Person working on laptop computer

IGF engagement in action: Cyber Norms

Join us at NetThing to explore the topic of Cyber Norms.

The following copy is provided by Johanna Weaver, Special Adviser to Australia’s Ambassador for Cyber Affairs, Australia’s representative to UN Group of Experts on Cyber.

In December 2018, the United National General Assembly (UNGA) established two processes to discuss responsible state behaviour in cyberspace: an inaugural Open Ended Working Group; and, a sixth Group of Governmental Experts (GGE). Australia is active in both: more info here.

A key focus of these two UN groups will be providing guidance on practical steps countries should take to implement the recommendations from the 2015 GGE report, including the 11 agreed norms of responsible state behaviour (listed below: take a look, there is a norm for everyone!).

To inform Australian engagement in the two UN processes, this session of NetThings seeks to draw on participants’ collective expertise to compile a list of suggestion “best practices” countries should take to implement the 11 norms.

As a primer, here is a document outlining the list of 11 norms and the steps the Australian government is already taking to implement them. At the session, we will seek to develop a third column to this document setting out the NetThing community’s suggested best practices for implementation of each norm.

11 agreed norms of responsible state behaviour (from the 2015 UNGGE Report)

  1. Cooperating to increase stability and security in cyberspace
  2. Considering all relevant information in the case of cyber incidents
  3. Not knowingly allowing territory to be used to commit internationally wrongful acts using cyber tools
  4. Preventing criminal and terrorist use of information and communications technologies
  5. Respecting human rights—including privacy—online
  6. Not conducting cyber activities that damage the critical infrastructure of another country
  7. Taking appropriate measures to protect critical infrastructure from cyber threats
  8. Responding to reasonable requests for assistance from another state
  9. Taking steps to protect the integrity of supply chains for ICT products,
  10. Reporting ICT vulnerabilities in a responsible manner
  11. Not harming another country’s Computer Emergency Response Team or using a Computer Emergency Response Team to engage in malicious cyber activity.