Conflict between states will take new forms, and cyber activities are likely to play a leading role. The rise of offensive cyber operations risks undermining the peaceful use of cyberspace to facilitate economic growth and the expansion of individual freedoms. Cyberspace is becoming an increasingly exploited resource that few feel compelled to take responsibility for, leading to a steady decay of the stability and security of the entire environment itself. To counter these developments more dialogue, research and actionable initiatives are needed.
Cyberspace is formed and governed by a range of different institutions and processes. A major challenge is insufficient awareness and mutual acceptance among the various cyberspace communities working on issues related to international security in and of cyberspace. By finding ways to link the international security and Internet communities, the Commission has a genuine opportunity to contribute to an essential task: supporting policy coherence related to the security and stability in and of cyberspace.
1. Facilitating information exchange:
From 2017-2020, the Commission met physically four times per year, encouraging the flow of information and knowledge across various cyberspace initiatives. An active outreach program encouraged cross-fertilization and capacity building amongst initiatives.
2. Supporting basic research:
Together with the Research Advisory Group, the Commission funded and conducted research on norms as well as on emerging themes and ideas of relevance to the stability of cyberspace.
3. Advocating proposals for action:
The Commission formulated recommendations for action, applicable to both state and non-state led initiatives. In November 2019, the Global Commission on the Stability of Cyberspace issued its final report, Advancing Cyberstability, which represents the culmination of the Commission’s work over the last three years, offering a framework to advance cyberstability, a set of four principles, six recommendations and eight norms that address critical elements of implementation, monitoring and accountability. The Commission will advocate for these recommendations in capitals, corporate headquarters and civil society centers, as well as the wider public.
THE RULES OF THE ROAD
In international security, norms have become a common standard for agreeing on what constitutes acceptable action in cyberspace, accompanying and expanding on existing legal understanding rather than attempting to craft new law. Often these norms are described as the “rules of the road” that determine acceptable and proscribed behavior.
The Commission did not begin its work in a vacuum. Its efforts were informed in particular by the United Nations Group of Governmental Experts in the Field of Information and Telecommunications in the Context of International Security (UN GGE) report of 2013 and 2015 that proposed 11 crucial norms. It was also inspired by developments in the G20, the G7, regional organizations as well as non-state norms developed by Microsoft and ISOC, to name a few. It also greatly benefited from the work done within Internet governance, including the work of NETmundial and the Internet Governance Forum.
Norms are foundational for better governance, and therefore the initial focus of the Commission’s work. They form a test of “what needs to be done”—a practical sense test of what practical and operational steps need to be undertaken to achieve some measure of “cyberstability.”
Throughout its deliberations, the GCSC was guided by significant shared core beliefs. These include the importance of a democratic, multi-stakeholder approach to governance, the necessity to promote development and growth, the need to balance rights and responsibilities for both state and non-state actors, and the centrality of cyberspace remaining open and unimpeded in its operations. The GCSC aims to expand the global understanding of responsible behavior in cyberspace for both states and non-state actors.