Session
International standards: How should international standards address the different requirements and preferences of governments and citizens in different countries?
International rules and state accountability: How should international rules be strengthened to protect national sovereignty and citizens against attack by malicious state and non-state actors? What can be done to better hold nation-states accountable for cyber-attacks?
Panel - Auditorium - 60 Min
While the idea of non-interference with the core Internet functions has a longer history, the notion only recently became the subject of a norm proposal by the Global Commission on the Stability of Cyberspace (GCSC). The GCSC norm on non-interference with the public core of the Internet has since been accepted and adopted by many institutions, including its inclusion in the Paris Call for Trust and Security in Cyberspace and its adoption into European Union legislation through the EU Cybersecurity Act. This norm has seen continued discussion in international circles, most notably through the Paris Call and the United Nations discussions in the OEWG and GGE. Political leaders, like Chancellor Merkel have also stressed the importance of the public core of the Internet in her opening speech at the Internet Governance Forum in 2019.
More recently, the public core norm was heavily featured in the UN OEWG and GGE dialogues of 2020-2021. For the OEWG, the interim consensus amounted to an acceptance that a basic “critical information infrastructure” existed that was common to all, and that could be described as global public good. Some might say that this was a potential redefinition of the public core away from its former heritage of mankind role. So does the OEWG report represent a step forward, sideways or back? And what next steps are necessary to capture the spirit of the norm and what can the Internet governance community do to this end?
For most attendees, we expect them to leave with the following takeaways: a better understanding of the threats against the public core of the Internet; further specification of the norm to protect the public core of the Internet that involves the full range of stakeholders, in particularly in the context of the UN dialogues (UN OEWG and GGE); a better understanding of the of the role of civil society (in particular the Internet governance community) in defining, monitoring and protecting the public core of the Internet, and how it should relate to other stakeholder groups.
Alexander Klimburg, Director of the Global Commission on the Stability of Cyberspace (GCSC), Director of the Cyber Policy and Resilience Program at HCSS
Louk Faesen, Project Manager of the GCSC Secretariat, Senior Analyst at HCSS
GCSC Briefings:
1. Anriette Esterhuysen, Chair of the Multistakeholder Advisory Group of the IGF
2. Wolfgang Kleinwächter, Professor Emeritus from the University of Aarhus
3. Olaf Kolkman, Principal - Internet Technology, Policy and Advocacy at Internet Society
Expert Briefings:
1. Sheetal Kumar, Senior Programme Lead at Global Partners Digital
2. Chris Gibson, Executive Director at FIRST
3. Marnix Dekker, Coordinator NIS Directive at ENISA
4. Ingmar Snabilie, Task Force International Cyber Policy, Ministry of Foreign Affairs of the Netherlands
Alexander Klimburg / Louk Faesen
Louk Faesen, Strategic Analyst at the Cyber Policy and Resilience Program, HCSS
9. Industry, Innovation and Infrastructure
16. Peace, Justice and Strong Institutions
Targets: SDG 9 aims to build resilient infrastructure, promote sustainable industrialization and foster innovation. The public core norm is considered a norm that protects the critical infrastructure upholding the Internet as we know it. This panel will focus on how to best advance that protection through a concerted multistakeholder effort.
Target 16 aims to promote peaceful and inclusive societies for sustainable development, provide access to justice for all and build effective, accountable and inclusive institutions at all levels. Our Commission and this session primarily focus on advancing international peace and security in cyberspace through norms and multistakeholder engagement.
Report
The Public Core norm should not be interpreted as enabling or encouraging government control over the Internet as a means of protection, but as a norm of restraint that is largely oriented towards moderating malicious state behavior and therefore an issue of governance “on” the Internet, rather than an issue of governance “of” the Internet.
Call all actors to further define the elements of the public core of the Internet, in particular specify what is meant with “public”, and what constitutes a violation of the norm. To this end, civil society and other non-governmental actors should continue in calling out violations of the public core norm.
Attacks, such as DNSespionage, man-in-the-middle attacks such as against Netnod, massed DDoS against DNS, and cable cutting, undermine the general availability of the Internet, having wide-ranging effects for fundamental human rights and on the overall trust in the Internet. At the same time, the development of national Internet segments was also considered to be a worrying trend that goes against the spirit of the norm.
The GCSC norm on Non-interference with the Public Core of the Internet prohibits state and non-state actors to conduct or knowingly allow such activity that intentionally and substantially damages the general availability or integrity of the public core of the Internet. Components of the public core include: Packet routing and forwarding, Naming and numbering systems, The cryptographic mechanisms of security and identity, and Physical transmission media, which are further defined by the GCSC. In particular, experts highlighted the exploitation of the cryptographic mechanisms and the importance of promoting the open standard-setting processes and ways to encourage more widespread adoption and implementation of such standards.
This norm should not be interpreted as enabling or encouraging government control over the Internet as a means of protection, but as a norm of restraint that is largely oriented towards moderating malicious state behavior and therefore an issue of governance “on” the Internet, rather than an issue of governance “of” the Internet. The preservation of the existing multistakeholder model of Internet governance lies at its core. After all, experience shows that the empowered community has been successful in managing the entire Internet system for decades.
Besides support through the Paris Call for Trust and Security in Cyberspace and the EU Cybersecurity Act, the public core was also featured heavily in the UN GGE and OEWG processes, where it is referred to as the “general integrity and availability of the Internet” and considered an enhanced interpretation of the existing norm that prohibits states to conduct cyber operations that impair critical infrastructure. We are now at a point where greater attention needs to be paid to the implementation of the norm and monitoring compliance. Civil society already plays an important role for the latter and should continue to do so.
Finally, the public core of the Internet is better referred to as a global public good – rather than a global public resource where government intervention can be more widely applied.
Call to action:
Call all actors to further define the elements of the public core of the Internet, in particular specify what is meant with “public”, and what constitutes a violation of the norm. To this end, civil society and other non-governmental actors should continue in calling out violations of the public core norm, whereas government actors are encouraged to show restraint as well as support capacity building efforts, for example, by encouraging the open-standard setting process, while maintaining support for the existing multistakeholder model of Internet governance.