Speech by Minister Stef Blok at launch of report Global Commission on the Security of Cyberspace

Speech by the Minister of Foreign Affairs, Stef Blok, at the launch of the report by the Global Commission on the Security of Cyberspace (GCSC) at the Peace Forum in Paris, 12 November 2019.

Let me begin by thanking our host, Monsieur le Drian; Our co-chairs Latha Reddy (from India) and Michael Chertoff (from the US); And all Commissioners; Former chair Marina Kaljurand (of Estonia, who had to step down after being elected MEP); And of course the co-sponsors: Microsoft, the Internet Society, Afilias and the governments of France and Singapore.

Mesdames et messieurs, ladies and gentlemen,

In 2017, at the Munich Security Conference, we launched this Global Commission in order to make cyberspace more secure.

This is a vital initiative. Over the course of just a few decades, the world has entered a digital age in which people from all over the world are connected online.

By way of comparison: in 1996, only 36 million people used the internet, about one per cent of the world population. By the beginning of 2017, that figure had risen to 3.7 billion, nearly half the world’s population.

But these boundless opportunities come with serious challenges:

Today, for instance, many people have doubts about the security of the internet. Organisations may no longer be assured of the availability and integrity of services and information.

And governments are facing the increasing challenge of political tensions fuelled by malicious behaviour in cyberspace.

To counter these developments, a cyber-stability framework is now more crucial than ever.

That’s why I’m so glad the Commission has had the opportunity to develop its ideas and engage with various experts and stakeholder groups over the last three years, gaining valuable input in the process.

And yes, it takes time.

Cyberspace can be seen as a domain, a global commons. And in that respect it is not unlike the high seas.

It took centuries before we agreed the UN Convention on the Law of the Sea (UNCLOS), which introduced rules on sea-bed mining and the laying of cables. And that agreement didn’t enter into force until 1994.

But cyber technology can also be seen as a battleground. And in that regard it’s useful to look at the evolution of arms control in the 20th century.

Chemical weapons were still considered acceptable in the First World War, and the mass bombing of population centres was a common strategy in the Second.

But nowadays international norms prohibit such brutal tactics.

So I see this report as an important contribution to this evolution, but we still have a way to go.

Ladies and gentlemen,

This report, compiled by a group of Commissioners from all over the globe, does a number of important things.

It consolidates a set of norms and principles for the behaviour of state and non-state actors in cyberspace.

It confers a legitimacy that goes beyond the regular dialogues we have in the United Nations. This is because it was a truly multi-stakeholder effort, with the involvement of governments, the tech community and civil society.

And finally, it serves as a reminder of the value of consensus.

This may not sound spectacular, but it is. There are a lot of divergent opinions out there…

About what the rules of the road should be, about who should bear responsibility for what happens, and about how to deal with transgressions.

Let me therefore highlight two important notions contained in this report.

First, there should be no tampering with the public core of the internet. Internet infrastructure should be regarded as the backbone of modern society. Undersea cables and other vital elements should be off limits.

Second, election infrastructure should not be tampered with. Democratic processes are the ultimate symbol of sovereignty. A people’s ability to express their will on who should govern them is the cornerstone of everything we stand for in the free world.

The Global Commission rightly identifies these areas as sacrosanct.

With this report as a solid basis, let me offer a few thoughts on what I think should come next.

Cyberspace cannot be an ungoverned space where the bad guys can simply do as they please with impunity.

Irresponsible states, criminals and terrorists must not have a place to hide.

The international rules-based order should extend into cyberspace.

The Netherlands agrees with the vast majority of nations that believe that international law applies in cyberspace.

Nations must recognise that they are always bound by international law, both in the physical world and the virtual.

But there has been a lot of discussion about how these laws can be enforced.

I recently sent a letter to the Dutch parliament outlining my views. It examines a number of important elements in detail.

In this letter I stated that sovereignty applies in full, and that it entails not only rights but also obligations.

For example, the obligation to respect and protect human rights online. And equally, a commitment to the principle of due diligence, which requires states to take action when cyber activities carried out on their territory violate the rights of another state.

There is a growing group of nations that are seeking to work together to impose consequences on those who violate the rules of cyberspace.

If we don’t build a solid system of collective action against malicious state behaviour, we’re essentially condoning lawlessness.

At the UN General Assembly last September, I launched an initiative together with my American and Australian colleagues, to foster collaboration against unacceptable state behaviour.

Our joint statement has so far been signed by 29 nations. It is still open for others to join, and I would encourage all to do so.

But we can do more.

For example, we need to get better at attribution, at gathering evidence that shows who the perpetrators are.

Only then we can mount a confident response, through diplomatic channels or through sanctions. We have an EU sanction regime, and we must be able to use it.

With this in mind we need to get better at sharing the information and knowledge we have about cyberattacks. Not only with other countries, but also with the private sector, cybersecurity firms, tech companies and NGOs.

There is a clear accountability gap, and we need to close it urgently. That is why I have instructed my cyber ambassador, who is here today with us to forge alliances between governments, Tech & cyber security firms, and NGO’s.

This will be a joint effort by all parties that work with this type of information, including the recently established CyberPeace Institute in Geneva. This will make us better at interpreting and identifying attacks and agreeing on standards for cyber forensics. Joining forces will make us more effective at gathering evidence.

Don’t misunderstand me. Deciding what is done with that evidence will remain a sovereign decision. The Netherlands has no intention of relinquishing that power. But I’m convinced that more teamwork in evidence-gathering will result in more joint measures. Measures like EU sanctions, or ‘naming and shaming’ efforts by ad hoc coalitions.

Cyber threats don’t respect national borders. They are as transnational as, say, climate change.

So it’s not enough to address threats solely at national level, or in a single regional organisation.

This needs to be a global effort, led at political level. Next year – which marks the 75th anniversary of the United Nations – I hope we can adopt a universal ‘cyber pledge’. One that recognises today’s needs, reaffirms certain norms and principles, and fosters investment in capacity-building.

And I strongly believe that we can further enhance cyber stability with initiatives like the Freedom Online Coalition and the Paris Call, where states work in close partnership with Civil Society and the Private Sector.

So, in conclusion, ladies and gentlemen, the name of the game is international collaboration. Working together to boost resilience, set the rules of the road, improve the attribution of malicious acts, and hold those responsible to account.

Thanks to all of you, and of course to our French hosts.

Merci.