Incyder news

 

20 December 2013


Subscribe

OSCE Confidence-Building Measures for Cyberspace

The OSCE Ministerial Council welcomed an initial set of Confidence-Building Measures aimed at reducing conflict stemming from the use of information and communication technologies.

The ministers of foreign affairs of the participating States of the Organization for Security and Cooperation in Europe (OSCE), at their 20th Ministerial Council, held on 5-6 December 2013 in Kiev, welcomed a set of Confidence-Building Measures (CBMs) for Cyberspace.1 The CBMs are laid down in Decision No. 1106, dated 3 December 2013, of the Permanent Council, the political decision-making body of the OSCE, comprising the ambassadors of the participating States.2 The CBMs aim to reduce conflict stemming from the use of information and communication technologies.

The activities of the OSCE with regard to cyber security in the past few years have mainly focussed on counter-terrorism, addressing the abuse of cyber means by terrorists. Lately it has started working on ‘Cyber CBMs’. The OSCE has a long tradition in the area of CBMs with regard to nuclear weapons. In 2012 the Parliamentary Assembly of the OSCE issued a Resolution calling for the OSCE to “organize an exchange of views and best practice on confidence- and security-building measures, including in the area of cyber security and counter-terrorism, with a view to exploring the possibility of building new OSCE commitments.”3 This Resolution initiated more concrete cyber security policies.

Decision No. 1106 of the Permanent Council of the OSCE, the “Initial set of OSCE Confidence–Building Measures to reduce the risks of conflict stemming from the use of information and communication technologies,” defines the measures the participating States agreed to take. In summary, the States:

  • will, on a voluntary basis, provide national views on aspects of national and transnational threats to and in the use of ICTs, facilitate co-operation among the competent national bodies, exchange information in relation with the security of and in the use of ICTs, hold consultations in order to reduce the risks of misperception, and of the possible emergence of political or military tension or conflict that may stem from the use of ICTs, protect critical national and international ICT infrastructures, including their integrity, and share information on measures that they have taken to ensure an open, interoperable, secure and reliable Internet;
  • will use the OSCE as a platform for dialogue, exchange of best practices, awareness-raising and information on capacity-building with regard to the security of and in the use of ICTs, including effective responses to related threats, and further explore the role of the OSCE in this regard;
  • are encouraged to have in place national legislation to facilitate on a voluntary basis bilateral co-operation and information exchange between competent authorities, including law enforcement agencies, in order to counter terrorist or criminal use of ICTs;
  • will voluntarily share information on their national organisation, strategies, policies and programmes, including information about co-operation between the public and the private sector relevant to the security of and in the use of ICTs;
  • will nominate a contact point to facilitate pertinent communications and dialogue on the security of and in the use of ICTs, voluntarily provide contact data for existing official national structures that manage ICT-related incidents and co-ordinate responses to enable a direct dialogue, and facilitate interaction among responsible national bodies and experts.
  • will, in order to reduce the risk of misunderstandings in the absence of agreed terminology and to further a continuing dialogue, as a first step, voluntarily provide a list of national terminology related to the security of and in the use of ICTs, accompanied by an explanation or definition of each term; and
  • intend to conduct the first information exchange by October 31, 2014.

It is to be noted that most of the activities are to be undertaken on a voluntary basis. Russia has added an interpretative guidance that says that “the Russian Federation will be guided in its implementation by a firm commitment to the principles of non-interference in the internal affairs of States, their equality in the process of Internet governance and the sovereign right of States to Internet governance in their national information space, to international law and to the observance of fundamental human rights and freedoms.”4

  • 1. See OSCE website: http://www.osce.org/event/mc_2013
  • 2. Permanent Council of the OSCE, Initial Set of OSCE Confidence-Building Measures to Reduce the Risks of Conflict Stemming from the Use of Information and Communication Technologie”, Nr. PC.Dec/1106, 3 December 2013, http://www.osce.org/pc/109168
  • 3. ‘Monaco Declaration’, 1st Committee Resolution: Political Affairs and Security, “The OSCE: Region of Change”, paragraph 25.ix, Monaco, 5 to 9 July 2012.
  • 4. OSCE, Permanent Council Decision No. 1106, Interpretative Statement under Paragraph IV.1(A)6 of the Rules of Procedure of the Organization for Security and Co-operation in Europe, Attachment to the Permanent Council of the OSCE Decision Nr. PC.Dec/1106, 3 December 2013, http://www.osce.org/pc/109168