The Organization for Security and Co-operation in Europe (OSCE) is the largest security organisation in the world with 57 Member States from Europe, Central Asia and North America, including the United States and the Russian Federation. During the Cold War era, in the early 1970s, the Conference for Security and Co-operation in Europe (CSCE) was launched as a series of meetings offering a forum for dialogue and negotiation between East and West. In the Helsinki Final Act, concluded in 1975, participating countries made commitments in the political-military, economic and environmental fields, and in human rights. In 1994 the CSCE changed its name to the Organization for Security and Co-operation in Europe (OSCE).
The OSCE addresses a wide range of security-related and other topics, including arms control, confidence- and security-building measures, human rights, national minorities, democratisation, policing strategies, counter-terrorism, and economic and environmental activities. Member States are represented in the OSCE Parliamentary Assembly. The Member States’ Ministers of Foreign Affairs meet once a year in the Ministerial Council. Day-to-day decisions are taken by the Permanent Council.
The OSCE has been dealing with cyber security issues in relation to counter-terrorism and cybercrime. The Ministerial Council adopted decisions in 2004 and 2006 promoting activities at the State level and international cooperation against the use of the internet for terrorist purposes. Subsequent Parliamentary Assembly declarations from 2008 onwards include the call upon States to take measures and cooperate in field of countering cybercrime and enhancing cyber security (see INCYDER news item). More recently, the OSCE developed confidence-building measures (CBMs) for cyberspace (see also INCYDER news item).
In December 2013, the Ministerial Council welcomed an initial set of CBMs aimed at reducing conflict stemming from the use of information and communication technologies. These measures include: exchanging information on cyber threats; the security and use of ICT; national organisation, strategies, and terminology; holding consultations in order to reduce risks of misperception and of possible emergence of tension; sharing information on measures taken to ensure an open and secure internet; exchange of points of contact; and the use of the OSCE as a platform for dialogue.
In March 2016, a second set of CBMs was adopted by the Permanent Council (see INCYDER news item) and endorsed at the 23rd OSCE Ministerial Council in Hamburg, focused on further enhancing co-operation between participating States, including, for example, to effectively mitigate cyber-attacks on critical infrastructure that could affect more than one participating State; inter-State exchange in different formats, including workshops, seminars and roundtables to investigate the spectrum of co-operative measures or mechanisms that could enable participating States to reduce the risk of misperception.
Most of the activities are to be undertaken on a voluntary basis and participating States are encouraged to invite and engage representatives of the private sector, academia, centres of excellence and civilian society in such activities, adopting national arrangements to classify ICT incidents in terms of the scale and seriousness of the incident.