UN Cyber Norm H | Respond to requests for assistance

 Stencil, Text

States should respond to appropriate requests for assistance by another State whose critical infrastructure is subject to malicious ICT acts. States should also respond to appropriate requests to mitigate malicious ICT activity aimed at the critical infrastructure of another State emanating from their territory, taking into account due regard for sovereignty.


What is it about?

Norm (h) highlights that international cooperation and dialogue are essential for effective responses to ICT threats. States should work together, share information, and coordinate actions to combat cyber threats effectively. By responding to assistance requests and mitigating threats, states contribute to global cybersecurity and help maintain international peace and security.

Why is it relevant?

Critical infrastructure is fundamental to a society’s vital functions, services, and activities. However, daily reports highlight cyber attacks on critical infrastructure, affecting sectors such as energy, healthcare, transportation, and more. If these were significantly impaired or damaged, the human costs and impact on a state’s economy, development, political and social functioning, and national security could be substantial.

How is it implemented?

In accordance with the clarification provided in the UN GGE 2021 report, to effectively implement the norm, states should consider the following measures:

  • Establishing national structures and mechanisms: States should develop robust national systems for detecting and mitigating ICT incidents. This includes setting up cybersecurity operations centres, incident response teams, and continuous monitoring systems. States also need to create national bodies or designate existing agencies responsible for coordinating responses to ICT threats and managing requests for assistance.
  • Identifying contact points: States need to identify contact points within their national structures responsible for handling requests for assistance. This ensures that any request can be directed to the appropriate authorities promptly.
  • Developing common procedures and templates: Common and transparent processes and procedures for requesting assistance from another state and for responding to requests for assistance can facilitate the cooperation described by this norm. In this regard, common templates for requesting assistance and responding to such requests can ensure that the state seeking assistance provides as complete and accurate information as possible to the state from which it seeks the assistance, thereby facilitating cooperation and timeliness of response. Such templates could be developed voluntarily at the bilateral, multilateral or regional level. A common template for responding to assistance requests could include elements that acknowledge receipt of the request and, if assistance is possible, an indication of the timeframe, nature, scope and terms of the assistance that could be provided.
  • Encouraging a transparent and timely response process: A state receiving a request for assistance needs to determine, in as transparent and timely a fashion as possible and respecting the urgency and sensitivity of the request, whether it has the capabilities, capacity and resources to provide the assistance requested. States from which the assistance is requested are not expected to ensure a particular result or outcome.
  • Engaging the private sector: States may also seek the services of the private sector to assist in responding to requests for assistance. 
  • Utilising international arrangements: Upon receiving a request for assistance, states should offer any assistance they have the capacity and resources to provide, and that is reasonably available and practicable in the circumstances. A State may choose to seek assistance bilaterally, or through regional or international arrangements.
  • Defining the incident management plan: Where the malicious activity is emanating from a particular state’s territory, its offer to provide the requested assistance and the undertaking of such assistance may help minimise damage, avoid misperceptions, reduce the risk of escalation and help restore trust. Engaging in cooperative mechanisms that define the means and mode of crisis communications and of incident management and resolution can strengthen observance of this norm.

Who are the main actors?

Despite the fact that norm address responsible state behaviour and targets UN Member States, there are additional actors who could play a role in the implementation of the norm:

  • International and regional organisations (e.g., OSCE, ASEAN, African Union etc.), which could be specifically helpful to provide frameworks, guidelines, and platforms for states to cooperate effectively, share best practices, and coordinate responses to cyber threats on a global scale. These organisations could also serve as platforms for facilitating the communication between states in the event of incidents affecting critical infrastructure.
  • International standards organisations (e.g., ISO and IEC) which could be helpful to develop and promote global cybersecurity standards for protection of critical infrastructure.
  • National CERTs/CSIRTs and FIRST as an international community of CSIRTs to help advance detecting, investigating and responding to ICT incidents affecting critical infrastructure.
  • Non-state stakeholders, such as the private sector who act as owners and operators of critical infrastructure, technology and cybersecurity firms, and various industry associations. 
  • Non-state stakeholders, such as civil society, research centres and academia which conduct studies on cybersecurity threats, cyber conflict, defences, and can provide education and training to building a skilled cybersecurity workforce.Think tanks and research centres can also be helpful in offering policy recommendations on cybersecurity issues.

Where is it discussed?

The UN Open-ended working group (OEWG) remains the one and only process where all UN Member States discuss the implementation of the agreed norms, including this norm, on a regular basis. 

States implement these norms domestically, including through adopting acts and policies at a national level, and may also engage in regional cooperation to enhance cybersecurity. Inter-agency coordination between various governments can also help develop common approaches that define procedures for crisis communication and incident management. This may include pre-agreed protocols for information sharing, escalation paths, and joint response strategies. Within such cooperative mechanisms, states may conduct regular joint exercises and simulations with partner states to test and refine crisis communication and incident management protocols.

Public-private partnerships at a national or regional level also serve an important platform for a dialogue between state and relevant non-state stakeholders to discuss the operationalisation of this norm. Specifically, a cooperation with Internet Service Providers (ISPs) and the Internet Exchange (IX) community can be helpful to identify compromised devices, provide early warning of new infections and offer managed security services to clean up the networked infrastructures to significantly reduce, if not eliminate, the infections of the critical infrastructure.

Contacts between various technical and cybersecurity researchers, incident responders from various countries (e.g., the contact that takes place within the FIRST) is another example to operationalize the norm.

Various multistakeholder and international initiatives (e.g. such as the Geneva Dialogue on Responsible Behaviour in Cyberspace and GFCE) serve as additional platforms for discussing the practical aspects of the norm implementation. 

Relevant normative frameworks

Latest news