Under the Italian chairmanship for 2017, the G7 heads of states and governments met in Taormina, Sicily, on 26-27 May 2017. In advance of this summit, the G7 foreign ministers held a meeting on 10-11 April 2017 in Lucca, Italy. The foreign ministers released a G7 ‘Declaration on Responsible States Behavior in Cyberspace’ (the ‘ Lucca Declaration’) and also expressed their opinion on this topic in the joint communiqué. The G7 leaders endorsed this declaration and the formulated aims in the Taormina Leaders’ Communiqué .
The G7 focused on cyber security issues during the Japanese chairmanship in 2016 (see the Incyder article) and it continues to develop these topics in 2017. In the Lucca Declaration, the G7 reiterates most of the statements from the G7 Principles and Actions on Cyber and the Ise-Shima Declaration.
As in 2016, the G7 recognises the risk of escalation and retaliation in cyberspace as well as risks to critical infrastructure. The statement also highlights that both states and non-state actors such as terrorists and criminals use cyberspace for malicious purposes. Reflecting the ever-changing threat landscape, the Lucca Declaration mentions cyber-enabled interference in democratic political processes, which is a clear reference to the cyber operations targeting the elections in the US and France.
Order (and law) in cyberspace
Promotion of security and stability in cyberspace remains the goal of the G7. All states are encouraged to engage in law-abiding, norm-respecting and confidence-building behaviour in their use of information and communication technology (ICT), following the path set out by Ise-Shima in 2016. Human rights are again recognised to be protected online as well as offline.
The Lucca Declaration re-emphasised that cyber activities can reach the threshold of the use of force or even be considered as an armed attack; and that in the case of an armed attack the inherent right of self-defence, whether individual or collective, can be invoked in accordance with Article 51 of the UN Charter. For the sake of stability and foreseeability, all states are called to explain their views on how international law applies to their respective actions in cyberspace.
The G7 reaffirmed in this context that international law and the United Nations Charter are vital for stability and for maintaining peace and security not only within the ICT context, but also offline. Responsible state behaviour has to refrain from threat or use of force against the integrity, sovereignty and political independence of any state. In relation to this, the G7 foreign ministers reaffirmed that for the sake of conflict prevention and conflict settlement, international law provides a sufficient framework for states to respond to wrongful or malicious acts conducted by other states.
Additionally, within the part of the joint communique covering cyber, the G7 urged all countries to develop laws, policies and practices that effectively combat cybercrime, including, if possible, to become party to the 2001 Budapest Convention on Cybercrime.
Norms and confidence-building measures
It was also stated that increased international cooperation and confidence-building measures lead to security and stability in cyberspace. In particular, ‘… promoting a strategic framework for conflict prevention, cooperation and stability in cyberspace, consisting of the recognition of the applicability of existing international law to State behavior in cyberspace, the promotion of voluntary, non-binding norms of responsible State behavior during peacetime, and the development and the implementation of practical cyber confidence building measures between States’ are the key elements for future peaceful relationships between states.
According to the Lucca Declaration, confidence-building measures (CBM) initiated by the OSCE and the ASEAN Regional Forum (ARF) are important tools to enhance and strengthen international peace and security, and so are the communication channels and hotlines between states. The Lucca Declaration also lists the non-binding, voluntary norms of state behaviour from the 2015 United Nations Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security (UN GGE).
In addition to the 11 norms from the 2015 UN GGE Report, one norm from the 2015 G20 Leaders’ Communiqué is included: ‘No country should conduct or support ICT-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sectors.’ Commercial cyber espionage was already mentioned in the Ise-Shima Declaration, but the direct quotation from a G20 document provides a stronger backing for the statement.
While the G7 documents mostly restate the principles introduced by the Ise-Shima Declaration, there are several new items worth noting, such as the reference to cyber operations targeting democratic processes, or the reference to state responsibility for internationally wrongful acts and possible response. The G7 continues on the ambitious course set in 2016 by the Japanese chairmanship.
This publication does not necessarily reflect the policy or the opinion of the NATO Cooperative Cyber Defence Centre of Excellence (the Centre) or NATO. The Centre may not be held responsible for any loss or harm arising from the use of information contained in this publication and is not responsible for the content of the external sources, including external websites referenced in this publication.