Request for Consultation: Norm Package Singapore [CLOSED]

[This Consultation procedure has now closed. The deadline for submissions was January 17, 2019]

Overview

Purpose: This public comment procedure seeks to solicit comments and obtain additional feedback on the proposed norms of the Norm Package Singapore, issued by the Global Commission on the Stability of Cyberspace (GCSC) in November 2018.

Consultation period: Open from December 17, 2018 until January 17, 2019.

Methodology: Submit your feedback using the guidelines on template and style to the GCSC Secretariat (cyber@hcss.nl) by COB January 17, 2019.

Current status: The Norm Package Singapore is the result of contributions and consultations by GCSC Commissioners, advisory experts and the GCSC Research Advisory Group (RAG). The intent of this RFC is to encourage and facilitate feedback from external stakeholders on the proposed norms considered here.

Next steps: Once public comments have been received, the GCSC Consultation team (consisting of the GCSC Secretariat and Chairs of the Research Advisory Group) will collect and present the received comments to the GCSC Commissioners at the next GCSC meeting in Geneva at the end of January 2019. The GCSC may consider to implement the suggestions and/or feedback at any time, but is likely to focus on including any potential changes in the GCSC Report to be published by Q1 2020. Your submission will be handled as confidential and will only be read and used internally by the GCSC.

In line with the expected GCSC work program, an “Expanded Request for Consultation” will be launched in Q3 2019. This will most likely take into account all norms currently drafted, as well as the future work of the Commission on a definition of and principles for cyber stability.

Contents

Description and Explanation

The Global Commission on the Stability of Cyberspace announced the release of its new Norm Package on Thursday November 8, 2018, featuring six new global norms to help promote the peaceful use of cyberspace. The norms were developed with the express purpose of being adopted by public and private sector actors towards creating an architecture to improve international security and stability in cyberspace.

The norms introduced by the GCSC focus on the following areas:

• Norm to Avoid Tampering
• Norm Against Commandeering of ICT Devices into Botnets
• Norm for States to Create a Vulnerability Equities Process
• Norm to Reduce and Mitigate Significant Vulnerabilities
• Norm on Basic Cyber Hygiene as Foundational Defense
• Norm Against Offensive Cyber Operations by Non-State Actors

An explanation describing the purpose of the norms, as well as the GCSC process writ large, has been included in the Norm Package to provide general context.

This Norm Package is the result of contributions and consultations by GCSC Commissioners, advisory experts and the GCSC Research Advisory Group (RAG). To help its deliberations, the GCSC issued a draft version of the Norm Package to the Research Advisory Group on September 7, 2018 for a one-week consultation. The feedback received was collected by the Chairs of the Research Advisory Group and presented as part of the dossier to the Commissioners in preparation of the GCSC Meeting in Singapore on September 20-21, 2018. The meeting in Singapore also featured a public hearing to facilitate stakeholder engagement on the work of the GCSC. Afterwards, the Commissioners finalized the norm proposals and consulted with their constituents on an informal basis. The intent of this request is to encourage and facilitate feedback from external stakeholders on the current deliberations of the Commission, in particular on the proposed norms considered here.

Background

Launched at the Munich Security Conference in February 2017, the GCSC is a group of 28 prominent, independent leaders in cyberspace from 16 countries, including Chair Marina Kaljurand (Estonia) and Co-Chairs Latha Reddy (India) and Michael Chertoff (USA). Its mission is to enhance international peace, security and stability by developing norms and policy proposals to guide responsible state and non-state behavior in cyberspace.

It aims to bring the knowledge, expertise and perspectives of private actors and civil society, including the technical community and academia, into the traditionally state-led dialogue in international peace and security in cyberspace, to reflect the multi-stakeholder reality of this space.

The GCSC is facilitated by a Secretariat comprised of The Hague Centre for Strategic Studies and the EastWest Institute. In addition to the Commission body itself, the GCSC is supported by a number of partners and sponsors, as well as a Research Advisory Group that connects the GCSC to the wider academic community and performs a vital research and execution element to the work of the Commission. The core interaction of the Research Advisory Group is founded on an email list that consolidates the key subject areas that the Commission focusses its work on. Find out how to join the email list here.

Meeting four times a year, and seeking input from the relevant stakeholders in cyberspace, the Commission’s work thus far has focused on developing norms of responsible behavior, to provide stability and influence the conduct of both state and non-state actors in ways that complement and reinforce norms developed elsewhere.

These norms provide a roadmap for further discussions – the Commission will thereafter extrapolate from these and other norms a working definition of cyber stability and its underlying principles, and recommendations on what the wider international peace and security architecture needs to do to meet that definition.

Taken together, the Commission aims to have a significant impact on the international peace and security governance architecture as it is relevant to cyberspace.

Relevant Resources

The complete GCSC Norm Package Singapore can be found here.

The Template and Style Guidelines for the Request for Consultation (RFC) of the Norms Package Singapore can be found here.

To learn more and see the full list of Commissioners, visit www.cyberstability.org.