Request for Consultation: Definition of Stability of Cyberspace

Request for Consultation: Definition of Stability of Cyberspace

August 14, 2019, Request for Consultation

Download Publication Download Document

Overview

Purpose: This public consultation procedure seeks to solicit comments and obtain feedback on the definition of “Stability of Cyberspace”, as developed by the Global Commission on the Stability of Cyberspace (GCSC). The definition constitutes an important element of the GCSC Report that the Commission aims to launch in November 2019. For the same purposes, the Commission previously issued a Request for Consultations (RFC) on its Singapore Norm Package, which contains a set of newly proposed global norms to guide responsible state and non-state behavior in cyberspace.

Consultation period: Open from 14 August until 6 September 2019.

Methodology: Submit your feedback using the Template Guidelines to the GCSC Secretariat (cyber@hcss.nl) by COB 6 September 2019.

Current status: The proposed definition of Stability of Cyberspace is the result of contributions and consultations by GCSC Commissioners and the expert advisors, as well as consultations and joint meetings with external stakeholders. The intent of this RFC is to facilitate and encourage broader feedback from external stakeholders on the current deliberations of the Commission on its final report – in particular on the definition of Stability of Cyberspace as formulated below.

Next steps: Once public comments have been received, the GCSC Consultation team (consisting of the GCSC Secretariat and Chairs of the Research Advisory Group) will collect the received comments and present them to the Commissioners at the next GCSC meeting. The GCSC may consider to implement the suggestions and/or feedback in the GCSC Report to be published by Q4 2019. All submissions will be handled confidentially and will only be read and used internally by the GCSC.

Contents


Draft Definition of Stability of Cyberspace

Stability of cyberspace is the condition where individuals and institutions can be reasonably confident in their ability to use cyberspace safely and securely, where the availability and integrity of services in cyberspace is generally assured, where change is managed in relative peace, and where tensions are resolved in a peaceful manner.

While the Commission’s definition builds on the standard definition of “stability”,[1] it is more nuanced in two ways.  First, there is the reference to user “confidence.”  Confidence is important because human decisions may be based upon perceptions, not just facts, and if someone perceives a lack of stability, (s)he may be reluctant to leverage cyberspace and obtain its benefits.  By way of example, cyberspace may streamline processes and make them more efficient, thus suggesting that Internet voting could greatly increase voter participation.  But if voting systems are unreliable – or there is a perception that such systems could be unreliable, causing voters to be sceptical about election results – then the benefits of this technology may be lost.

Second, it must be remembered that cyberspace is a domain of constant change.  There are changes in technology, in business models, in functionality, and in societal expectations about the role of technology in daily life.  Thus, unlike the dictionary definition of “stability” which includes “returning to an original condition,” what cyberspace needs is the ability to adjust but remain stable.  Simply put, users must remain confident in the availability and integrity of cyberspace even as it – and the world around it – changes.

Finally, as we discuss later in this report, we recognize that stability is based on adherence to existing international law (including international human rights law), common understandings of acceptable behavior, predictability, confidence building measures facilitated through capacity building, and by the open promulgation and widespread use of technical standards that ensure cyberspace is resilient.

[1] “Stability” is defined as (1) not likely to give way or overturn; firmly fixed; (2) not likely to change or fail; firmly established; and (3) not liable to undergo physical changes. See https://en.oxforddictionaries.com/definition/stable.

 

Background Information

Launched at the Munich Security Conference in February 2017, the GCSC is a group of 28 prominent, independent leaders in cyberspace from 16 countries, including Co-Chairs Latha Reddy (India) and Michael Chertoff (USA). Its mission is to enhance international peace, security and stability by developing norms and policy proposals to guide responsible state and non-state behavior in cyberspace. It aims to bring the knowledge, expertise and perspectives of private actors and civil society – including the technical community and academia – into the traditionally state-led dialogue on international peace and security in cyberspace, to reflect the multi-stakeholder reality of this domain. Taken together, the Commission aims to have a significant impact on the international peace and security governance architecture as it is relevant to cyberspace.

The GCSC is facilitated by a Secretariat comprised of The Hague Centre for Strategic Studies and the EastWest Institute. In addition to the Commission body itself, the GCSC is supported by a number of partners and sponsors, as well as a Research Advisory Group that connects the GCSC to the wider academic community and performs a vital research and execution element to the work of the Commission. The core interaction of the Research Advisory Group is founded on an email list that consolidates the key subject areas that the Commission focuses its work on. Find out how to join the email list here.

Meeting four times a year, and seeking input from relevant stakeholders in cyberspace, the Commission’s work thus far has involved a range of activities and outcomes. First, the GCSC has developed eight global norms of responsible behavior, to provide stability and influence the conduct of both state and non-state actors in ways that complement and reinforce norms developed elsewhere. The norms introduced by the GCSC revolve around the following areas:

  • Call to Protect the Public Core of the Internet
  • Call to Protect the Electoral Infrastructure
  • Norm to Avoid Tampering
  • Norm Against Commandeering of ICT Devices into Botnets
  • Norm for States to Create a Vulnerability Equities Process
  • Norm to Reduce and Mitigate Significant Vulnerabilities
  • Norm on Basic Cyber Hygiene as Foundational Defense
  • Norm Against Offensive Cyber Operations by Non-State Actors

The abovementioned definition of Stability of Cyberspace was extrapolated from these and other norms. Likewise, these norms also inform the Commission’s deliberations on the underlying principles of stability of cyberspace, as well as its recommendations on what the wider international peace and security architecture needs to do to meet that definition.

Currently, the Commissioners are drafting the final GCSC Report that they aim to publish in November 2019. The Commission has drafted the definition of Stability of Cyberspace, expounded in this RFC, as well as an underlying framework, principles and core tenets aimed at supporting international efforts to advance the stability of cyberspace. The GCSC has also continued its work to identify policy recommendations and a governance framework in which to embed norms and anchor stability of cyberspace in preparation of the publication of the Commission’s Report in November 2019.

Accordingly, for the remainder of the year, the Commission will be preparing the GCSC report, which will contain recommendations on a framework for an international security architecture in cyberspace that address elements of norm development, implementation, accountability and ensuring continued involvement from all stakeholders invested in a peaceful and secure cyberspace.

Relevant Resources

The Template Guidelines for the Request for Consultations (RFC) on the Definition of Stability of Cyberspace can be found here.

The Singapore Norm Package, to which the previous RFC on the Norms of the GCSC relates, can be found here.

To learn more and see the full list of Commissioners, visit www.cyberstability.org