I saw this very interesting piece of news some time back on China Daily…
Multilateral cyber security, China Daily. September 19, 2011.
The United Nations permanent representatives of China, Russia, Tajikistan and Uzbekistan jointly sent a letter to UN Secretary-General Ban Ki-moon, requesting him to circulate the International Code of Conduct for Information Security.
I’m really interested to see the letter and know more in detail what is being discussed, who is involved in the discussion and what is concluded.
According to the letter, the code’s purpose is to identify state’s right and responsibilities in cyberspace, promote their constructive and responsible behaviour, and enhance their cooperation in addressing the common threats and challenges in cyberspace.
The code makes much of state sovereignty in cyberspace, but fully respects the rights and free flow of information. Frankly speaking, the flow of information to some extent has no borders, built cannot overstep national sovereignty and should abide by related laws.
With some predicting that future wars will be conducted in cyberspace, the code request states, voluntarily subscribing to it, to pledge not to use cyberspace to carry out hostile activities or acts of aggression that pose threats to international peace and security. It also calls on states to cooperate in combating criminal and terrorist activities that use information and communication technologies.
What is this Code of Conduct really about? What is their definition of cyberspace? What is their definition of “carry out hostile activities or acts of aggression that pose threats to international peace and security.” Do the military need to comply to the code? I understand and do think that we do need something like this sooner or later. But the question is how useful can it be? Can it address the issue of hacktivism which we are experiencing now? If not, potentially, a nation state can act in accord and push the blame to their patriotic citizens like what is suspected in the Russia v. Estonia and Russia v. Georgia DDoS attack back in 2007 and 2008 respectively.