Members of the Global Commission on the Stability of Cyberspace (GCSC) attended the 2018 Munich Security Conference, February 16-18. Commissioners participated in meetings and side events over the three-day conference, discussing prospects for cyber norms development and the importance of a multistakeholder approach.
Commissioners participated in the MSC-EWI Cyber Security Roundtable on Friday, “Mutually Assured Disruption – Deterrence in the Age of Cyber Geopolitics”, moderated by Bruce McConnell. Afterwards, Marietje Schaake moderated a panel with Brad Smith (Microsoft) and Alex Stamos (Facebook) on “Technology’s Impact on Democracy – Part II”. GCSC Chair Marina Kaljurand spoke at multiple events, including on a panel hosted by Facebook, “Hackers, Bots & Terrorists: How to Defend Societies from Cyber Aggression”, where she engaged with other prominent experts on ways to deal with cyber attacks that threaten the cohesion of our societies. Commissioner Jeff Moss and Director of the GCSC Initiative and Secretariat, Alexander Klimburg, participated in the Munich Cyber Security Conference and Tagesspiegel’s panel on Future Security talking about threats to Democracy.
The Commission, which was launched at last year’s Munich Security Conference, also held a panel discussion on Sunday, February 17 to present its recent work to further international progress in managing the cyber arms race, including the first proposed norm from the GCSC: the Call to Protect the Public Core of the Internet. This panel was moderated by GCSC Co-Chair and Former U.S. Secretary of Homeland Security Michael Chertoff, and included Commissioner Marietje Schaake (Member, European Parliament for the Dutch Democratic Party), John Frank from GCSC partner Microsoft and Alexander Klimburg and Bruce McConnell from the GCSC Secretariat.
GCSC Chair Marina Kaljurand’s editorial for the Munich Cyber Security Conference:
This conference takes place following a year of turmoil in international cybersecurity. 2017 was replete with cyber-related headlines, many of which spoke to different facets of an increasingly complex challenge. The WannaCry and NonPetya campaigns were at the forefront of a new wave of ransomware attacks that may have caused up to USD 5 billion of damage across the globe, significantly disrupting critical infrastructure in the process. The Internet of Things has helped fuel a marked rise in Distributed Denial of Service (DDoS) attacks to nearly double the level of 2016, and with a frightening number of botnets lying dormant waiting for an unknown purpose. Finally, incidents across elections in Europe and Africa show that the information warfare trend towards “hacking democracy” may not be a passing fad. While cyberspace flickers under this onslaught, intergovernmental attempts to find a workable interstate dialogue seem at an impasse. The failure of the UN-mandated governmental expert discussions and stalemates in other diplomatic fora show that governments alone will not be able to fix the problem.
Despite states’ traditional dominance over all questions related to international peace and security, its role within the overall cyberspace ecosystem is limited. After all, the Internet is governed by a complex ecosystem of stakeholders, each with its own set of standards, norms, rules and processes. Governments alone cannot decide on all aspects of cyberspace – a space in which civil society writes much of the key code and the private sector owns nearly all the digital and physical assets. Given this complex landscape, it is unlikely there can be a singularly encompassing legal solution that is both enforceable and inclusive. Instead, developing norms of behaviour acceptable to all relevant stakeholders is essential. The norm development principle was initiated in previous years by the now-defunct UN initiative, and included such noteworthy examples such as the prohibition of attacking critical infrastructures in peacetime, or interfering with the work of computer emergency response teams. This work must continue.
The Global Commission on the Stability of Cyberspace was launched at last year’s Munich Security Conference to help develop norms and policy initiatives related to international stability and security of cyberspace. It does this by connecting these traditional state-led dialogues with those of the Internet communities. We are a multistakeholder initiative that brings together noted individuals from diverse cyberspace backgrounds and from every region of the globe to help both inform and advance the international cybersecurity debate in both public and private sector fora. Recently, in New Delhi, we released our Call to Protect the Public Core of the Internet – an appeal for a new norm to apply to both state and non-state actors to refrain from activity that intentionally and substantially damages the general availability or integrity of the Internet itself.
Just like our work, this conference has embraced the multistakeholder reality that underpins the Internet. The Internet continues to grow, with new technologies such as artificial intelligence and quantum computing and encryption promising to yet again transform this unique human-made domain. These exciting developments will add yet more questions to those we have yet not fully addressed. I look forward to exploring some of the answers with you here.
Chair of the Global Commission on the Stability of Cyberspace