In an effort to spur stalled global talks on improving cyber security, France today called for nations to “work together prevent activity that intentionally and substantially damages the general availability or integrity of the public core of the Internet.”
It says signatories to the “Paris Call for Trust and Security in Cyberspace” agree they “condemn malicious cyber activities in peacetime, notably the ones threatening or resulting in significant, indiscriminate or systemic harm to individuals and critical infrastructure and welcome calls for their improved protection.”
“We welcome collaboration among governments, the private sector and civil society to create new cybersecurity standards that enable infrastructures and organizations to improve cyber protections.”
UPDATE: Canada is among the supporters, along with Germany, Spain, Japan, Italy and the U.K. Tech companies include Microsoft, Nokia, IBM, Siemens, Dell, Cisco Systems, VMware, TrendMicro, HP Inc., Facebook, SAP, Juniper Networks and Oracle. For full list click here
The document was issued by the host country at the opening today of the 13th annual meeting of the Internet Governance Forum in the French capital.
UN Secretary General Antonio Guterres at opening of the Forum today in Paris
The three-day meeting usually pulls in between 2,000 and 3,000 participants from governments, the private sector, civil society and the technical community. Sessions will deal with cyber security, internet governance, human rights and emerging technologies.
It also comes just days after the United Nations committee on Disarmament and International Security (also known as the First Committee) proposed two — possibly conflicting — new groups to develop rules for states on responsible cyberspace conduct.
The committee approved by a vote of 109 in favour to 45 against, with 16 abstentions, a Russian draft resolution (known as L.27.Rev.1) calling on the UN General Assembly to convene in 2019 an open-ended working group acting on a consensus basis to further develop the rules, norms and principles of responsible behaviour of countries.
But it also approved a U.S. draft resolution (known as L.37), with a vote of 139 in favour (including Canada) to 11 against, with 18 abstentions, asking the Secretary-General and experts to continue to study possible co-operative measures to address existing and potential threats in the sphere of information security, including norms, rules and principles of responsible behaviour of countries.
As international law professor Theodore Christakis, director of the Centre for International Security and European Studies, noted in a tweet, two bodies in the UN could be moving towards different cyber processes.
His tweet also said that the official UN press release describing last week’s votes is “a must read to understand dire straits of multilateral cyber security negotiations.
The press release hotes the United States delegate said “L.27/Rev.1” imposes a list of :unacceptable norms and language that is broadly unacceptable to many states, while “L.37” mirrors previous consensus draft resolutions.” On the other hand Russia said “L.37” would “take the international community backwards and result in a complete waste of resources, also being the product of extremely narrow interests of Western countries, especially the United States. However, “L.27/Rev.1” proposes to taking the negotiating process to a higher level that is more inclusive, open and democratic.”
The Paris Call for action doesn’t list specific recommendations. Instead it urges nations to come together “to support to an open, secure, stable, accessible and peaceful cyberspace.”
Signatories agree to
— Prevent and recover from malicious cyber activities that threaten
or cause significant, indiscriminate or systemic harm to
individuals and critical infrastructure;
– Prevent activity that intentionally and substantially damages the
general availability or integrity of the public core of the Internet;
– Strengthen our capacity to prevent malign interference by foreign
actors aimed at undermining electoral processes through
malicious cyber activities;
– Prevent ICT-enabled theft of intellectual property, including trade
secrets or other confidential business information, with the intent
of providing competitive advantages to companies or commercial
sector;
– Develop ways to prevent the proliferation of malicious ICT tools
and practices intended to cause harm;
– Strengthen the security of digital processes, products and
services, throughout their lifecycle and supply chain;
– Support efforts to strengthen an advanced cyber hygiene for all
actors;
– Take steps to prevent non-State actors, including the private
sector, from hacking-back, for their own purposes or those of
other non-State actors;
– Promote the widespread acceptance and implementation of
international norms of responsible behavior as well as
confidence-building measures in cyberspace.
The work by countries, tech companies like Microsoft and international agencies comes not only as criminal activity online increases but also as allegations of state-sponsored cyber attacks are ramping up.
A number of countries are trying to get international consensus on Internet governance, but progress is slow. Earlier this year a conference of the Internet and Jurisdiction Policy Network hosted by Canada passed the so-called Ottawa roadmap for next year’s Policy Network meeting in Berlin. That conference, hopefully, would create policy standards and operational solutions to be presented to countries.
However, the state of international consensus — or, more acurately the lack of it — is more accurately reflected in last week’s UN conference. It can also be seen in last year’s failure of a United Nations advisory body of experts to come to a consensus on what rights states have to reply to online incidents.
MORE TO COME
