbereplacedbysomething

elseremainsanopenquestion.

Tobefair,theleadingcyber

powers-thosewhohavethe

capabilitiestoexercisepowerin

cyberspace-arenotreadyfor

agreement.Absentsometruly

pressingcrisis,progressto-wardsthegoalsHaguelaidout

willcontinuetobedesultory.

Onedevelopmentthat

complicatesdefiningthenext

stepisthatcybersecurityhas

gonefromaspecializedissue

toonethattouchesmany

socialandeconomicactivities.

AlltheGGE’sactedunderthe

auspicestheUN’sFirstCom-mittee,whichisresponsiblefor

disarmamentandinternational

security,butnowabroadrange

ofgovernmentalandnon-gov-ernmentbodiesareattracted

totheideaofdeveloping

norms.Thereismuchroomfor

manygroupstowork,ascyber-securitycoversabroadrangeof

issues,butthecoreissueofin-

ternationalsecuritywillremain

closelyheldbystates.Similarly,

normsthatdonotwinthe

acceptanceofpowerfulstates,

suchasthememberofthefive

permanentmembersoftheUN

SecurityCouncilortheG-20,

willnothaveusefuleffect.This

isahardtruthfrominterna-tionalpolitics,butthisexplains

whytheunfocusedeffortsof

theGlobalConferencesbefore

DenHaagmadelittleprogress.

The2015GCCSheldinthe

Netherlandswasanexcep-tionbecauseitcreatedformal

structuresoncapacitybuild-ing,informationsharing,and

ahigh-levelCommissionto

considerhowbesttomake

cyberspacemorestableand

secure.Theseongoingefforts

arevaluable,andtheGlobal

CommissionontheStability

ofCyberspace(GCSC)most

directlyaddressesthechal-lengesofbuildingstabilityin

cyberspace.

TheCommissionhasachal-lengetaskanditfacessomeof

theproblemsthatafflictthe

GCCSseries.TheCommission’s

twenty-sevenmembers,drawn

fromindustry,technicaland

Therearemanycontendingagendasincyberspaceandpowerfulvoicestoadvocatethem.


civilsocietyhavevariedexper-tiseandnationalities.There

aremanydifferentnegotiating

culturesinthegroup.Internet

engineerswantprecisetechni-caldefinitions;businesspeople

wantsdetailedcontractswith

subparagraphsforallcontingen-cies.Diplomatsknowthevalue

ofambiguityingettingstates

toactuallyagree-detailscanbe

workedoutoncethereispolit-icalagreement,notbefore.But

allagreeontheseminalidea

behindtheGCSC,thatidentify-ingnormsforstateandprivate

sectorbehaviorcanincrease

stabilityandsecurity.

Therearemanycontending

agendasincyberspaceandpow-erfulvoicestoadvocatethem.

TheCommissionisanother

voiceanditfacessignificant

butsurmountableobstacles.

Thefirstisfindingthebalance

betweentheroleofthepublic

andprivatesectors.Thegravi-tationalpullofthemultistake-holdermodelthathasguided

internetgovernanceispowerful

andmanyadvocateusingitto

defineandimplementcyber-securitynorms.Thesecondis

decidingwhethermorenorms

areneededortheexistingin-ternationallawandtreatiesand

theGGEReportsareenough.

Thetemptationtopropose

additionalnormsisalsopower-ful.Thethirdishowtoscope

itsworkandwhethertofocus

oninternationalsecurityorto

bringinotherissues.

Inthenearterm,theGCSC

hasconsideredproposinga

normtoprotectthepublic

coreoftheinternet,aproposal

advancedatthe2017GGE.The

draftlanguagebeingdiscussed

is:

Statesshouldnotconductor

allowICTactivitywithintheir

territoriesthatwouldaffectthe

generalavailabilityofthecore

namingandforwardingfunc-tionsoftheinternet.

Whilethislanguagedidnot

meetwithuniversalagreement

amongGGEparticipantnations,

theGCSChasthefreedomto

recommenditoranamend-edversionofitforrenewed

considerationbyinternational

bodiesliketheG-20orothers.

Inthelongterm,theGCSC

couldusefullyconsiderhow

normscanbemademore

effective,theroleofattribution

inthis,andwhetheranorma-tivestructurerequiressome

kindofaformal,institutional

frameworkoraconvention.In

consideringalltheseissuesthe

GSCScanhelpredefinethe

relationshipofthemultistake-holdermodeltointernational

security.

TheGCSCoffersthebestthe

opportunitytofulfilHague’s

wishforacomprehensive,

structureddialoguetobuild

consensusandlaythebasisfor

agreementonnorms.Itcan

onlymakerecommendations

forotherstoactupon,butit

hasauniquestatusandwith

that,auniqueopportunityto

identifythepathforwardfor

stabilityincyberspace.7


Nextyear,computer

networkswillbe50years

old.InAugust1968,Iwaslucky

tobepartofasmallgroupof

researchersandstudentsin

sunnyCaliforniawhostarted

tryingtoconnectcomputers

locatedindifferentphysical

locations.

Bytheendof1969,there

wasonerudimentarynetwork

linkingfourcomputersatfour

researchcentres:Universityof

California,LosAngeles(where

Iwasastudent);Stanford

ResearchInstitute;University

ofCalifornia,SantaBarbara;

andUniversityofUtahinSalt

LakeCity.Iofferedtoorgan-

iseourearlynotes.Whatwas

supposedtobeasimplechore

causedmeconsiderabletrepi-

dation.

Wewantedtoencourage

otherstochimein,butI

worriedwemightsoundas

thoughweweremakingofficial

decisionsorassertingauthori-

ty.TomakesurethatIdidnot

missanyinputsfrompeersor

seniorprofessors,Iwrotea

notewhichIlabelled“Request

forComments1”(RFC1),

leavingmanyquestionsunan-

swered.ThoughRFC1would

soonbecomeobsolete,the

RFCsthemselvestookrootand

flourished.Theybecame—and

stillare—theformalmethod

ofpublishinginternetprotocol

standards,andtoday,thereare

morethan8,000[RFCs],all

readilyavailableonline.

Overthepast20years,the

CyberspaceChallenges:PastandFuture

Stephen D. Crocker, Former Chairman of the Board, ICANN


internethasdeliveredthe

powerofconnectivitythatwas

unimaginable50yearsago.

Morethan3.7billionpeople

areconnectedthroughthe

networkofnetworkswecall

the“internet,”withmorethan

$2.3trillionchanginghands

throughe-commerce.Access

tothetop-leveldomainofthe

internetisnowavailablein20

non-Latinscripts,something

Iampersonallyverypleased

about.Expansionofthe

networkisrapidlycontinuing

acrossdifferentoperatingsys-

temsanddevices,mostnotably

inthemobilesphere.

Alongwiththeexpansion

comesnewchallengesandop-

portunities.Ourchallenges50

yearsagowereverydifferent

fromthechallengesweface

today.Whereoncewegrap-

pledwiththeinitialchalleng-

esofconnectingcomputers

ofdiversemanufacture,we

nowworkwithamultitude

ofapplications,communities

andlanguages.And,ofcourse,

wealsohavetocontendwith

serioussecuritychallenges.

Thankfully,sustainablegover-

nancestructuresnowexistto

facilitatethespreadofnet-

worksacrosstheglobe.There

areforumsavailableforthose

whowishtoparticipateand

contributeinbuildingthe“in-

ternetofthefuture,”whether

inthetechnicalspaceorthe

policyspace,withtheInter-

netCorporationforAssigned

NamesandNumbers(ICANN)

andtheInternetEngineering

TaskForceasjusttwoexam-

ples.Weneedtocontinueto

worktogetherwitheachother

toaddressthesechallenges.

TheFifthGlobalConference

onCyberspace(GCCS),taking

placeinNewDelhi,offersthe

worldanimportantopportu-

nitytodojustthat.Thekey

themesforthisconference—

cybergrowth,cyberinclusion,

cybersecurityandcyber

diplomacy—arewherethe

discussionsneedtobe,where

weneedtocontinuetodevel-

opsolutions,forthebenefitof

humanity.

Sincetheconferencetakes

placeinIndia,Iamreminded

ofmyfirstvisittoBangalore

in1994.Iwasinvitedtogivea

talkattheIndianInstituteof

Science,andaspartofthevisit,

Iwasintroducedtoastudent

whohadbuiltafairlycomplex

softwaresystem.Impressed,I

askedwherehehadlearnedto

dosomuch.Hesimplysaid,“I

downloadedtheRFCsandread

them.”Thisisthepowerofthe

internet.Weneedtocontinue

todomore.

Inclosing,Iwishthehosts—

theGovernmentofIndia,and

theparticipantsattheGCCS

conference—everysuccess.I

lookforwardtoreadingthe

takeawaysfromthismeeting.7

Alongwiththeexpansioncomesnewchallengesandopportunities.Ourchallenges50yearsagowereverydifferentfromthechallengeswefacetoday.

CONTENTScf.orfonline.org/wp-content/uploads/2017/11/GCCS-Journal.pdf · CONTENTS 1 Vision...

Documents

Transcript of CONTENTScf.orfonline.org/wp-content/uploads/2017/11/GCCS-Journal.pdf · CONTENTS 1 Vision...