| bibo:abstract |
IF2017-77E
Recent Trend of Cyber Security Governance and Challenges
February 5th, 2018
YOO Joonkoo
Research Professor, Center for International Law
I. Introduction
The international community’s
perception of cyber threats has grown in
the past ten years with the outbreak of
cyber incidents like the 'Stuxnet' attack, the
WannaCry ransomware attack, distributed denial
of service (DDoS) attacks, the revelations of Edward
Snowden and the Sony hack, all of which have led
the United Nations (UN), the European Union(EU),
North Atlantic Treaty Organization (NATO), the
Shanghai Cooperation Organization (SCO), the
Global Conference on Cyberspace (GCCS) and other
various multilateral/regional organizations to
discuss international security in cyberspace.
Specifically, the UN Group of
Governmental Experts on Developments in the
Field of Information and Telecommunications in
the Context of International Security (UNGGE) was
established in 2004 to comprehensively discuss the
issue of cyberspace governance and the
applicability and interpretation of international law
and norms in cyberspace. There are deeply
diverging viewpoints between the two sides - the
group led by China and Russia and like-minded
countries led by the US - on issues like △
classification of international laws and norms, △
the right to self defense and countermeasures, △
state responsibility and due diligence, △ cyber
terrorism and cyber crime and △ internet
governance and jurisdiction in cyber space. The
fifth session of the UN GGE stepped backed from
the past achievements, concluding without the
release of a consensus report due to such clashing
viewpoints among the Group’s members.
The Group’s failure to arrive at a consensus
outcome report has casted doubt on the
effectiveness of the UNGGE process. Against this
backdrop, many states are calling for ways and
mechanisms to take the international debate
beyond the current GGE format, which would
include changes in the participants,
decision-making process and the agendas to be
discussed. The United States has put forward five
principles in the international conversation on
cyber security: △non-legally binding; △ normative
approach; △ limited participants; △
experts-centered; and △consensus based.
By contrast, China and Russia prefer
open-ended talks on cyber security with more
participants and agendas. Some states suggest that
the United Nations Committee on the Peaceful Uses
of Outer Space (COPUOS) should be a better venue
for discussion.
The Global Conference on CyberSpace is an
“ad-hoc” conference launched in the backdrop of
emerging views that discussions at the UN level lack
effectiveness. But there are increasing concerns
over the weakening momentum of the Conference,
with no countries strongly committed to become the host of the next session. As diverging viewpoints
are exhausting the states, a long-term road map
should be formulated to sustain the conference.
Given the nature of cyberspace, the roles
and functions of the multi-stakeholders are
essential in the ownership and operation of cyber
infrastructure and the implementation of legal
frameworks, and the international norm per se
directly affects the interests of the
multi-stakeholders. Against such a backdrop,
multi-stakeholders including non-governmental
organizations, companies, research institutions are
playing increased roles in setting and implementing
international norms in cyberspace.
II. Discussions on Cyber security Norms : Major Legal Documents and Key Issues of Contention
III. Future Challenges and Prospect
|
