The United Nations (UN) Group of Governmental Experts (GGE) has published a report on developments in the field of information and telecommunications in the context of international security focusing on building a “peaceful, secure, resilient and open ICT environment”.
The third UN GGE dealing with developments in the field of information and telecommunications in the context of international security was called for by GA resolution A/RES/66/241 in 2011 to continue studying existent and potential threats in the sphere of information and communication technologies (ICTs) security and report back on possible cooperative measures to address them. Their long-awaited report2 reflects a “landmark consensus”3 among experts from 15 countries on a number of issues related to a “peaceful, secure, resilient and open ICT environment”. putting forward recommendations on three substantial areas.
Recommendations on norms, rules and principles of responsible behaviour by States
After confirming that the sources of threats can be both State and non-State actors, and that the absence of a common understanding between States on acceptable State behaviour regarding the use of ICTs increases the risk to international peace and security, the group firstly focuses on the role of international law.
The report further underlines that “international law, and in particular the Charter of the United Nations, is applicable and is essential to maintaining peace and stability and promoting an open, secure, peaceful and accessible ICT environment”. Even though experts have welcomed this statement as the first time countries have agreed to the “full applicability of international law to state behaviour in cyberspace” and have labelled it “a landmark step toward universal acceptance of the legal framework”,4 the report itself cautions that a common understanding of how these norms apply is yet to be achieved and requires further study. Member States should cooperate in implementing the mentioned norms and principles of responsible behaviour.
Besides emphasising the importance of international and regional cooperation, the report addresses the problem of attribution and international obligations regarding internationally wrongful acts. States are reminded of their responsibilities for attributable acts and invited not to use proxies to commit such acts as well as to ensure that their territories are not used by malicious non-State actors.
Recommendations on confidence-building measures and the exchange of information
The study proposes the development of voluntary confidence building measures in order to increase transparency, predictability and cooperation in the ICT environment. These measures include: a) exchanging views and information on national strategies and policies, best practices, etc; b) creating bilateral, regional and multilateral consultative frameworks for confidence-building; c) enhancing sharing of information among States on ICT security incidents; d) exchanging information and communication between national Computer Emergency Response Teams (CERTs); e) increasing cooperation to address incidents that could affect ICT or critical infrastructure that rely upon ICT-enabled industrial control systems; and f) enhancing mechanisms for law enforcement cooperation to reduce incidents that could otherwise be misinterpreted as hostile State actions, thereby improving international security.2
Recommendations on capacity-building measures
Finally, the report suggests the international community to cooperate in capacity-building for securing ICTs and their use by less-developed states. According to the GGE, Member States should consider a number of measures such as supporting bilateral, regional, multilateral and international capacity-building efforts; creating and strengthening incident response capabilities; supporting the development and use of e-learning, training and awareness-raising with respect to ICT security; increasing cooperation and transfer of knowledge and technology for managing ICT security incidents; and encouraging further analysis and study by research institutes and universities on matters related to ICT security.5
Overall, the GGE report should be viewed as an important step towards outlining common norms, rules, principles of behaviour and other cooperation mechanisms in cyberspace. Later this year the UN General Assembly may choose to continue studies on these issues and propose a resolution to set up another expert group for 2014, possibly with an extended list of contributing countries.4 These further developments are expected to shape common understanding of how international law applies to State behaviour and the use of ICT by States, possibly dwelling on the need for developing additional norms.
- UN General Assembly, Resolution A/RES/66/24, Developments in the field of information and telecommunications in the context of international security, http://www.un.org/ga/search/view_doc.asp?symbol=A/RES/66/24
- UN General Assembly, Resolution A/68/98, Report of the Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security, 24 June 2013, http://www.un.org/ga/search/view_doc.asp?symbol=A/68/98
-  NATO CCD COE 2013 Q2 report, ‘United Nations Group of Governmental Experts Achieve a “Landmark Consensus”’,  U.S. Department of State, “Statement on Consensus Achieved by the UN Group of Governmental Experts On Cyber Issues,” press release, June 7, 2013. http://www.state.gov/r/pa/prs/ps/2013/06/210418.htm
- Wolter, Detlev. “The UN Takes a Big Step Forward on Cybersecurity”, Arms Control Today, 43, September 2013, http://www.armscontrol.org/act/2013_09/The-UN-Takes-a-Big-Step-Forward-o…
- Ibid. Paragraph 32.