Australia’s ambassador for cyber affairs Tobias Feakin has attended a meeting at which the Global Commission on the Stability of Cyberspace (GCSC) introduced a new “norm” that seeks to bar the kind of tampering with products outlined in the Assistance and Access Bill 2018.
The GCSC was established by the governments of the Netherlands, France and Singapore, with the backing of Microsoft and the Internet Society, to develop “norms” that nations will abide by to protect the stability of cyberspace.
The group’s backers believe that as the internet becomes essential for provision of services like electricity, water and information, it deserves the same humanitarian protections that prohibit armed conflicts from targeting civilian infrastructure like hospitals.
The Commission hopes that its norms will be adopted by nations around the world, thereby creating de-facto laws of cyber-war that rule out attacks on internet infrastructure that would harm civilians, or state-sponsored hacking such as the Stuxnet, Petya and NotPetya attacks.
This approach has been chosen as it is felt that a formal set of cyber-war laws would not be supported by the USA, China or Russia. The GCSC hopes that if many other nations adopt its norms, a standard of behaviour will at least have been set.
The Commission met in Singapore this week, with Feakin joined by Department of Foreign Affairs and Trade (DFAT) officials Asha Sharma and Sam Taylor in hearings to discuss six new norms. The Australian Strategic Policy Institute (ASPI) was also represented at the talks, as was the United Nations and European Union.
The six new norms are:
- Norm to Avoid Tampering.
- Norm Against Commandeering of ICT Devices into Botnets.
- Norm for States to Create a Vulnerability Equities Process.
- Norm to Reduce and Mitigate Significant Vulnerabilities.
- Norm on Basic Cyber Hygiene as Foundational Defense.
- Norm Against Offensive Cyber Operations by Non-State Actors.
The new Norm Package [pdf] builds on the previous GCSC agreements concerning the disruption of elections through cyber attacks on electoral infrastructure and a call to protect the public core of the internet.
The first of the six new norms is the most interesting for Australia because it states “State and non-state actors should not tamper with products and services in development and production, nor allow them to be tampered with, if doing so may substantially impair the stability of cyberspace.”
The Assistance and Access Bill calls for Australian investigators to be permitted to tamper with products and services to access encrypted communications and has attracted criticism from the likes of Cisco on grounds that any tampering weakens internet security.
The latest round of norms also has the support of ICANN, McKinsey, JPMorgan Chase, and the Stanford University Center for International Security and Cooperation.
United Nations under-secretary-general and Izumi Nakamitsu commented on the new norms by saying “The calls for responsible behavior in cyberspace will only grow louder, in step with the very real risks cyber poses for international stability.”
iTnews is investigating whether DFAT or Ambassador Feakin opposed the new norms and will report if we receive any substantial information.