Securing Cyberspace and the G7 Agenda

The Boston Global Forum welcomes this opportunity to provide input to the agenda for the G7 Ise-Shima Summit. Global Economy and Trade, Development, and Quality Infrastructure Investment are three themes of this summit. Given the importance of the Internet in all three areas, we encourage you to address the following actions concerning cybersecurity at the summit. These actions have as their goal to raise the general level of security in cyberspace.

1. Encourage the global adoption of the 2015 G20 cybersecurity norms, which include the 2015 GGE norms by reference, as the Ise-Shima Norms.

2. Endorse private and public efforts to improve ethical Internet behavior. The UCLA Global Citizenship Education Program and the Boston Global Forum’s Ethical Code of Conduct for Cyber Peace and Security are two such examples.

3. Engage vendors of cyberspace technology in the discussion of norms for responsible state behavior.

4. Establish domestic and international centers and mechanisms designed to reduce the risk of cyber conflict.

5. Encourage national cybersecurity experts to voluntarily publicize their best security practices.

6. Recognize that formulation of policy concerning cyberspace technologies requires the participation, on an equal footing, of respected academics and industry experts on the technologies in question.

These proposals stem from several developments.

First, over the last five years, small groups of governments have formulated international norms of state behavior, particularly for peacetime use. Negotiations have been held at the UN and many other forums. Now that a set of reasonable norms have been established it is appropriate to reach out to nations that have not participated in these discussions and encourage them to endorse them as well. In many cases, this will require some capacity development, which is encouraged by UN Resolution 70/237. The G7 nations can help increase confidence in computers and network technology by leading this effort, which could be called the Ise-Shima Challenge.

Second, global citizenship education has an important a role to play in building a sustainable peace and security in cyberspace. We encourage a significant effort in this regard.

Third, we observe that the success of many computer vendors requires that their customers have confidence in their products, which is undermined by unreported cyber vulnerabilities and by state launched weapons that result in mass events. Thus, some vendors, notably, Microsoft, have begun to formulate and promulgate norms of state behavior that are important from their point of view. States should take these nascent efforts seriously and engage these firms in norms formulation.

Fourth, given the large number of states that are developing cyber weapons, the risk of accidental or intentional cyber conflict is rising. All states should recognize this risk and work to mitigate it. Centers designed to reduce the risk of cyber conflict are needed in every country with offensive cyber capability. Operators in these centers must come to know each other so that they can properly assess national intentions during a cyber crisis. This issue has been highlighted in the latest 2015 GGE report.

The fifth recommendation on best practices is illustrated by a public talk given in January 2016 by Rob Joyce, head of NSA’s Tailored Access Operations Department. He offered advice on cybersecurity measures to protect a computing facility from the type of penetration in which his department engages. This event was a remarkable example of the security services of a major nation, the US, offering constructive advice to others. Each G7 nation could assume the same responsibility for improving the security of cyberspace by offering such examples of best practices.

Finally, policy formulation concerning cyberspace can be very challenging. Unless technology experts are at the table with policymakers when such policy is formulated, errors are easily made that may lead to poorly formulated international norms or domestic legislation. Thus, it is essential that academic and technology experts be engaged and treated as co-equals with policymakers during this process.

The appendices that follow provide specific recommendations that have been developed by a variety of parties and are aligned with the above objectives.

Full Presentation Here