Blog

Shared Cybersecurity norms | International Efforts for Cybersecurity

Cybersecurity

COVID-19 made us realise the role of the global public health infrastructure and need to abide by agreed rules. Similarly, a better understanding of the global cyberspace architecture is required as cyber Insecurity of individuals, organisations and states are expanding amidst COVID-19.

Necessity:

  • Apple, Amazon and Microsoft have added more than a trillion dollars in market value, since the start of 2020. 
  • In one week in April 2020, reportedly, there were over 18 million daily malware and phishing emails related to COVID-19 monitored by a single email provider, in addition to more than 240 million COVID-19-related daily spam messages. 
  • China has been accused of hacking health-care institutions in the United States working on novel coronavirus treatment
  • The ban on specified Chinese Apps, on grounds that they are “engaged in activities prejudicial to the sovereignty and integrity of India” adds another layer of complexity to the contestation in cyberspace. 

International efforts for cybersecurity:

  • In 1998 Russia inscribed the issue of information and communications technologies (ICTs) in international security on the UN agenda. 
  • Since then six Group of Governmental Experts (GGE) with two-year terms and limited membership have functioned.
  • The net result of the UN exercise has been an acceptance that international law and the UN Charter are applicable in cyberspace; a set of following voluntary norms of responsible state behaviour was agreed to in 2015.
    • Limiting norms:
      • States should not knowingly allow their territory to be used for internationally wrongful acts using ICTs;
      • States should not conduct or knowingly support ICT activity that intentionally damages critical infrastructure;
      • States should take steps to ensure supply chain security, and should seek to prevent the proliferation of malicious ICT and the use of harmful hidden functions;
      • States should not conduct or knowingly support activity to harm the information systems of another state’s emergency response teams (CERT/CSIRTS) and should not use their own teams for malicious international activity;
    • States should respect the UN resolutions that are linked to human rights on the internet and to the right to privacy in the digital age.

Issues with cybersecurity norms:

  • What aspects of international law and in what circumstances will be applicable remains to be addressed. 
  • Issues such as Internet governance, development, espionage, and digital privacy are kept out. While terrorism and crime are acknowledged as important, discussion on these has not been focused on.
  • UN Secretary General António Guterres’s recent report, “Roadmap for Digital Cooperation”, gently calls for action do not hold much hope in the current geopolitical circumstances.
  • Unawareness among the public: While we are embracing new ways of digital interaction and more of our critical infrastructure is going digital, like global public health, cybersecurity is a niche area, left to experts. 
  • Borderless cyberspace, as a part of the “global commons” does not exist. The Internet depends on physical infrastructure that is under national control, and hence is subject to border controls too. Each state applies its laws to national networks, consistent with its international commitments.
  • There is no equivalent of a World Health Organization which can monitor, assess, advise and inform about fulfilment of state commitments, in however limited or unsatisfactory a manner. 
  • Cyberspace has multiple stakeholders, not all of which are states. Non-state actors play key roles — some benign, some malignant. Many networks are private, with objectives different from those of states. 
  • Cybertools are dual use, cheap and make attribution and verification of actions quite a task.
  • Generally the growth of technology is way ahead of the development of associated norms and institutions. We are at an incipient stage of looking for “cyber norms” that can balance the competing demands of national sovereignty and transnational connectivity.

Importance of cybersecurity for India:

  • It provides countries such as ours some time and space to evolve our approach, in tune with the relevance of cyberspace to India’s future economic, social and political objectives. 
  • Despite the digital divide, the next billion smartphone users will include a significant number from India. As India’s cyber footprint expands, so will space for conflicts and crimes (both of a private and inter-state nature). 

India’s stakes in global cybersecurity protocols:

  • We have a very active nodal agency for cybersecurity in the Indian Computer Emergency Response Team (CERT-In), Ministry of Electronics and Information Technology. 
    • India has had representatives on five of the six GGEs. 
    • We participate actively at the OEWG. 
    • The Shanghai Cooperation Organisation, of which we are a member, voiced support for a code of conduct. 
    • India joined the Christchurch Call which brought together countries and companies in an effort to stop the use of social media for promoting terrorism and violent extremism.

Way forward:

  • There is a need for adoption of a data protection legislation which deals with the issues of data security comprehensively. 
  • According to the Budapest Convention, or Convention on Cybercrime of the Council of Europe (CETS No.185), We need to encourage our private sector to get involved more in industry-focused processes such as the Microsoft-initiated Cybersecurity Tech Accord and the Siemens-led Charter of Trust. 
  • Engagement in multi-stakeholder orientations such as the Paris Call (for trust and security in cyberspace) can help. 

In preparation for the larger role that cyberspace will inevitably play in Indian lives, we need a deeper public understanding of its various dimensions. Cyberspace is too important to be left only to the experts.

Q) In the age of data, there is a necessity for making cyberworld a global commons to avoid monopolies dictating human choices.