Earlier today, Kazakhstan's President Nursultan Nazarbaev told the UN General Assembly during its opening session that the world needed "an international legal framework of the global information space." He noted that there was not a "single international convention or multilateral treaty" that governed "information processes." Consequently, he said, it should not be a surprise that hackers are increasingly attacking banks, businesses, governments, and other facilities "with impunity."
Governing the information highway on a global scale is not a new topic but one that has long been debated. Early this year, Nextgov reported on a report by the EastWest Institute that claimed that voluntary private sector agreements and international standards were a better course. Others have weighed in saying there need to be treaties governing cyberwar or cross-border attacks.
What is not clear from Nazarbaev's comments is what type of treaty he would like to see. A Geneva-type treaty? An update to the Council of Europe Convention on Cybercrime, which numerous countries have signed, requires substantive and procedural laws related to cybercrime. Something else? His comments regarding hackers seem most relevant to those who are committing crimes, but it is not obvious that is all he is referencing.
The creation of any type of treaty, especially in today's technological environment, would certainly be a challenge. When the Council of Europe Convention was passed, there was significant debate about what should be included. Some countries, for example, fought for hate speech online to be included as a substantive crime, which caused significant problems for the U.S., which has First Amendment rights to protect. With privacy and increasing patent/intellectual property fights occurring on the international front, one wonders what can be agreed upon.
Do we need an international organization to take the lead on cybersecurity? In the aviation area, there is the International Civil Aviation Organization (ICAO) that adopts standards and recommended practices in the civil airspace. Do we need a cyber-ICAO to govern the global information highway? Or is equating aviation airspace to cyberspace even the right analogy?