Since establishing the Cybersecurity Tech Accord, we have worked with many like-minded organizations to develop and promote initiatives aimed at making cyberspace more stable and secure. The Global Commission on the Stability of Cyberspace (GCSC) is one of the organizations we believe has a critical role to play in raising awareness and understanding of issues related to international peace and stability, specifically in driving responsible state and non-state behavior in cyberspace. It has embraced this mission with a spirit of collaboration with other key stakeholders and has been open to different perspectives and views. With this in mind, we are delighted to have been able to contribute to its work around cybersecurity norms by sharing our views on the Singapore Norm Package.
Over the past few years, evolving threats to the availability, confidentiality, and integrity of our online ecosystem have demonstrated the need for constant vigilance, collective action, and a renewed commitment to cybersecurity. The Cybersecurity Tech Accord signatories agree with the Commission that international cybersecurity norms are a fundamental starting point to ensure that we reach a common understanding and set of expectations for what constitutes acceptable behavior in cyberspace and what is clearly not acceptable. While efforts in this domain have been undertaken by international organizations, state actors, and businesses alike, they have often stumbled over diverging approaches and a perceived lack of urgency.
We believe the need for action has never been more critical.
The Commission’s efforts in this domain and its Norm Package represent an important milestone on the journey to establishing cybersecurity norms and achieving their global acceptance. These and other initiatives can help us enhance cyber stability in an environment where cyber-attacks threaten to undermine the very trust that is essential for an open, free, and secure internet.
We believe that particularly the first three norms of the Singapore Package have great potential to make a meaningful difference in our future security. For example, we are fully aligned with the Commission’s thinking on the need for state and non-state actors to refrain from introducing vulnerabilities into technology products and services (Norm to Avoid Tampering). The Cybersecurity Tech Accord signatories would be delighted to be able to raise awareness around the importance of this principle and the risks that such practices can pose to the online ecosystem as a whole. These and other principles will certainly help clarify debate in this space.
On the other hand, we encourage the Commission to reflect further on the best approach to address issues such as the lack of basic cyber hygiene among users and organizations. The proposed norms seem overly focused on regulatory action as a solution to the challenge we face. With technology pervading every aspect of our lives, it will be extremely important to fill this gap with initiatives that focus on the way people think about cybersecurity and deal with it in everyday life, rather than with top-down principles that might be difficult to implement. National programs and initiatives to enhance cybersecurity education will, in our view, continue to be the best approach to this issue.
In sum, the Cybersecurity Tech Accord signatories are excited about the Commission’s future work, particularly as it relates to efforts focused on agreeing on a working definition of cyber stability. We hope that the Commission’s efforts will continue to contribute to a meaningful evolution of the current dialogue on international peace and stability and that it will continue to show how a commitment to an open, multi-stakeholder process can achieve a meaningful result. We stand ready to support its efforts.
Read the full Cybersecurity Tech Accord response to the GCSC consultation here.