Advancing the Discussion on Cybersecurity Norms

Last week I participated in the Seoul Conference on Cyberspace 2013, where I spoke on a panel on capacity building, and also participated in the ICT4Peace Foundation’s special session at the conference.

During the capacity-building panel, I discussed how over the next six years, another two billion users will come online, basically doubling the Internet population.  The majority of these users will be from emerging economies, who will still be bringing large portions of their populations online.   But with the ability to realize the social and economic benefits of cyberspace also come a new challenge – cybersecurity is necessary to sustain confidence and growth.

During the ICT4Peace special session, I discussed how international and regional cybersecurity processes can be made more inclusive of and also more relevant to the cybersecurity concerns and priorities of a broader range of state and non-state actors in support of a prosperous, secure and resilient cyberspace.

As part of our presence in Seoul, we outlined Five Principles for Shaping Cybersecurity Norms in a new white paper we released at the conference. These principles include:

  • Harmonization of Laws and Standards: Given the global and ubiquitous nature of the Internet, developing global cybersecurity laws and standards will promote understanding, predictability, and enables collaboration on problem solving among countries.
  • Risk Reduction: Cybersecurity stakeholders should work to improve the security of the Internet through collective responses to threats by sharing information about threats and vulnerabilities, and by engaging in the active prevention of cybercrime. 
  • Transparency: Governments can help to build trust and increase predictability and stability in cyberspace by practicing greater transparency in their cybersecurity practices. Microsoft supports greater government transparency, and recently released another paper promoting the development of a national cybersecurity strategy to articulate priorities, principles, and approaches for managing national level risks in cyberspace.
  • Collaboration: As governments construct cybersecurity practices to address security concerns at the international level, they can seek input from a variety of stakeholders, including the private sector, civil society, and academia.
  • Proportionality: The issue of proportionality is challenging, because it not yet clear how proportionality in cyberspace will be interpreted.  However, nations should begin to develop interpretations of proportionality in cyberspace under customary international law.

The international implications of cybersecurity are immense. How countries behave in cyberspace from a security perspective is no longer the private matter of an individual state; it is an international issue. Countries can articulate a clear policy on how they approach security in cyberspace, and how they will organize to ensure their respective economic security, defense, and public safety as it relates to cybersecurity.

While development of some of these positions should be led by government, many policies and the confidence-building measures that can enable effective cybersecurity practices are highly dependent upon the cooperation of the private sector. We support an inclusive global dialogue on the continued development of principles that advance cybersecurity.

I invite you to download our new booklet, Five Principles for Shaping Cybersecurity Norms


About the Author
Matt Thomlinson

Vice President, Microsoft Security

Matt Thomlinson is Vice President of Security at Microsoft and leads the Microsoft Security Engineering Center (MSEC), the Microsoft Security Response Center (MSRC) and Global Security Strategy & Diplomacy (GSSD) and internal Network Security (NetSec). His teams are responsible for Read more »