On 16-17 April, the Netherlands hosted the fourth Global Conference on Cyberspace (GCCS) in The Hague. The event gathered an impressive group of representatives from governments, private sector and civil society in order ‘to promote practical cooperation in cyberspace, to enhance cyber capacity building, and to discuss norms for responsible behaviour in cyberspace.’ The two-day conference ended with the Chair’s statement summarising the collective consensus on all matters concerning cyberspace, from Internet governance to cyber security and privacy. The INCYDER team will look at what the statement tells us of the global status quo.
Perhaps the main observation from the Chair’s statement is that the global community holds a common understanding that a wide range of issues related to cyberspace have to be actively addressed and that international cooperation is unavoidable in this regard. However, unsurprisingly, the declaration did not go into much detail or produce clear suggestions on how the global community should deal with the main complications.
For example, the statement highlighted the need for further cooperation on cybercrime and presented some progress in relation to INTERPOL’s efforts, but did not cover the (contested) role of the Budapest Convention on Cybercrime. The contentious issue of Internet governance was also only addressed by reaffirming a commitment to the multi-stakeholder model and welcoming the process of transferring the IANA functions to the global Internet community, without specifying a more detailed vision. Additionally, the declaration reaffirmed the applicability of existing international law to state behaviour in cyberspace by highlighting the need to find common understanding on specific aspects1 of international law. In this context, it is noteworthy that the declaration only mentioned the aim of developing non-legally-binding norms such as CBMs, signalling a contrasting view to certain states which also see new legally-binding instruments as necessary to regulate cyberspace. In line with other processes in several organisations, the statement also expressed a strong commitment to freedom and the right to privacy – however, no references to bulk surveillance or espionage were made.
One of the more tangible outcomes of the Conference was the establishment of the Global Forum on Cyber Expertise (GFCE) which gathers relevant stakeholders – states, international organisations and companies – to support efforts to strengthen cyber-related international cooperation. The CFCE aims to address a broad agenda: safeguarding cyber security, fighting cybercrime, detecting cyber threats, and protecting privacy and data security. The Forum was founded by 42 members, including different international key players such as the US, Turkey, India, EU, ITU, CoE, OAS, Microsoft and Symantec. However, it is noteworthy that the GFCE does not include such key players as Russia, China, or Brazil, which have expressed an anti-US stance on different cyber-related matters. The GFCE plans to hold a high-level meeting every year and aims to create a ‘pragmatic, action-oriented and flexible forum’. On the one hand, critics could say that the GFCE could develop into yet another political forum; on the other, it may establish itself as a considerable force, either combining like-minded states, or, if it attracts other key players, a platform for global discussions.
In the run-up to the GCCS, among other workshops, a consultation meeting on the Tallinn Manual 2.0 was held to receive input from 35 legal advisers from different states and international organisations. Tallinn 2.0 is the follow-on project to the successful Tallinn Manual on the International Law Applicable to Cyber Warfare. It will expand the scope of the original Tallinn Manual to so-called peacetime international law and result in the second, expanded and updated, edition of the Tallinn Manual in 2016.
The Hague’s GCCS is the fourth conference in the so-called London process, started by the British Foreign Ministry in 2011 to promote an open and global cyberspace. Since then, the conference has been held in Budapest (2012) and Seoul (2013). According to the statement, the next GCCS will be held in Mexico in 2016 or 2017.
This publication does not necessarily reflect the policy or the opinion of the NATO Cooperative Cyber Defence Centre of Excellence (the Centre) or NATO. The Centre may not be held responsible for any loss or harm arising from the use of information contained in this publication and is not responsible for the content of the external sources, including external websites referenced in this publication.
- The statement highlighted the need to understand how the principle of state sovereignty and state responsibility apply, or what might constitute a threat or use of force according to article 2 (4) of the UN Charter, but, again, did not make any specific suggestions.