The Global Commission on Cyberspace Stability (GCSC) fears that its guidelines to prevent the internet and everything it connects from becoming a victim of war may be misinterpreted.
The GCSC strives to create global behavioral norms that will hopefully find their way into the diplomatic documents that govern the behavior of nation states. The organization is doing so because conventions governing kinetic warfare prohibit attacks on hospitals or schools, but many countries have yet to formalize recognition that information warfare could easily disrupt hospitals. The GCSC therefore wants nations to recognize that information warfare needs rules that match the intent of those governing kinetic conflict.
The Commission has had considerable success in these efforts, having defined eight standards. The first, the Standard on Non-Interference with the Public Heart of the Internet, aims to prohibit attacks against the domain name system, DNSSEC, WHOIS information services, systems operated by the Internet Assigned Numbers Authority. and regional Internet registries.
The standard also requires that “the naming and numbering protocols themselves and the integrity of standardization processes and outcomes for protocol development and maintenance” be prohibited during conflicts.
The organization is satisfied with the progress made towards its goals.
“We are delighted that the concept of the Internet’s public core has been fully integrated into texts as diverse as the Paris Call for Confidence and Security in Cyberspace and the Cyber Security Act of the European Union” , can we read in a new press release. [PDF] of the group.
But the statement suggests that the standard is misinterpreted.
“Fundamentally, we believe that the standard of non-interference with the public core is a matter of governance ‘on’ the Internet, and primarily a matter of moderating malicious behavior by states, and not a matter of governance ‘of’ the Internet, and therefore of Internet governance, ”the statement said.
“Despite recent attempts to portray the main threat to the public core as resulting from cybercriminals, it is actually states and their affiliates whose activities pose the greatest risk,” the document added, citing an International Union document. telecommunications which suggests that nation states could guarantee the security of the network against a criminal attack.
Only the attack on Dyn.com, the statement added, was identified as a result of criminal activity.
The statement also points out that most internet governance organizations are not run by governments.
“Nothing in the GCSC standard suggests that these key elements of the public core are not well supported by these actors,” the statement added. “However, no single measure of care is sufficient to deal with an unlimited pool of potentially malicious behavior. As described above, the only evidence of repeated behavior points to state-affiliated activity, not cybercrime.”
The statement therefore concludes that the GCSC’s approach of setting standards for nations regarding the bodies that define, operate and administer the Internet is therefore more appropriate than trying to prevent criminals from attacking its core.
“Even though governments maintain a de jure monopoly on the legitimate use of force in cyberspace, they no longer have the practical monopoly to attack and protect this area, nor can they prevent the proliferation and use of powerful cyber weapons ” , states the press release.
“On the contrary, the technical community, civil society and individuals also play a major role in the protection of cyberspace, including the promulgation of standards.” ®