Donate
Reflections from the Global Commission on the Stability of Cyberspace Thumbnail
‹ Back
Technology 13 December 2017

Reflections from the Global Commission on the Stability of Cyberspace

Olaf Kolkman
By Olaf KolkmanChief Internet Technology Officer

Two weeks ago, a small delegation from the Internet Society was in Delhi for a series of meetings. (See yesterday’s post about GCCS and GFCE.) In this post, I’ll pick up with the Global Commission on the Stability of Cyberspace (GCSC).

The international community has been trying to develop cybernorms for international behaviour for over a decade. This has been happening through UN processes, through the GCCS, through international law discourse, and other fora. And, some progress has been made. For instance, the Tallin manuals provide some insights on how international law applies to cyber war and cyber operations, while the UN GGE, among others, recognized the applicability of international law on the digital space and has provided some protection to cybersecurity incident response teams (CIRTs) and critical infrastructure.

However, these processes are slow, and certainly not without roadblocks. The 5th UN Group of Governmental Experts on Information Security (GGE), for example, failed to reach consensus on whether certain aspects of international law, in particular the right to self-defence, apply to cyberspace as well as issues related to attribution. During a panel at GCCS, five participants in the 5th UN GGE shared their perspectives. To me it was clear that all parties see that the cyber diplomatic discussions on stability need to continue, but that it is not at all clear what the modalities of such discussion will be; it is not clear if there will ever be a 6th UN GGE or an alternative UN process.

So, how do we get to norms that may impact state and non-state behavior? Norms that can be supported by a large group of stakeholders – states, private sector, and technical, academic and civil society communities alike?

The Global Commission on the Stability of Cyberspace (a multistakeholder commission of experts) sets out to bring perspective by developing ‘proposals for norms and policies to enhance international security and stability and guide responsible state and non-state behavior in cyberspace.’ In its meeting in Delhi, it converged on its concrete outcome: A call to protect the Public Core of the Internet.

It reads:

NON-INTERFERENCE WITH THE PUBLIC CORE

Without prejudice to their rights and obligations, state and non-state actors should not conduct or knowingly allow activity that intentionally and substantially damages the general availability or integrity of the public core of the Internet, and therefore the stability of cyberspace.

This is a call that, I believe, can be prima facie respected by international law scholars, diplomats, negotiators, politicians, civil society members, and technologists alike. It recognizes a body of existing norms and agreements while it also unequivocally states: don’t mess with the public core of the Internet.

Many readers will rebut that this is a clear call, as the concept of public core of the Internet is not clearly defined. They have a point, but among the commissioners, it is well understood that the public core is a broad term that includes elements like Internet routing, the domain name system (DNS), certificates and trust, and communications cables. The associated protocol soup contains terms like BGP, DNS, PKI, and TLS. It is also well understood that we are not only talking about physical resources, like the routers themselves, but also about intangible aspects such as the state of the global routing table. More work will be done to refine and define the Public Core concept.

Creating a common understanding of global normative behaviour is a long and slow process where certain actors can become norm entrepreneurs. Not without pride, I believe that the GCSC, with the call for protection of the public core, is demonstrating norm entrepreneurship.  Or, as EFF’s Jeremy Malcolm observes in in his blog on Delhi’s cyber events: “The Call to Protect the Public Core of the Internet is not intended to be legally binding, but like Internet standards, it is hoped that it will acquire influence because the process by which it was developed was relatively thoughtful, inclusive, and balanced”, closing his blog with: “It doesn’t surprise us that a diverse, multi-stakeholder group of experts can actually produce more useful outcomes than a group of governments alone, and this could be taken as a lesson by the host of the next GCCS.”

I can’t write a better conclusion to this post.

Further reading

The Internet Society sponsors the GCSC and the author is one of its commissioners.

‹ Back

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Reflections on a Global and Cyber heavy week at GCCS and GFCE
Reflections on a Global and Cyber heavy week at GCCS and GFCE
Technology12 December 2017

Reflections on a Global and Cyber heavy week at GCCS and GFCE

Two weeks ago, a small Internet Society delegation was in Delhi to participate in a number of events that contained...

At IETF 102: The Global Commission on the Stability of Cyberspace - Cyber diplomacy meets InfoSec and Technology
At IETF 102: The Global Commission on the Stability of Cyberspace - Cyber diplomacy meets InfoSec and Technology
Building Trust26 June 2018

At IETF 102: The Global Commission on the Stability of Cyberspace – Cyber diplomacy meets InfoSec and Technology

On Tuesday, 17 July, alongside IETF 102 in Montreal, the Global Commission on the Stability of Cyberspace (GCSC) will host...

ICT Diplomacy: A Change in the Dynamics
ICT Diplomacy: A Change in the Dynamics
Internet Governance22 October 2018

ICT Diplomacy: A Change in the Dynamics

12 October to 6 November 1998, Minneapolis, United States: a point in time that cannot be forgotten. The ITU Plenipotentiary...

Join the conversation with Internet Society members around the world