G7 Adopts Responsible State Behavior Norms in Cyberspace

The foreign ministers of the G7 nations expressed increased concern about cyber interference in elections.

Leading up to the G7 Summit in Italy in May, they also adopted the G7 Declaration on Responsible States Behavior in Cyberspace.

“Noting increased concern over cyber-enabled interference in democratic processes, and bearing in mind the risk of misperceptions and uncontrolled escalation, we reaffirm our commitment to work within the G7 and other relevant international and multistakeholder fora to promote strategic   frameworks for conflict prevention, cooperation and stability in cyberspace,” the joint statement said.

The Declaration on Cyberspace includes the following voluntary norms of state behavior:

1. States should cooperate on increasing the security and stability of information communication technologies.
2. If a cyber-incident occurs, states should consider the extent and nature of the consequences, including the challenges of attributing the incident to a specific culprit.
3. States should not knowingly allow their territory to be used for international cyberattacks.
4. States should consider how to exchange information with each other about cyberattacks.
5. States should acknowledge that human rights extend into online environments, including the right to privacy, and the freedom of expression.
6. States should not support cyber activities that seek to harm critical infrastructure.
7. States should take measures to protect their own critical infrastructures from cyberattacks.
8. States should offer assistance to other states where critical infrastructure has been compromised.
9. States should prevent the spread of malicious software.
10. States should encourage the reporting of network vulnerabilities and share information about vulnerabilities to eliminate potential threats to networks.
11. States should not support activity that would harm other states’ cyber incident response teams.
12. States should not steal digital information, including trade secrets or confidential business information, in order to gain a competitive advantage for another company.

These norms were discussed during a G20 summit in 2015 and were brought up again at the G7 Foreign Ministers Meeting on April 11.

“Norms can help to prevent conflict in the [Information Communication Technology] environment and contribute to its peaceful use to enable the full realization of ICTs to increase global social and economic development,” the joint statement said.

The foreign ministers from Canada, France, Germany, Italy, Japan, the United Kingdom, the United States, and the European Union, also called on states to publicly explain their views on how international law applies to cyberspace in order to increase transparency. The foreign ministers said that states are able to respond in self-defense in response to an armed attack through cyberspace.

“In response to cyberattacks, U.S. reserves the right to respond to any destabilizing cyber conduct directed at us or our interests,” Christopher Painter, coordinator for cyber issues at the State Department, said Tuesday.

The foreign ministers said that states can’t avoid blame for cyberattacks by operating through a proxy actor.

The United Nations Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security (UN-GGE) is expected to offer further clarity on the application of international law in cyberspace and the norms of state behavior during peacetime during this year’s session.

“Against this background, we have adopted the G7 Declaration on Responsible States Behavior in Cyberspace and reinforce our commitment to its strategic framework for conflict prevention, cooperation and stability in cyberspace, as a concrete contribution to peace and security, and we encourage similar commitments from other states,” the joint statement said.