The Global Commission on the Stability of Cyberspace (GCSC) today announced the release of its new Norm Package, featuring six new global norms to help promote the peaceful use of cyberspace. The norms were developed with the express purpose of being adopted by public and private sector actors towards an architecture to improve international security and stability in cyberspace.
“The GCSC has introduced universal norms that seek to address individual risks to the stability of cyberspace,” stated Marina Kaljurand, Chair of the GCSC. “We trust that decision makers within the government, private sector and civil society recognize that these norms will help guide how we as a global society define cyber stability. The interdependent nature of cyberspace demands established ‘rules of the road’ the global community can agree on – this effort is an important step in that direction.”
The norms introduced by the GCSC focus on the following areas:
- Norm to Avoid Tampering
- Norm Against Commandeering of ICT Devices into Botnets
- Norm for States to Create a Vulnerability Equities Process
- Norm to Reduce and Mitigate Significant Vulnerabilities
- Norm on Basic Cyber Hygiene as Foundational Defense
- Norm Against Offensive Cyber Operations by Non-State Actors
The complete GCSC Norm Package can be found here.
This Norm Package is the result of contributions and extensive consultations by GCSC Commissioners, advisory experts and the GCSC Research Advisory Group. It was finalized at the fourth full Commission meeting held in Singapore on September 19-20, which featured a public hearing to facilitate stakeholder engagement.
At the hearings, the proposed norms were discussed by senior representatives from the United Nations Office for Disarmament Affairs (UNODA), the United Nations Institute for Disarmament Research (UNIDIR), the UN Secretary-General’s High-Level Panel on Digital Cooperation, the Organization for Security and Co-operation in Europe (OSCE) and the European Union. Cyber coordinators and senior officials from Australia, Belgium, Canada, Estonia, Finland, France, Germany, Hungary, India, Japan, Kenya, Mexico, the Netherlands, New Zealand, Norway, Poland, Singapore, Switzerland, the United Kingdom and the United States participated in the meeting as well. Civil society and private organizations were also represented, including the Asia-Pacific Network Information Centre (APNIC), FIRST, ICANN, Microsoft, JPMorgan Chase, and the S. Rajaratnam School of International Studies, among others. The list of participants for the Singapore hearings is available here.
“The calls for responsible behavior in cyberspace will only grow louder, in step with the very real risks cyber poses for international stability,” commented Izumi Nakamitsu, United Nations Under-Secretary-General and High Representative for Disarmament Affairs. “All stakeholders should continue the discussion on norms and what they represent in advancing a global understanding of what is – and what is not – acceptable, in cyberspace.”
The Norm Package builds on previous norms introduced by the GCSC concerning the disruption of elections through cyber attacks on electoral infrastructure and a Call to Protect the Public Core of the Internet. The Commission welcomes comments and suggestions from all stakeholders on wording and possible levers of implementation for each of the norm proposals to inform its future deliberations.
Launched at the Munich Security Conference in February 2017, the GCSC is a group of 28 prominent, independent leaders in cyberspace from 16 countries, including Chair Marina Kaljurand (Estonia) and Co-Chairs Latha Reddy (India) and Michael Chertoff (USA). Its mission is to enhance international peace, security and stability by developing norms and policy proposals to guide responsible state and non-state behavior in cyberspace.
The organization is facilitated by a Secretariat comprised of The Hague Centre for Strategic Studies and the EastWest Institute. To learn more and see the full list of Commissioners, visit www.cyberstability.org.
For media inquiries, please contact Conrad Jarzebowski at [email protected].