UN Cyber Norm B | Consider all relevant information
In case of ICT incidents, States should consider all relevant information, including the larger context of the event, the challenges of attribution in the ICT environment and the nature and extent of the consequences.
The norm (b) is about how countries should responsibly handle and prevent conflicts that might arise during cyber incidents to avoid escalating tensions. The norm advises states to be cautious and careful during such incidents. It suggests that countries should take measures to support careful consideration and assessment, including figuring out who is responsible for the incident. Although it doesn’t explicitly mention it, this norm aligns with the general principle of peacefully resolving international disputes without threatening global peace and security. The norm recognizes that identifying the source of a cyber incident is complicated and requires considering many factors. By being cautious, countries can help prevent misunderstandings and avoid escalating conflicts.
Why is it relevant?
The norm addresses the following critical aspects:
- State responsibility: It emphasises the importance of countries acting responsibly during cyber incidents to prevent conflicts and escalation, which is crucial in maintaining international security and peace.
- Conflict prevention: By advocating for cautious behaviour and thorough assessment during cyber incidents, the norm aims to prevent misunderstandings that could lead to unnecessary conflicts.
- Peaceful resolution: It aligns with the broader principle of peacefully settling international disputes, reinforcing the need to handle cyber incidents without endangering international security and peace.
- Complex attribution: The norm acknowledges the complexity of attributing cyber incidents to specific actors, promoting a careful and measured approach. This is important because inaccurate or hasty attributions can escalate tensions and lead to conflict.
- International cooperation: Encouraging states to cooperate and share information about cyber incidents can improve global security and build trust among nations, helping to mitigate the risks associated with cyber activities.
How is it implemented?
In accordance with the clarification provided by states in the UN GGE 2021 report, the norm can be implemented through several steps:
- Establishing or strengthening national structures: Countries should create or improve existing national frameworks, including policies, legislative measures, and processes related to ICT. This includes setting up coordination mechanisms and partnerships with relevant stakeholders to effectively assess and manage ICT incidents.
- Engaging in regional and international cooperation to address malicious ICT incidents: Countries should cooperate with other nations at regional and international levels. This includes collaboration between national Computer Emergency Response Teams (CERTs) and Computer Security Incident Response Teams (CSIRTs), ICT authorities, and the diplomatic community. Such cooperation can enhance the ability to detect, investigate, and address malicious ICT incidents, and to present well-substantiated findings before making conclusions.
- Utilizing multilateral, regional, and bilateral platforms for information sharing: Countries should use various platforms to exchange best practices and share information on national approaches to attribution (identifying the source of ICT incidents). This involves distinguishing between different types of attribution and discussing ICT threats and incidents with a broader audience.
- Promoting common understanding: Future work between states at the UN should focus on fostering common understandings and exchanges of practices related to cyber attribution. This would help standardise how countries interpret and handle ICT incidents globally, reducing the risk of misattribution and potential conflict.
Who are the main actors?
Despite the fact that norm address responsible state behaviour and targets UN Member States, there are additional actors who could play a role in the implementation of the norm:
- International and regional organisations (e.g., OSCE, ASEAN, African Union etc.), which could be specifically helpful in crisis and incident management, and in fostering cooperative and partnership arrangements between governments;
- National CERTs/CSIRTs and FIRST as an international community of CSIRTs to help advance detecting, investigating and responding to ICT incidents;
- Non-state stakeholders, specifically the private sector and cybersecurity, threat intelligence companies and researchers who conduct such research to identify, analyze, and understand new and emerging cyber threats, vulnerabilities, and attack methods;
- Non-state stakeholders such as academia and civil society who could be important to advocate for responsible and transparent cybersecurity research and cyber attribution as well as help clarify legal nuances related to cyber attribution.
Where is it discussed?
The UN Open-ended working group (OEWG) remains the one and only process where all UN Member States discuss the implementation of the agreed norms, including this norm, on a regular basis.
States implement these norms domestically, including through adopting acts and policies at a national level, and may also engage in regional cooperation to enhance cybersecurity. Inter-agency coordination between various governments can also help develop common understanding in addressing cyber attribution.
Contacts between various technical and cybersecurity researchers, incident responders from various countries (e.g., the contact that takes place within the FIRST) is another example to operationalize the norm.
Various multistakeholder and international initiatives (e.g. such as the GFCE) serve as additional platforms for discussing the practical aspects of the norm implementation.