The Global Commission on the Stability of Cyberspace (GCSC) agreed to five new norms of responsible behavior in cyberspace, focusing on improving and maintaining the stability and security of cyberspace. It is the intention of the GCSC that these norms be adopted by governments, companies and other players in their behavior, policies and laws.
This norms package was developed by the GCSC Commissioners, advisory experts and the GCSC Research Advisory Group, and refined by extensive debate. The new norms were agreed at the fourth full Commission meeting on September 20 in Singapore, held during the Singapore International Cyber Week (SICW). The finalized norms package will be released in the next few weeks.
“This package of norms recognizes the increasing interdependence of people around the world who rely on a stable and secure Internet. They aim to prevent the very real consequences of any major disruption,” stated Marina Kaljurand, Chair of the GCSC. “They represent an important step towards defining and promoting changes in behavior on the part of all parties involved.”
Once finalized, the norms will urge governments and others to avoid taking actions that would substantially impair the stability of cyberspace, including inserting vulnerabilities into products and services, commandeering others’ devices to create botnets, and allowing non-state actors to conduct offensive cyber operations. The norms will also urge action to preserve the stability of cyberspace, including establishing vulnerabilities equities processes and ensuring basic cyber hygiene. The GCSC agreed to continue discussions on artificial intelligence, on the cybersecurity responsibilities of product and service providers and on principles and definitions. The GCSC will next meet in Wuhan, China, in early December.
“Maintaining the integrity of cyberspace and all of the benefits it provides is the responsibility of government, the private sector, manufacturers and non-state actors, among others,” said Latha Reddy, Co-Chair of the GCSC and Former Deputy National Security Advisor of India. “The norms set forth by the GCSC today acknowledge the role of each organization and individual in maintaining appropriate standards and refraining from compromising the Internet, for the greater good.”
The norms package builds on previous norms introduced by the GCSC concerning the disruption of elections through cyber attacks on electoral infrastructure and a Call to Protect the Public Core of the Internet.
To inform its work, the Commission held a public hearing in Singapore. The hearing featured the participation and input of senior representatives from international organizations including Izumi Nakamitsu, United Nations Under-Secretary-General and High Representative for Disarmament Affairs, and representatives from ICANN, the United Nations Institute for Disarmament Research (UNIDIR), the Organization for Security and Co-operation in Europe (OSCE), and the Secretariat of the UN Secretary General’s High-Level Panel on Digital Cooperation. Several cyber coordinators also participated in the meeting, including from the Asia-Pacific Network Information Centre (APNIC), Australia, Belgium, Canada, Estonia, Finland, France, Germany, Hungary, India, Japan, Kenya, Mexico, the Netherlands, New Zealand, Norway, Poland, Singapore, Switzerland, the United Kingdom and the United States. Microsoft, JPMorgan Chase and other private sector actors were present as well.