UN Cyber Norm A | Interstate co-operation on security

Consistent with the purposes of the United Nations, including to maintain international peace and security, States should cooperate in developing and applying measures to increase stability and security in the use of ICTs and to prevent ICT practices that are acknowledged to be harmful or that may pose threats to international peace and security.

What is it about?

This norm discusses the importance of international cooperation to address threats related to the use of ICTs. It emphasises that such threats cannot be effectively dealt with by any one country acting alone. Therefore, the first norm is not meant to be viewed in isolation but as the foundation for more detailed suggestions, agreed upon by states in the UN GGE 2015 report.

Norm (a) highlights the need for countries to cooperate to prevent threats to international peace and security and to stop harmful ICT practices. However, questions remain about which ICT practices are considered harmful and what level of damage qualifies as harmful.

Why is it relevant?

This cyber norm is relevant because it urges countries to collaborate in creating and implementing measures to enhance stability and security in the use of ICTs. The increasing frequency and severity of cyberattacks on critical infrastructure, such as healthcare providers, pipelines, and other essential services, highlight the urgent need for a cooperative international approach to cybersecurity. Establishing clear norms helps to mitigate risks, enhance trust among states, and promote global stability.

How is it implemented?

In accordance with the clarification provided by states in the UN GGE 2021 report, the norm can be implemented through several steps:

National measures: Countries should establish or strengthen their national mechanisms, structures, and procedures. This includes creating relevant policies, legislation, and review processes to govern the use of ICTs.
Crisis and incident management: Develop mechanisms for managing crises and incidents related to ICT security.
Government cooperation: Implement cooperative arrangements across different government departments to ensure a unified whole-of-government approach.
Engage with external stakeholders: Establish dialogue and cooperation with the private sector, academia, civil society, and the technical community to leverage their expertise and resources.
Information sharing: Compile and streamline information on how they are implementing these norms. States are encouraged to voluntarily survey their national efforts and share their experiences with others to promote transparency and mutual learning.

Who are the main actors?

Despite the fact that norm address responsible state behaviour and targets UN Member States, there are additional actors who could play a role in the implementation of the norm, e.g. through capacity building:

International and regional organisations (e.g., OSCE, ASEAN, African Union etc.), which could be specifically helpful in crisis and incident management, and in fostering cooperative and partnership arrangements between governments;
Non-state stakeholders, including the private sector and industry, technical community such as FIRST, civil society, academia and non-governmental organisations (NGOs) – they all have expertise and can provide insights and knowledge on ICT practices and security measures.

Where is it discussed?

The UN Open-ended working group (OEWG) remains the one and only process where all UN Member States discuss the implementation of the agreed norms, including this norm, on a regular basis.

States implement these norms domestically, including through adopting acts and policies at a national level, and may also engage in regional cooperation to enhance cybersecurity.

Various multistakeholder and international initiatives (e.g. such as the GFCE) serve as additional platforms for discussing the practical aspects of the norm implementation.