Cyberspace Cooperation

The Global Commission on the Stability of Cyberspace (GCSC) will meet in Las Vegas on July 27, 2017 at Black Hat USA 2017, one of the world’s leading information security events that presents the very latest in research, development and trends. This meeting will outline the next operational steps in achieving the Commission’s mandate and will focus on the prioritized topics for 2017 including the “public core of the Internet,” “critical infrastructures,” and the protection thereof.

The GCSC will review the received proposals from Research Project 1 on the Public Core of the Internet. Researchers and institutions are still able to send their proposals until 21 July 2017.

Commissioners will also participate in a policy briefing “Challenges of Cooperating Across Cyberspace” at Black Hat. Marina Kaljurand, the GCSC Chair, will be joined by fellow GCSC Commissioners Bill Woodcock, Jeff Moss, Joseph Nye, Khoo Boon Hui and Wolfgang Kleinwächter. The panel takes place Wednesday, July 26 at the Mandalay Bay, Las Vegas (Room: Mandalay Bay AB).

Also, GCSC co-chair and former U.S. Secretary of Homeland Security Michael Chertoff will deliver the keynote address the previous day, on July 25, at the Black Hat CISO Summit, entitled, “From Reactive to Proactive: New Directions in IT Security” after the introduction by Black Hat and DEF CON founder Jeff Moss.

Launched at the Munich Security Conference in February, the GCSC convened its first Full Commission meeting last month in the Estonian capital of Tallinn on the sidelines of the 9th annual conference on Cyber Conflict (CyCon 2017). The GCSC is comprised of 27 commissioners and facilitated by two co-Secretariats—The Hague Centre for Strategic Studies and the EastWest Institute.

THE HAGUE, NETHERLANDS, July 5, 2017 - The Global Commission on the Stability of Cyberspace (GCSC) convened in Tallinn, Estonia on June 2-3, 2017. Marina Kaljurand, GCSC Chair and former Foreign Minister of Estonia, presided over the meeting, together with the two co-chairs, Michael Chertoff, former Secretary of the U.S. Department of Homeland Security, and Latha Reddy, former Deputy National Security Adviser of India. The meeting was hosted by the Ministry of Foreign Affairs of Estonia and coincided with the 9th iteration of CyCon. The Chairs, several Commissioners, and other GCSC members, spoke at CyCon at the invitation of the NATO Cooperative Cyber Defence Centre of Excellence.

“The Tallinn meeting was the first full Commission gathering, marking a critical step towards confirming the GCSC’s approach and direction over the next years of its three-year mandate,” said Marina Kaljurand, GCSC Chair. “Based on extensive deliberation, the Commissioners confirmed the group’s core themes to be addressed, operating agenda, research capacity and timelines.”

The meetings began on June 2 with sessions on cyberstability. Ten experts were invited to provide analysis on the critical developments and initiatives in the field of international cyberspace stability and present on the most pressing research and policy proposals that emerged from the GCSC Inaugural Meeting in Munich, in February of this year. The Hearings were moderated by the Chairs of the Research Advisory Group and helped to inform the deliberations of the Commissioners the following day.

On June 3, the Commissioners convened in a closed session to decide on the work program for the coming year, centered on developing proposals for norms and policies to enhance international stability and guide responsible state and non-state behavior in cyberspace. The prioritized topics for 2017 include the “public core of the Internet” and “critical infrastructures,” and the protection thereof. As a first step the GCSC will focus on a working definition of critical infrastructure that serves the Commission’s needs. To this end, it will set out to distinguish between the public core of the Internet, critical infrastructures of the Internet, and IT-aspects of non-Internet critical infrastructures. By means of a mapping exercise, the Commission seeks to get a better understanding of the public core and critical infrastructures, as well as the protective measures and state practices in this context.

The Commission also touched upon other topics, such as the protection of electoral infrastructures, the application of sovereignty, secure access for the next billion users, rules for offensive actions in cyberspace, attribution and compliance to norms and private sector responsibilities, amongst others. The Commission is continuing its deliberations in these areas as well, and expects to build on the substantial contributions made by multilateral expert groups to the collective understanding of the challenges and approaches to increasing stability in cyberspace.

In addition, the GCSC announced the launch of the Research Advisory Group (RAG), and its Chairs were introduced to the Commissioners. The RAG will help execute and implement the Commission’s research agenda, particularly on international cybersecurity, law, Internet governance, and technology & information security practice. More information on how to join the Research Advisory Group can be found here.

The GCSC will convene a smaller scale Commission meeting on July 27 on the margins of Black Hat in Las Vegas, U.S. In the run-up to the meeting, the GCSC Secretariat and the Chairs of the Research Advisory Group will publish the Requests for Proposals (RFPs) on the email platform of the Research Advisory Group. Researchers and institutions that are a member of the Research Advisory Group can respond to these RFPs with proposals. The subscription procedure for the Research Advisory Group is explained here. The RFPs provide additional details on the immediate research priorities of the Commission and will be published before July 5, 2017.

The Hague Centre for Strategic Studies, the EastWest Institute, the Chairs and Commissioners would like to thank the government of Estonia for hosting the Tallinn meeting, as well as the GCSC partners, the government of The Netherlands and Singapore, Microsoft, the Internet Society (ISOC), and the other funders for supporting the work of the Commission.

For additional information, please visit the website or get in touch with the Secretariat via info@cyberstability.org.  

About The Hague Centre for Strategic Studies

The Hague Centre for Strategic Studies (HCSS) is an independent private think tank established in 2007. The Centre focuses on issues that crossover the domains of geopolitics, security, and geo-economics, among which international security and defense, national security, conflict studies, cybersecurity, resource scarcity. HCSS conducts contract research for public sector organizations, such as ministries of defense, foreign affairs and security; international organizations (NATO, European Commission); NGOs as Greenpeace; and private sector companies. We stress an interdisciplinary perspective, combine quantitative and qualitative research methods for our analysis, and present intuitively and action-oriented results. Learn more

About the EastWest Institute

The EastWest Institute works to reduce international conflict, addressing seemingly intractable problems that threaten world security and stability. EWI forges new connections and build trust among global leaders and influencers, help create practical new ideas and take action. Independent and nonprofit since our founding in 1980, EWI has offices in New York, Brussels, Moscow, Washington, D.C., Dallas, San Francisco and Istanbul. Learn more

EWI Global Vice President Bruce McConnell sat down with Israeli news network i24NEWS this week to discuss the state of cyberspace in an ever-digital world. Asked about whether cyberspace constitutes the next frontier for warfare, McConnell responded that he felt as if cyberspace has very much become the new frontier for just about anything—international competition included. More than just underscoring that this was the current reality, he further stressed that a set of comprehensive rules for cyber space need to be created in order to prevent flagrant cyber warfare abuses down the road. Much like international laws dictating biological warfare, cyber space should be given an international platform through which it could be regulated. 

Without such a platform in-place at the moment, countries should—in the meanwhile—continue to strengthen their cybersecurity capabilities. That being said, McConnell remains optimistic that ten years down the line, as cyberspace becomes more efficiently controlled, it will also begin to look much better.

Watch the full interview here.

Vladimir Ivanov, PhD, Director of the EastWest Institute's (EWI) Moscow office, presented a key report at a round table discussion “Current Security Issues in Information Space” hosted by the Institute of World Economy and International Relations of the Russian Academy of Sciences (IMEMO). The event took place on June 20 in Moscow.

Ivanov started his speech with adjusted remarks on the modern information space implications for global strategic stability. He also presented the background and current projects of the EWI Cyberspace Cooperation Program, underlining the innovative practices in a trust building process in which both government and business actors take an active part.

In addition, Ivanov introduced participants to the work of the newly launched Global Commission on the Stability of Cyber Space (GCSC), inviting the audience of about 25 Russian top-level political and information science experts to be involved in this initiative.

The EastWest Institute's call for broader and more diversified international cooperation on countering the realities of a growing systemic chaos and instability received a positive reaction.

Photos by: Anna Renard-Koktysh

Founder of the Data Security Council of India and EWI Distinguished Fellow Kamlesh Bajaj wrote—in an article for The Wire—on the difficulties behind international cooperation in cyberspace security. Analyzing the cyber playing field following the WannaCry worm outbreak earlier this year, Bajaj remarked that although it is high time that countries agree to limit the cyber arms race, such a restriction might be difficult to unilaterally achieve through conventional first-track diplomatic efforts. Bajaj particularly questioned whether "some specifics [could] be identified and debated by the private tech sector in Track 2 mode, then moved to 1.5 or straightaway to Track 1 for the framing of international norms." 

That being said, regardless of the efforts of nongovernmental agencies themselves, he underscored that "[cyber] security has become a shared responsibility between tech companies and customers and the stockpiling of vulnerability by governments." National governments are ultimately responsible for coordinating policy on this front in order to prevent the serious cybersecurity lapses. Such endeavors might of course go against the ability of these nations to build up their own cyber arms, but they are, as Bajaj argues, necessary for the maintenance of cybersecurity. 

Click here to access the full article at The Wire.

Although there has been no concrete evidence that votes were unlawlfully altered during the 2016 U.S. Presidential Election, a leaked National Security Agency report appears to prove that Russian hackers attempted to compromise the electronic poll book software in numerous states. The scope of this hacking has not yet been determined, but, regardless of the possibly unprecedented interference, cybersecurity experts are already looking toward making future elections as free from outside influence as possible. They cite greater reliance on paper ballots and post-election audits as possible solutions to ensuring greater voter legitimacy down the line. 

Stressing the necessity of finding a proper solution as soon as possible, EWI Global Vice President Bruce McConnell told USA Today, “Maybe we dodged a bullet this time and there was no actual vote tampering. Next time we may not be so lucky.”

Click here to access the full article on USA Today. 

On May 16, the EastWest Institute co-hosted an event to discuss Cyberspace Security and Global Security with the Russian International Affairs Council as part of its annual Board Meeting. The event welcomed EWI board members, Western and Russian experts on cyberspace security, representatives of both business communities and members of EWI's broader network to discuss the work of the Global Cooperation in Cyberspace program and prospects for Russian-American cooperation in cyberspace.

The day's activities opened with the unveiling of a joint EWI-RIAC policy report containing suggestions for furthering Russia-U.S. cooperation on some of the most critical issues in cyberspace today.

Following this, a panel of distinguished Russians, Britons and Americans including John Frank of Microsoft, David Omand formerly of GCHQ, Ilya Sachkov of Group-IB and Pavel Sharikov of the Russian Academy of Sciences met to give their perspectives on cooperation in cyberspace between these two major cyber powers. This panel built on the ongoing work of the EastWest Institute's series of bilateral Russia-U.S. Track II dialogues on cyberspace cooperation. 

The event also contained a review of the Global Cooperation in Cyberspace program's recent work, including its recently concluded Global Cyberspace Cooperation Summit VII in Berkeley. This panel featured presentations from key stakeholders in EWI's 5 breakthrough groups to discuss their progress and solicit feedback on topics such as balancing encryption and lawful access to data, increasing security and safety in IoT-connected cities, understanding and insuring systemic cyber risk, promoting norms of responsible behavior in cyberspace and increasing access to more secure ICT products and services.

The Global Commission on the Stability of Cyberspace (GCSC) will hold its first full Commission meeting to confirm the group’s action agenda and areas of focus. The meeting will take place on June 2-3, 2017 in Tallinn, Estonia on the sidelines of the 9th annual conference on Cyber Conflict.

The GCSC meeting will take the opportunity to engage with a range of academic and government experts on the critical initiatives in the field of international cyberspace stability, as well as confirm research and policy initiatives. The GCSC will also announce the launch of their Research Advisory Group that will help implement the Commission’s agenda, particularly on cyberspace security, Internet governance, international law as well as technical and information security.

“The first meeting of the full Commission marks a critical step in the GCSC’s approach and direction over the next three years,” said Marina Kaljurand, GCSC Chair, and former foreign minister of Estonia. “Cybersecurity depends on the cooperation of a range of stakeholders such as the government, private sector, civil society, academia and experts, across the right balance of geographies. On the strength of our Commissioners representing 18 countries, and with the added inclusion of experts from CyCon and elsewhere, we look forward to highly productive series of discussions that will shape our work going forward and help ensure advancement on how best to tackle security of cyberspace.”

Launched at the Munich Security Conference in February, the GCSC is the first organization of its kind dedicated solely to developing and advocating for norms and policies to improve cyberspace stability and security. The Hague-based organization is comprised of 27 commissioners and chaired by Marina Kaljurand (Estonia), and includes co-chairs Michael Chertoff (USA) and Latha Reddy (India).

For more information about the GCSC, please visit: www.cyberstability.org

For a complete list of GCSC commissioners, please visit here.

Across Asia, governments are rushing to build up expertise to fight off cyber attacks, both for defense and offense. The region's military forces are being thrust into the front lines, even though cyberwarfare reaches behind conventional battlefields.

"Threats are dynamic and state actors are determined adversaries capable of sabotaging whole economies," Greg Austin told Nikkei Asian Review.

"Concerns about a cyber Pearl Harbor are receding," said Austin. "But I think we should start to look at what a 'cyber Fukushima' or a 'cyber Twin Towers' looks like."

Click here to access the full article on Nikkei Asian Review.