A Difficult Road to International Norms for Cybersecurity

A Difficult Road to International Norms for Cybersecurity

December 5, 2019, Commission in the News

Download Publication Download Document

This article by Motohiro Tsuchiya was published by Nihon Keizai Shinbun on 27 November 2019

(Translated with Google Translate – Read the full text in Japanese here)

Although international politics is said to be anarchy, it is not in a state of ‘war of all against all’ as described by the English philosopher Thomas Hobbes. British political scientist Hedley Bull described it as an “anarchic society” and said it had a certain social function. Many people have come to realize that cyberattacks are shaking the international order. How is the international community responding to this?

The First Committee established under the UN General Assembly discusses disarmament and international security issues. Among them is the Group of Governmental Experts (GGE) meeting on cyber issues. The GGE is a meeting that gathers experts on specific issues to make an agreement. The 6th Cyber ​​GGE starts in December. The Japanese government has become one of the 25 participating countries. In 2013, the Cyber ​​GGE succeeded in submitting an agreement document to the United Nations General Assembly, confirming that existing international law was applicable to cyberspace.

In 2017, the GGE couldn’t come to an agreement. The issues that could already be agreed upon had been included in the previous document and only difficult issues, like whether to create a new treaty, were left. The new participating countries were persistently opposed to the agreement. GGE’s “failure” deeply disappointed those concerned about cybersecurity and stimulated movements involving the private sector. One of these movements is the Global Commission on the Stability of Cyberspace (GCSC), which was established by the Dutch and other governments. The first Chair was former Estonian Foreign Minister Marina Kaljurand. When she was elected to the Estonian parliament, Michael Chertoff, former Secretary of the U.S. Department of Homeland Security, and Latha Reddy, former Deputy National Security Adviser of India, became Co-Chairs. Microsoft and others are listed as partners. The author of this article also joined as a member of the Commission.

On November 12th, the GCSC launched its final report. It presented eight norms that cyberspace actors should respect, such as prohibiting attacks on the Public Core of the Internet and protecting the Electoral Infrastructure, and called for international cooperation. The GCSC published the report at a conference hosted by the French government called the “Paris Peace Forum“. A year ago in November 2018, President Macron insisted that cyberspace regulations were necessary to enhance security. An unusual statement from the head of a democratic government, it surprised the audience. In France, terrorism was a serious problem, and the use of cyber technology by terrorists increased the sense of crisis.

In an anarchic international community, norms are not binding. There are no penalties if you do not abide them. However, if there is a norm that everyone can agree on, those who deviate from it must be prepared for criticism. Individual and collective sanctions may also follow. It takes a long time to form international rules. The ocean has existed throughout human history, but in 1996 the United Nations Convention on the Law of the Sea came into effect in Japan. In the meantime, various norms around ocean use existed, but it took thousands of years to become a treaty. The treaty is also interpreted differently from country to country. It’s no wonder that it takes decades to establish a norm around cyberspace. The Japanese government is actively working to form international norms for cyberspace. In addition to the GGE mentioned above, Ambassadors from the Ministry of Foreign Affairs participated in various multilateral meetings. In mid-November, a meeting will be held in Beijing to boost cooperation between Japan, China and South Korea. Bilateral consultations are also held with more than 10 countries and regions such as the United States. The Vienna Conference, held in 1814 after the Napoleonic Wars, was slow as “The conference went on, but there was no progress”. Conferences on cybersecurity are also being held around the world. However, cyber-attackers will not join the conference. It is being tested whether state-led diplomacy will function in a new area where non-state actors will thrive.

Read the original article here