Q4/2019 - Global Commission on the Stability of Cyberspace (GCSC)

New York, 13 September 2019

Final Meeting 2019, Addis Ababa, October 2019

After two years of work, the Global Commission on the Stability of Cyberspace (GCSC) adopted its final report at its last official meeting in Addis Ababa on 12 October 2019[1]. The last meeting of the GCSC was combined with consultations with the African Union Commission as well as with the chairs of the OEWG and the UNGGE6, who also held consultations with the African Union Commission in Addis Ababa. The two co-chairs of the GCSC, Michael Chertoff and Latha Reddy, announced that they were going to bring in the Commission’s proposals to the ongoing negotiations in the UN system, in particular at the OEWG and the UNGGE6.

Presentation of Final Report, Paris, 12 November 2019

The final report “Advancing Cyberstability” was presented at the 2nd Paris Peace Forum on 12 November 2019. Dutch Foreign Minister Stef Blok handed over the report to French Minister of Foreign Affairs Jean-Yves Le Drian. The Netherlands had initiated the establishment of the Global Commission in 2016. In his speech, Stef Blok emphasised that cyberspace needed rules. International law was binding offline as well as online. Therefore, the Global Commission’s proposal to apply such rules both for governments and states as well as for non-state actors was of fundamental importance. This was particularly true with regard to the norm that requested protection of the public core of the Internet[2]. The former Estonian Minister of Foreign Affairs Marina Kaljurand, Chair of the Global Commission and since recently also Member of the European Parliament, announced that she was going to take into consideration the ideas of the Commission’s report in her parliamentary work and to encourage governments to implement the suggested norms.

The central piece of the GCSC proposal are the eight principles[3]. The Global Commission wants the principles to be understood rather as a “buffet” than as a “package”. This means, each individual principle has the potential to become the starting point of an independent political or legal instrument. This applies in particular to the two norms related to the protection of the public core of the Internet and on cyber hygiene.

The report further contains six recommendations, including that of developing mechanisms for monitoring compliance with principles. It also considers it necessary to establish instruments for sanctioning violations of these principles (those who violate norms face predictable and meaningful consequences). It is proposed to create a "standing multistakeholder engagement mechanism" which, serving as an interface between the stakeholders, shall contribute to the stabilisation of cyberspace[4].  

After the Paris Peace Forum, the Global Commission on Stability on Cyberspace also presented its final report at the Internet Governance Forum (IGF) in Berlin (25 November 2019) and at the OEWG Informal Intersessional in New York (4 December 2019). Further outreach activities are planned in 2020, e.g. at the Munich Security Conference (MSC) in February 2020. The Commission intends to play a constructive role in the elaboration of the "Global Commitment on Digital Cooperation", which is to be adopted on the 75th anniversary of the United Nations on 24 October 2020.

Mehr zum Thema
Q4/2019GCSC
  1. [1] Meeting of the Global Commission on the Stability of Cyberspace, Addis Abeba, 12. Oktober 2019, https://cyberstability.org/news/cyberstability-update-september-2019/
  2. [2] Speech by the Minister of Foreign Affairs, Stef Blok, at the launch of the report by the Global Commission on the Security of Cyberspace (GCSC) at the Peace Forum in Paris, 12 November 2019: „.With this report as a solid basis, let me offer a few thoughts on what I think should come next. Cyberspace cannot be an ungoverned space where the bad guys can simply do as they please with impunity. Irresponsible states, criminals and terrorists must not have a place to hide. The international rules-based order should extend into cyberspace. The Netherlands agrees with the vast majority of nations that believe that international law applies in cyberspace. Nations must recognise that they are always bound by international law, both in the physical world and the virtual“. In: https://www.government.nl/documents/speeches/2019/11/12/speech-by-minister-stef-blok-at-launch-of-report-global-commission-on-the-security-of-cyberspace
  3. [3] Advancing Cyberstability, Final Report of the Global Commission on Stability in Cyberspace, Paris, 12. November 2019, Prinzipien: „1. State and non-state actors should neither conduct nor knowingly allow activity that intentionally and substantially damages the general availability or integrity of the public core of the Internet, and therefore the stability of cyberspace. 2. State and non-state actors must not pursue, support or allow cyber operations intended to disrupt the technical infrastructure essential to elections, referenda or plebiscites. 3. State and non-state actors should not tamper with products and services in development and production, nor allow them to be tampered with, if doing so may substantially impair the stability of cyberspace. 4. State and non-state actors should not commandeer the general public’s ICT resources for use as botnets or for similar purposes. 5. States should create procedurally transparent frameworks to assess whether and when to disclose not publicly known vulnerabilities or flaws they are aware of in information systems and technologies. The default presumption should be in favor of disclosure. 6. Developers and producers of products and services on which the stability of cyberspace depends should (1) prioritize security and stability, (2) take reasonable steps to ensure that their products or services are free from significant vulnerabilities, and (3) take measures to timely mitigate vulnerabilities that are later discovered and to be transparent about their process. All actors have a duty to share information on vulnerabilities in order to help prevent or mitigate malicious cyber activity.7. States should enact appropriate measures, including laws and regulations, to ensure basic cyber hygiene. 8. Non-state actors should not engage in offensive cyber operations and state actors should prevent such activities and respond if they occur.“ In: https://cyberstability.org/report/
  4. [4] Advancing Cyberstability, Final Report of the Global Commission on Stability in Cyberspace, Paris, 12. November 2019 Empfehlungen: „ 1. State and non-state actors adopt and implement norms that increase the stability of cyberspace by promoting restraint and encouraging action. 2. State and non-state actors, consistent with their responsibilities and limitations, respond appropriately to norms violations, ensuring that those who violate norms face predictable and meaningful consequences. 3. State and non-state actors, including international institutions, increase efforts to train staff, build capacity and capabilities, promote a shared understanding of the importance of the stability of cyberspace, and take into account the disparate needs of different parties.4. State and non-state actors collect, share, review, and publish information on norms violations and the impact of such activities.5. State and non-state actors establish and support Communities of Interest to help ensure the stability of cyberspace. 6. A standing multistakeholder engagement mechanism be established to address stability issues, one where states, the private sector (including the technical community), and civil society are adequately involved and consulted. In: https://cyberstability.org/report/