The latest report of the UN Group of Governmental Experts (GGE) concerned with “Developments in the field of Information and Telecommunications in the context of International Security”) was published in July 2015 (see UN General Assembly A/70/174)
The group was comprised of experts from some twenty states and chaired by Brazil. Its work, conducted over the course of 2014 and 2015, built on the outcome of earlier GGEs, notably the 2013 one, in which experts agreed on the applicability of existing international law and norms of state behaviour to cyberspace and state uses of ICT and a range of voluntary capacity, confidence and cooperative measures moving forward. The 2014-2015 was tasked with studying the issues further, particularly how international law and other norms of behaviour apply in practice.
The 2014-2015 GGE reaffirmed “that it is in the interests of all states to promote the use of ICTs for peaceful purposes and to prevent conflict arising from their use and acknowledges, noting the “dramatic increase in incidents involving the malicious use of ICTS by states and non-state actors”. Such uses, it stresses, can harm international peace and security, flagging that military cyber capabilities are growing and that “the use of ICTs in future conflicts between states is becoming more likely”.
Indeed, the report discusses how malicious use of information and communication technologies (ICT) can pose a threat to the security and wellbeing of states and interstate cooperation is essential if these threats are to be countered. This in turn will require the development of common understandings, principles and norms of responsible state behaviour in cyberspace. To promote these developments a number of confidence building measures (CBM) could be helpful alongside capacity building actions to assist developing states. In addition it considered two additional aspects: the use by states of ICTs in conflict and how international law is to be applied to state use of ICT.
The purpose of Ambassador (ret) Paul Meyer’s short analytical piece is to promote a more public public debate among governments, the private sector, academia and civil society on the outcome of the GGE and the issues discussed (or not) in the report. The piece entitled Another Year, Another GGE? The slow process of norm building for cyberspace discusses the core issues touched on by the GGE, particularly international law and norms of state behaviour, cautioning that much more work is required by states alongside a range of other actors in order to develop the global norms needed to ensure stability and security in cyberspace. In his reflections on the way forward, Ambassador (ret.) Paul Meyer (Canada) concludes:
“..in the absence of any other empowered multilateral process for developing the global norms of responsible state behavior in cyberspace that many advocate, the UN GGEs have taken on a role as a relatively representative mechanism for states to articulate what such norms might look like. Eventually however, UN member states will have to move beyond further studies of the subject to actually taking the decision to act upon the recommendations generated by the series of GGEs. This would entail establishing under UN auspices an inclusive process to negotiate an actual set of norms for state conduct in cyberspace.”
“Given the disturbing trends in what the GGE somewhat euphemistically terms “malicious activity” in cyberspace, it is incumbent on states to exert themselves and seek to regulate in some manner state conduct in cyberspace if they truly wish to preserve this critical environment for peaceful purposes. While the easiest path forward may be to simply authorize further group study of the subject, states and other stakeholders interested in preventive diplomacy should consider whether that is an adequate response when the future nature of cyberspace is still so ill defined and the risk of massively disruptive conflict has yet to be effectively addressed.”
Ambassador Meyer’s piece forms part of a number of inputs the ICT4Peace Foundation is gathering for the next iteration of its Baseline Review of international cybersecurity developments, set to be launched in January 2016.
The ICT4Peace Foundation’s experts and advisors have been active in this field since 2007, advising governments, international and regional organisations, working with non-governmental groups, organising conferences and workshops, participating in intergovernmental dialogues and publishing cutting edge and forward looking reports on international cybersecurity affairs. Examples of the Foundation’s activities can be found here. Sample publications can be found here.