The inability of a United Nations Group of Experts to produce a consensus report on setting norms of behaviour in cyberspace seems to have brought norm development to a temporary halt. The growing digitalised world needs proper rules of engagement among states. ASEAN should not wait for others to set norms for the world to follow.
MEDIA REPORTS have termed the failure to produce a consensus report on setting norms of behaviour in cyberspace as a ‘collapse’ of the process led by an international core of experts in cybersecurity. They are known as the United Nations Group of Governmental Experts on Developments in the Field of Information and Telecommunication in the context of International Security (UNGGE). Prominent thinkers lamented the group’s inability to build on the progress made in the previous rounds of the UNGGE in the governance of cyberspace: in 2012/13, agreeing that international law applies in cyberspace; and, in 2014/15, proposing a set of eleven voluntary, but non-binding norms that states should adopt as best practice.
UNGGE Chair, Karsten Geier, insists that it was no failure. Geier said the experts at the UNGGE had broad agreement on points including capacity-building measures; confidence-building measures; raising awareness among senior decision-makers; conducting exercises; defining protocols for notifications about incidents; warnings when critical infrastructure is attacked; and preventing non-state actors from conducting cyber-attacks. The experts also agreed that there is space for further negotiation and there were options for compromise.
Why They Failed to Reach Consensus
Geier’s comments show that for the most part, states are in agreement, but there are issues that are currently unresolvable. Some observers suggest that the political motives of Russia and China were behind the failure to reach consensus and, by extension, hindering the development of international law in cyberspace. These political motives include promoting other international norms, or testing the limits of influence.
In the absence of official confirmation, this may be a biased view in light of China and Russia’s membership of all the previous UNGGEs, including those that agreed international law applies in cyberspace and proposed the adoption of voluntary norms.
There have also been legal objections to how international law applies in cyberspace. Statements from the American and the Cuban representatives are indicative of how divergent the views are in the applicability of international law.
The American representative, Michele Markoff, expressed her dissatisfaction at some states seeking to “walk back progress” made at the previous UNGGEs; she therefore could not support the draft report because it fell short of the mandate given to the UNGGE, which was to explore how international law applied vis-à-vis cyberspace.
Cuba objected to the proposed draft on grounds that the malicious use of ICTs can be considered an equivalent to armed attack, which would give states the right to self-defence under Article 51 of the UN Charter. This, to Cuba, puts small states at a disadvantage as they do not have the capability to retaliate. Cuba also claims that subjecting ICT to the principles of International Humanitarian Law legitimises warfare in ICT.
How This Affects the World
The inability to reach consensus does not mark the end of the road for the development of norms or international law. International law often takes years, even decades, to formalise and for differences among states to be ironed out. It may well be that the common ground for agreement is exhausted for now. Attention should therefore be paid to other initiatives led by international organisations and non-government organisations, often with state backing, to promote norms and shape normative behaviour among states.
These initiatives include the “Hague Process,” which facilitated input of states into the Tallinn Manual 2.0 project. The Tallinn Manual 2.0 is a handbook on the applicability of international law in cyber operations, and was formulated by legal experts from all over the world. The Netherlands is sponsoring a global training programme and consultation process on the Hague Process, including a workshop for ASEAN, conducted in Singapore in August 2017.
Other worldwide initiatives include the Global Commission on the Stability of Cyberspace (where Singapore is represented by former Police Commissioner Khoo Boon Hui); the Global Conference on Cyberspace; and workshops conducted by the United Nations Institute for Disarmament Research (UNIDIR). These capacity building initiatives are especially important to bring more states to an understanding of how internationally agreed norms can benefit them.
What It Means for Singapore and ASEAN
Norms are especially important to small states like Singapore, as norms set out their rights, including the protection of critical infrastructure from malicious attacks, non-interference in political processes, and the illegality of economic espionage. When pressed for his opinion on what should states do in the wake of the UNGGE impasse, Michael Schmitt, editor of the Tallinn Manuals, strongly recommended that individual states and regional organisations like ASEAN should set out their own positions on norms, in order to build greater international momentum for their adoption.
The EU, in its September 2017 Joint Communication on “Resilience, Deterrence, and Defence: Building Strong Cybersecurity for the EU”, has already pledged to uphold the eleven voluntary, non-binding norms proposed by the 2014/15 UNGGE. There have been calls from within the EU to consider a wider set of norms, and to play a greater leadership role in the formation of norms in cyberspace. To avoid being served with a fait accompli, ASEAN should articulate its views and contribute to how these norms are formed.
The ambiguity of China’s position on how international norms apply in cyberspace may however create a divergence in views among ASEAN states, especially those with pro-China sentiments. There is hence a delicate balance when dealing with norms that could antagonise Singapore’s ASEAN neighbours, especially if the Republic wants to push for the adoption of the norms mooted in 2015, including using its position as ASEAN Chair in 2018 to do so. Capacity building and promotion of norms are thus even more important now, to persuade more states that norms in cyberspace are in the common interest of all.
About the Author
Eugene EG Tan is an Associate Research Fellow at the Centre of Excellence for National Security (CENS), a constituent unit of the S. Rajaratnam School of International Studies (RSIS), Nanyang Technological University, Singapore.
Commentaries / Country and Region Studies / Cybersecurity, Biosecurity and Nuclear Safety / Global / Non-Traditional Security / South Asia / Southeast Asia and ASEAN
Last updated on 06/10/2017