Common understanding of rules for responsible state behaviour in cyber space needed, say participants of OSCE Chairmanship conference on cybersecurity

VIENNA, 3 November 2017 – A common understanding of the rules for responsible state behaviour in cyberspace are needed in order to promote confidence and trust between states and lower the risk of cyber conflicts, said participants of the Austrian OSCE Chairmanship’s conference on cybersecurity today in Vienna.

The conference is designed to facilitate face-to-face interaction between national points of contact who work within the framework of OSCE cyber/Information communication technologies (ICT) confidence building to reduce the risks of conflict stemming from the use of ICTs. Participants are sharing best practices and addressing some of the most pressing security concerns in this area, voicing their expectations towards other points of contact should ICT incidents occur and promoting effective and timely joint responses.

“Uncertainty about the origin of hostile cyber action is a common characteristic of cyber incidents and introduces a further element of potential instability into international affairs. Furthermore, the protection of human rights ‘online’ as well as ‘offline’, in particular the right to privacy, needs to be guaranteed as well in order to rebuild confidence between states and their citizens,” said Michael Linhart, Austrian Deputy Foreign Minister, in his opening remarks.

“Faced with these challenges, we need to come together to do three things: work towards a common understanding of the rules for responsible state behaviour in cyber space; promote confidence and trust between states; and strengthen our efforts to increase cyber resilience by promoting capacity building,” he said.

Topics being addressed at the conference include co-operative measures to address the terrorist and criminal use of ICTs in line with OSCE commitments; protecting critical infrastructure from malicious ICT activities; and striking a balance between protecting human rights on the Internet and mitigating security threats.

“The need to deal with the threats does not legitimize measures by states to restrict or interfere with fundamental human rights. Any measures to address threats, such as regulating, filtering or blocking online content, interfering with private communications or any other Internet restrictions, must meet the strict requirements outlined by international human rights law,” said Ingibjörg Sólrún Gísladóttir, Director of the OSCE Office for Democratic Institutions and Human Rights. “Any restrictive measures must be prescribed by law and narrowly defined to meet a legitimate purpose, such as the protection of national security. They must be necessary to achieve such a purpose and they must be proportionate and applied in a non-discriminatory manner.”

"While the UN is the leading organization for discussing the promotion of cyber stability between states, the OSCE’s unique role in settling incidents related to the use of ICTs needs to be strengthened," said Oleg Khramov, Deputy Secretary of the Security Council of the Russian Federation.

Sorin Ducaru, NATO Assistant Secretary General for Emerging Security Challenges, said: “Ultimately, we all stand to benefit from a norms-based, predictable, secure and stable global cyberspace. At NATO we follow closely the work of the OSCE in contributing to this goal. I commend the OSCE and its participating States for the work they have undertaken to develop confidence-building measures to reduce the risks of conflict stemming from the use of information and communication technologies. In this regard, co-operation is paramount. Cyber is a team sport and we are only as strong as our weakest link.”