Are Nation States Responsible for Evil Traffic Leaving Their Networks?
During recent talks to various audiences, I've mentioned discussions within the United Nations. One point from these discussions involved certain nation states agreeing to modes of behavior in cyber space. I found the document containing these recent statements: A/68/98, Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security (pdf). This document is hosted within the United Nations Office for Disarmament Affairs, in the developments in the field of information and telecommunications section.
Fifteen countries were involved in producing this document: Argentina, Australia, Belarus, Canada, China, Egypt, Estonia, France, Germany, India, Indonesia, Japan, the Russian Federation, the United Kingdom of Great Britain and Northern Ireland and the United States of America.
Within the section titled "Recommendations on norms, rules and principles of responsible behaviour by States," I found the following noteworthy:
19. International law, and in particular the Charter of the United Nations, is applicable and is essential to maintaining peace and stability and promoting an open, secure, peaceful and accessible ICT environment...
23. States must meet their international obligations regarding internationally wrongful acts attributable to them. States must not use proxies to commit internationally wrongful acts. States should seek to ensure that their territories are not used by non-State actors for unlawful use of ICTs.
The first statement is important because it "imports" a large body of external law and agreements into the cyber field, for good or ill.
The second statement is important because, if States obey these principles, it has interesting effects upon malicious activity leaving State networks. Collectively these sentences imply that States are responsible for their networks. States can't claim that they are only innocent intrusion victims, and that any malicious activity leaving their State isn't their fault or problem.
Whether States try to meet these obligations, and whether others call them out for not meeting them, is another matter.
Tweet
Fifteen countries were involved in producing this document: Argentina, Australia, Belarus, Canada, China, Egypt, Estonia, France, Germany, India, Indonesia, Japan, the Russian Federation, the United Kingdom of Great Britain and Northern Ireland and the United States of America.
Within the section titled "Recommendations on norms, rules and principles of responsible behaviour by States," I found the following noteworthy:
19. International law, and in particular the Charter of the United Nations, is applicable and is essential to maintaining peace and stability and promoting an open, secure, peaceful and accessible ICT environment...
23. States must meet their international obligations regarding internationally wrongful acts attributable to them. States must not use proxies to commit internationally wrongful acts. States should seek to ensure that their territories are not used by non-State actors for unlawful use of ICTs.
The first statement is important because it "imports" a large body of external law and agreements into the cyber field, for good or ill.
The second statement is important because, if States obey these principles, it has interesting effects upon malicious activity leaving State networks. Collectively these sentences imply that States are responsible for their networks. States can't claim that they are only innocent intrusion victims, and that any malicious activity leaving their State isn't their fault or problem.
Whether States try to meet these obligations, and whether others call them out for not meeting them, is another matter.
Tweet
Comments