G7 DECLARATION ON RESPONSIBLE STATES BEHAVIOR IN CYBERSPACE
The risk of escalation and retaliation in cyberspace, the increasing number of cyber attacks and cyber threats even more sophisticated could have a destabilizing effect on international peace and security. The risk of conflict between states caused so cyber incidents encourages all States to engage in law-abiding, norm-respecting and confidence-building behavior in their use of ICT.
I’m very proud to share with you the G7 DECLARATION ON RESPONSIBLE STATES BEHAVIOR IN CYBERSPACE, I had the honor to be a member of the group that worked on the proposal for voluntary, non-binding norms of State behavior during peacetime. We presented 12 points aimed to propose stability and security in the cyberspace. The declaration invites all the States to collaborate with the intent to reduce risks to international peace, security, and stability.
Below the point presented in the Declaration:
- Consistent with the purposes of the United Nations, including to maintain international peace and security, States should cooperate in developing and applying measures to increase stability and security in the use of ICTs and to prevent ICT practices that are acknowledged to be harmful or that may pose threats to international peace and security;
- In case of ICT incidents, States should consider all relevant information, including the larger context of the event, the challenges of attribution in the ICT environment and the nature and extent of the consequences;
- States should not knowingly allow their territory to be used for internationally wrongful acts using ICTs;
- States should consider how best to cooperate to exchange information, assist each other, prosecute terrorist, and criminal use of ICTs and implement other cooperative measures to address such threats. States may need to consider whether new measures need to be developed in this respect;
- States, in ensuring the secure use of ICTs, should respect Human Rights Council resolutions 20/8 and 26/13 on the promotion, protection and enjoyment of human rights on the Internet, as well as General Assembly resolutions 68/167 and 69/166 on the right to privacy in the digital age, to guarantee full respect for human rights, including the right to freedom of expression;
- A State should not conduct or knowingly support ICT activity contrary to its obligations under international law that intentionally damages critical infrastructure or otherwise impairs the use and operation of critical infrastructure to provide services to the public;
- States should take appropriate measures to protect their critical infrastructure from ICT threats, taking into account General Assembly resolution 58/199 on the creation of a global culture of cybersecurity and the protection of critical information infrastructures, and other relevant resolutions;
- States should respond to appropriate requests for assistance by another State whose critical infrastructure is subject to malicious ICT acts. States should also respond to appropriate requests to mitigate malicious ICT activity aimed at the critical infrastructure of another State emanating from their territory, taking into account due regard for sovereignty;
- States should take reasonable steps to ensure the integrity of the supply chain so that end users can have confidence in the security of ICT products. States should seek to prevent the proliferation of malicious ICT tools and techniques and the use of harmful hidden functions;
- States should encourage responsible reporting of ICT vulnerabilities and share associated information on available remedies to such vulnerabilities to limit and possibly eliminate potential threats to ICTs and ICT-dependent infrastructure;
- States should not conduct or knowingly support activity to harm the information systems of the authorized emergency response teams (sometimes known as computer emergency response teams or cybersecurity incident response teams) of another State. A State should 5 not use authorized emergency response teams to engage in malicious international activity.
- No country should conduct or support ICT-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sectors.
Let me thank the colleagues Luigi Martino and Marco Lapadura that worked with me at the declaration, and of course to Minister Gianfranco Incarnato that led the group of work.
This is just a fist step of a long journey!
(Security Affairs – G7 DECLARATION ON RESPONSIBLE STATES BEHAVIOR IN CYBERSPACE, G7)