Cybersecurity and international cooperation

Tas Maldonado Niffinegger

1


Initially designed for academic purposes, the Internet started as a tool for
improving the communication between users. By that time, cybersecurity was
not a relevant issue. Along with the development of this important technological
tool, the use of the Internet in contemporary life became absolutely essential.
The Internet is present everywhere and we became increasingly dependent on it
(U.S. National Cybersecurity, 2004). Today we cannot think of communication,
commerce, control systems, entertainment industry, education, health system,
data storage, among others, without thinking about the Internet.
Many kinds of threats, however, accompany the growth of he information
society. As most of the essential services depend on information and
communications technology (ICTs), attacks against informational applications
and cyber infrastructures take a very destructive potential. According to the
International Telecommunications Union (ITU), making the Internet safer is
fundamental for the development of new services and also for protecting
governmental policy. In this sense, cybersercurity is an important component of
national security.
Similarly, the he Organization for Economic Co-operation and
Development (OECD) stresses that cybersecurity strategies recognize that the
economy, society and governments now rely on the Internet for many essential
functions and that cyber threats have been increasing and evolving at a fast
pace (OECD, 2012). Those strategies seek for governmental coordination and

1
Master student in International Public Management at the Paris School of International Affairs
Sciences Po.
definition of responsibilities and roles. According to OECD studies, the key points
are the respect to common values (privacy, free flow of information and freedom
of speech). In that sense, coordination between private and public sector and
international cooperation are highly required. Modern economys dependency
on the Internet brings several consequences on cybersecurity policy making.
Thus it is necessary to adopt strategies that approach cybersecurity in a more
integrated and comprehensive manner.
An important multilateral initiative, ITUs Global Security Agenda (GCA)
comprises seven main strategic goals, built on five work areas: legal measures,
technical and procedural measures, organizational structures, capacity building
and international cooperation. Also in the international level, other initiatives
also focus on cybersecurity, like G8s Subcommittee 773 on High-tech Crimes, the
General Assembly of the United Nations and Council of Europe (CoE). At the
regional level, the most relevant action plans have been carried out by the
European Union (UN), The OECD, the North Atlantic Treaty Organization (NATO)
the Asia-Pacific Economic Cooperation (APEC), the Commonwealth, the Arab
League and Gulf Cooperation Council and the Organization of American States.
The international framework on cybersecurity includes the Council of
Europes Convention on Cybercrime, several bilateral arrangements between
countries and a large number of recommendations from international and
regional organizations. Representing an important regional player, the European
Commission Joint Research Center (JRC) provides independent, technical and
scientific support throughout the whole policy cycle and. It plays an important
role by stimulating innovation, cooperation, standardization and also by sharing
its know-how with the Member States, the scientific community and
international partners (OECD, 2012). One of the most actives State actors is the
United States of America, who maintains bilateral agreements on legal
cooperation in criminal matters (including cybercrime) with more than twenty
other countries (those are called Mutual Legal Assistance in Criminal Matters
Treaties). At the multilateral level, the ITU is one of the most operating
institutions, and, beyond coordinating general policies towards international
communications technologies (ICTs), the organization produces a large number
of security frameworks, standards and architectural solutions. Along with the
technical debate, the ITU also discusses political matters regarding technological
development.
Considering that communications infrastructure is globally
interconnected, governments recognize it is necessary to address cybersecurity
policies and guidelines holistically rather than in a fragmented manner as in the
past (OECD, 2012). Many international organizations are now debating feasible
models of cooperation and, despite divergences between various actors, a
possible strategy would be to first address non sensible issues, by sharing
informations and design common policies (e.g. combat to spamming and child
pornography). Identifying those activities more likely to be part of wide-ranging
agreement and establishing roles and responsibilities would certainly be a great
contribution to the international community (Sofaer, D. Clark, and W. Diffie,
2010).
The need for better alliances and more cooperation agreements between
countries and counterparts are one of the shared key points in many national
and regional strategies. For instance, governments often mention capacity
building and legal cooperation as a clear objective for international coordinated
action, however there is still little detail concerning how those shares objectives
should be implemented. International agreements on cybersecurity can only be
possible if they consider significant idiosyncrasies between activities regulated
by established international regimes and cyber systems (D. Clark and Diffie,
2010). Some of those relevant initial barriers for international cooperation are
limitations of governments regarding national security, contradictory national
policies about, privacy and other sensible issues. However, whether the list of
non-negotiable themes can be quite large, international cooperation may still
address many of common problems that could prove beneficial.
A global approach of information security would be extremely useful to
facilitate the definition and execution of national cybersecurity strategies and
international cooperation, to create a common know-how based on well
recognized standards, to avoid redundancy of works and efforts and to optimize
coordination between parties (Schjlberg and Ghernaouti-Hlie, 2009). In that
sense, some important initial strategies shall comprise guaranteeing the free
flow of information, creating common responses to increasingly serious risks,
fostering risk-based approach and establishing roles and responsibilities. More
sensible subjects could be more carefully examined in a further moment.
Good practices: Cybersecurity has been largely discussed at the General
Assembly of United Nations, which adopted several Resolutions addressing
themes like the definition of cybercrime, cyberterrorism, critical infrastructure
protection, spam, attacks on cyber infrastructure, and the need for capacity
building. Other successful multilateral initiatives worth mentioning are the
Conferences on Cyberspace (2011, London) and the Meridian Process,
designed to provide to governments the background for discussing how to work
together on policy-building on Critical Information Infrastructure Protection
(CIIP). The Budapest Convention on Cybercrime appears as an interesting
example on joint strategy shared by several countries.
In conclusion, it is already consensual that the global nature of the
Internet networks and the informational communication technologies industry
require a multilateral understanding of cybersecurity, which can only be
effective through cooperation in a multi-sector governance model. The effort of
building a common legal understanding by multiple players certainly
strengthens a global strategy concerning cybersercurity. The need for an
international strategy is shared by important international actors and
stakeholders like the ITU (Global Cybersecurity Agenda), the US government
(White House, 2009), OECD, CoE and many regional organizations.
Governments should therefore find the right balance between ruling their
genuine competence in national security and addressing important issues that
might impact economic security and private sector systems. Even though there
are more recent initiatives in international level, the cooperation should be a
priority.

References:
Dynes, S., E. Goetz and M. Freeman. 2007. Cybersecurity: Are Economic
Incentives Adequate? In Critical Infrastructure Protection.

Cybersecurity Policy Making at a Turning Point. OECD, 2012. Available at:
http://www.oecd.org/sti/ieconomy/cybersecurity%20policy%20making.pdf

Kurbalija, Jovan. An Introduction to Internet Governance, 6th Edition. Published
by DiploFoundation (2014). Available at
http://issuu.com/diplo/docs/an_introduction_to_ig_6th_edition/1.

Sofaer, D. Clark, and W. Diffie, Cyber Security and International Agreements, in
National Research Council (NRC), Proceedings of a Workshop on Deterring
Cyberattacks: Informing Strategies and Developing Options for U.S. Policy
(2010).

Schjlberg, Stein and Ghernaouti-Hlie, Solange. A Global Protocol on
Cybersecurity and Cybercrime: An initiative for peace and security in
cyberspace. Cybercrimedata, 2009.

The White House, Cyberspace Policy Review: Assuring a Trusted and Resilient
Information and Communications Infrastructure, May 2009.

U.S. National Cybersecurity. William J. Perry. Martin Casado, Keith Coleman, Dan
Wendlandt. MS&E 91SI. Fall 2004. Stanford University.