International infosec rules delivered to make nations and non-state actors behave themselves online • The Register

At the end of last week, the Global Commission on Cyberspace Stability (GCSC), a group working to develop guidelines that the world can follow to maintain the stability and security of the Internet, published a final report with its ideas on how countries in the world should behave on the Internet.

The GCSC exists because its founders and stakeholders believe that the Internet has become vital, but that it is not protected by conventions or standards that make it clear in ordinary kinetic conflicts that it is barbaric to bomb schools or hospitals.

The organization is pragmatic enough to believe that some countries will never sign such agreements because they do not want to limit their ability to conduct offensive operations online. But CCMG leaders also believe that if the organisation can create and adopt norms of states and multilateral organisations, it will be possible to portray those who use the network as weapons operating outside acceptable norms of behaviour.

Diplomats, pure grayards working on the disarmament of cyber weapons of the United States, China and Russia.


Last week, this mission took an important step forward with the publication of the Commission’s final report setting out these rules.

Proposed standards :

  1. State and non-State actors should not engage in or knowingly obstruct activities that intentionally and substantially compromise the overall availability or integrity of the public core of the Internet and thus the stability of cyberspace.
  2. State and non-state actors should not pursue, support or tolerate cyber operations aimed at destroying the technical infrastructure necessary for elections, referenda or opinion polls.
  3. State and non-state actors should not interfere in the development and production of products and services, nor allow their counterfeiting, where this could significantly undermine the stability of cyberspace.
  4. Government and non-State actors should not have public ICT resources to use as botnets or for similar purposes.
  5. States should establish a transparent procedural framework to assess whether and when to disclose vulnerabilities or weaknesses in information systems and technologies of which they are aware. The standard presumption should be in favour of disclosure.
  6. Developers and manufacturers of products and services on which the stability of cyberspace depends should (1) prioritise security and stability, (2) take appropriate measures to ensure that their products or services are free of significant vulnerabilities, and (3) take steps to reduce later discovered vulnerabilities and make their process transparent. All actors are required to exchange information on vulnerabilities in order to contribute to the prevention or containment of malicious cyberterrorist activities.
  7. States should take appropriate measures, including laws and regulations, to ensure basic cyber security.
  8. Non-state actors should not participate in offensive cyber operations and state actors should prevent and react to such actions when they occur.

The report describes its genesis as an end and a beginning.

The document indicates that the Commission has fulfilled its mandate. However, for JRCS members and adherents and for all those who support its objectives, the hard work needed to implement these principles, standards and recommendations has only just begun.

The work will not be easy because the UN has already disseminated its own standards and because the CSGC’s efforts go further and focus on engaging NSAs and influencing their behaviour.

Many international agreements require a multilateral commitment, but this remains a contentious issue according to the report. Some still believe that international security and stability is almost exclusively the responsibility of states. In practice, however, the battlefield (i.e. cyberspace) is primarily designed, deployed and operated by non-state actors, and we believe that their participation is necessary to ensure the stability of cyberspace. Moreover, their involvement is inevitable, as non-state actors are often the first to react to and even attribute cyber attacks to them.

Attempts to define international information rules for a route blocked by endless trading platforms warn diplomats


Once the SCG has finalised its standards, it will seek broad support and recommend the establishment of a permanent multi-stakeholder mechanism to address stability issues, with appropriate involvement and consultation of States, the private sector (including the technical community) and civil society. ®

Related Tags:

arguments against cyber security,cyber security, public policy,implications for cybersecurity,the packet-switching mechanism involves,cyber security privacy laws,cybersecurity and privacy law in a nutshell