A summary of the norms, rules and principles for the responsible behaviour that countries worldwide should adopt for ICT in the context of national security.
In July 2015, the United Nations (UN) Group of Governmental Experts (GGE) on Developments in the Field of Information and Telecommunications in the Context of International Security published a report, Developments in the field of information and telecommunications in the context of international security. The UN GGE comprises representatives of 20 countries worldwide, and the resulting report sought to examine current and potential threats arising from the use of ICTs by States and to propose actions countries should implement to address those threats, “including norms, rules, principles and confidence-building measures” (Source: UN). Additionally, the Group examined how international law applies to the use of ICTs by countries.
With regard to existing and future threats and from a national security perspective, the Group highlighted that critical infrastructure is where countries are most vulnerable to cyber-threats and incidents. It was also noted that there has been “a dramatic increase in incidents involving the malicious use of ICTs by State and non-State actors” (Source: UN).
In light of the above threats, and in its report, the GGE made the following recommendations of norms, rules and principles for the responsible behaviour that countries should adopt, which are summarised below:
- States should cooperate in developing and applying measures to increase stability and security in the use of ICTs
- In case of ICT incidents, States should consider all relevant information,
- States should not knowingly allow their territory to be used for internationally wrongful acts using ICTs
- States should consider how best to cooperate to exchange information, assist each other, prosecute terrorist and criminal use of ICTs
- In ensuring the secure use of ICTs, States should respect Human Rights Council resolutions on the promotion, protection and enjoyment of human rights on the Internet, as well as General Assembly resolutions on the right to privacy in the digital age
- States should not conduct or knowingly support ICT activity contrary to its obligations under international law that intentionally damages or otherwise impairs critical infrastructure
- States should take appropriate measures to protect their critical infrastructure from ICT threats
- States should respond to appropriate requests for assistance by another State whose critical infrastructure is subject to malicious ICT acts.
- States should take reasonable steps to ensure the integrity of the supply chain so that end users can have confidence in the security of ICT products
- States should encourage responsible reporting of ICT vulnerabilities and share associated information on available remedies to such vulnerabilities
- States should not conduct or knowingly support activity to harm the information systems of the authorized computer emergency response teams or cybersecurity incident response teams of another State.
Image credit: ammer (FreeDigitalPhotos.net)
___________