Cybersecurity experts from around the world recently gathered at the Global Conference on Cyberspace (GCCS) in The Hague. Over a thousand delegates from across the private sector, government and civil society attended the main conference, and many used the opportunity to promote practical cooperation in cyberspace, enhance capacity building and to discuss norms of state behavior in cyberspace.
While such events are easily dismissed, I came away from the conference more convinced than ever that there that meaningful international cooperation possible. Public private sector cooperation is critical to protect the free, open and secure Internet that we have all grown used to and our economies increasingly depend on. Numerous events have taken place over the past year –one only needs to open a newspaper- that drove home the fact that while cyberspace provides us with numerous opportunities, it also increases the potential for actors wishing to do harm. Indeed, many of my discussions highlighted the increased awareness that virtual attacks might cause real and physical damage that could result in loss of life, or indeed spill over into a kinetic reaction.
Unintended escalations can only be avoided if all stakeholders can work together across borders to come to an agreement around what is acceptable and what is unacceptable behavior online. Dialogue such as that initiated at The Hague further cements my view that governments in particular need to define the appropriate parameters of government behavior online. With the advance of an open and global internet, governments need to balance the national security or law enforcement interests it may have against its interests to promote a protected and open environment for commerce and communication.
One such example is the Mutual Legal Assistance Treaty (MLAT), which governments currently rely on to seek to collect or compel information across borders. We talked about this before, most recently on our Microsoft on the Issues blog. The bureaucratic hurdles it puts into place might have been appropriate for the problems of the 19th century, but are no match for the speed of the 21st. The panel I participated on univocally called for the review of the Treaty approach, establishing a new international legal framework with independent and accountable courts and subject to strong checks and balances.
Similarly, many of the participants called for the discussion around cybersecurity norms of behavior to be taken to the next level. We agree with that view. Late last year Microsoft put forward six potential norms for discussion in our “International cybersecurity norms, reducing conflict in an internet-dependent world” paper. Nation states need to continue this dialogue and work to evolve in this space.
What I found particularly positive was the growing acknowledgement that the private sector has key role to play in the development of international cybersecurity norms. The ongoing international public-private dialogue that began in London, and continued through Budapest and Seoul conferences, has played an important role in galvanizing the commitment to multi-stakeholder cooperation. With this year’s event the Dutch government has taken it to the next level. We need to leverage the momentum from The Hague and drive for concrete improvements between now and the next GCCS in 2017 in Mexico.