FORUM: The Special Conference

QUESTION OF: Strengthening Measures to Promote and Ensurean Environment of Cybersecurity by Preventing Cybercrime and the Use of Large-scaleCyber Weapons

MAIN SUBMITTER: Belarus

CO-SUBMITTER(S): UAE, Philippines, Bosnia Herzegovina, Greece, Cambodia, South Korea, Kazakhstan & Lithuania

THE SPECIAL CONFERENCE,

Recognizing that the need for cybersecurity increases as countries increase their participation in the global society and that technology alone cannot ensure cybersecurity, therefore priority must be given to cybersecurity planning and management,

Acknowledging that improper use of technology can have a harmful impact at local, national, regional, international or global levels and that internationally applicable legal regulatory authorities and instruments must therefore be established with regard to its purpose and use,

Convinced that, given the immense socio-economic benefits that cyberspace brings to citizens around the world, predictability, information security and stability in the cyber domain are essential,

Welcoming the progress made in international forums towards a common perception of what constitutes acceptable behavior on the part of Nation-States in cyberspace, in particular by the United Nations Group of Governmental Experts (GGE) on Developments in the Field of Information and Telecommunications in the Context of International Security and other bilateral, regional and multilateral initiatives,

Recalling the General Assembly’s resolutions 55/63 of December 4th 2000 and 56/121 of December 19th 2001 on establishing the legal basis for combating the criminal misuse of information technologies,

Fully aware that gaps in access to and the use of information technologies by States can diminish the effectiveness of international cooperation in combating the criminal misuse of information technology and in creating a global culture of cybersecurity, and noting the need to facilitate the transfer of information technologies, in particular to developing countries,

Considering that cyberspace is more than the Internet, that the use of hardware, software, data and information systems can have effects beyond networks and IT infrastructure and is considered as a tool of economic growth, and that inequalities exist in the enterprise,

1) Calls upon all members to review their countries' legal framework to examine how best to adapt to potential threats, in terms of crime, terrorism and/or warfare, which might arise from the evolving nature of cyberspace;

2) Recommends that States build their capacities to better understand the complex nature of national and international security in the cyber-domain and to take into account the interlinkages between different areas of cyber-policy development;

3) Calls upon all members to ensure meaningful participation by all stakeholders, including the private sector, academics, the technical community, civil society, and non-governmental organizations and associations, in efforts aimed at addressing the cyber-threats related to the use of ICTs by employing means such as, but not limited to:

a) Establishing international accreditation standards for cyber security, in the form of penetration and vulnerability tests, including but not limited to:

i.Supply chain security,

ii.Software updates,

b) Setting up international white-hat hacker alliances to fight against cyber-attacks;

4) Urges member states to act in a timely and cooperative manner to prevent, detect and respond to security incidents by sharing information about threats and vulnerabilities as appropriate;

5) Encourages participating states to conduct sufficiently broad-based periodic risk assessment exercises in order to identify threats and vulnerabilities while encompassing key internal and external factors, such as but not limited to:

a) Technology,

b) Physical and human factors,

c) Policies and third-party services with security implications;

6) Authorizes the determination of the acceptable level of risk to be conducted at state levels while assisting in the selection of appropriate controls to manage the risk of potential harm to information systems and networks in the light of the nature and importance of the protected information;

7) Recommends that States which have not yet done so request that their respective governments expressly state that international law, including the law of armed conflict, must apply to cyber warfare in order to ensure that limits are placed on the use of cyber operations as a means and method of warfare while noting that the exact manner of application is still a matter of international discussion;

8) Calls upon all members to ensure their national laws and regulations do not condone the criminal use of cyber-technology for the purpose of inciting conflict between States or provide the perpetrators with immunity, asylum, or amnesty;

9) Endorses international cooperation to provide developing countries with technical assistance and capacity-building in terms of prevention, investigation, and the prosecution/punishment of offenders, and to enhance network security in relation to cyber warfare by:

a) Supporting the use of nation-specific bilateral aid instruments and resources for capacity building in order to prevent and counter cyber-threats;

10) Condemns the illegal monitoring and cyberattacks committed by member states or non-state actors on critical infrastructure such as, but not limited to:

a) Water,

b) Electricity,

c) Hospitals,

d) Centers of education,

e) Economic and political assets;

11) Recommends that the legal instruments, agreements and cooperation agreements relating to cyberspace, cybersecurity, technology, and telecommunications be reviewed and updated;

12) Supports the creation of a global cyberattack registry with the full cooperation of sovereign nations in the establishment of a union for intelligence and transparency in order to effectively monitor cybersecurity situations across multiple regions and defend global civilian interest;

13) Strongly condemns any form of cyber-attack from one nation’s governmental agency to private sector establishments and the targeting of civilians from any entity with the technological capacity to do so;

14) Urgesthe partial subsidization and incentivization by member countries for private cyber security contractors to work alongside their respective administrative governments in order to defend the cyber integrity of both the citizens of said countries and classified information regarding the governments by:

a) Recommending government subsidization to account for at least 12% of the initial funds available for the creation of said agencies,

b) Carrying out social media campaigns on semiannual basis within member countries to attempt full securitization of the population’s private devices through passwords, passcodes, or patterns in order to protect citizens against device cyber threats;

15) Decides to remain actively seized on the matter.