Its first task will be tackling what infrastructure should be protected from intelligence services and other groups.
An international cybersecurity commission is asking researchers to help it map out the core of the public internet and critical infrastructure that should be protected from digital meddling by national intelligence services and other groups.
The Global Commission on the Stability of Cyberspace announced it’s forming a research advisory group during its first official meeting this week in Tallinn, Estonia.
Commissioners also tasked that advisory group with proposing research that sorts out what should be included in the “public core of the internet” and what counts as critical internet infrastructure for the commission’s purposes, according to a statement.
Advisory group members can pitch proposals related to that request and seek funding through July 21, according to a fact sheet.
The commission wants the advisory group to serve as an “academic backbone,” contributing research in response to regular commission requests, commissioners said. The group is launching with a number of core members organized into several email lists but is also seeking additional members, commissioners said.
The group is being led by Sean Kanuck, a former U.S. intelligence official who worked on cyber issues for the CIA, the National Security Agency and the White House. Kanuck was also the first national intelligence officer for cyber issues on the National Intelligence Council, which studies long-range national security threats.
The GCSC, which launched in February, is composed of former government officials, business leaders and academics but does not include any current government officials. That distinction should make it easier for the commission to reach consensus and urge action on major cybersecurity challenges than its government counterparts, Chairwoman Marina Kaljurand told Nextgov in March.
The major international government forum on internet security, the United Nations’ Group of Governmental Experts, completed its latest rounds of meetings recently without reaching consensus about how international laws, such as those in the U.N. Charter, should apply in cyberspace.
The U.S. delegate to those meetings, State Department Deputy Cyber Coordinator Michele Markoff, called that result a “troubling and potentially destabilizing” signal.
“I am coming to the unfortunate conclusion that those who are unwilling to affirm the applicability of these international legal rules and principles believe their states are free to act in or through cyberspace to achieve their political ends with no limits or constraints on their actions,” Markoff said.
That’s a likely reference to China and Russia, which have traditionally battled with the U.S. over hashing out international rules of the road in cyberspace.
A few days after Markoff’s address, White House Homeland Security Adviser Tom Bossert suggested a pivot away from the U.N. process and toward working “with smaller groups of like-minded partners to call out bad behavior and impose costs on our adversaries.”
GCSC commissioners also discussed cyber protections for electoral infrastructure during this week's meeting, according to a statement. Election cybersecurity has been a major topic following alleged Russian cyber meddling in elections in the U.S. and Europe.
Commissioners also discussed balancing individual internet access with national sovereignty and creating secure access for the new internet users in developing nations, commissioners said.
The GCSC, which is based in the Netherlands, was established by The Hague Centre for Strategic Studies and the East West Institute—both think tanks—and is supported by numerous organizations, including the Internet Society and Microsoft. The commission is co-chaired by former Homeland Security Secretary Michael Chertoff and former Indian government official Latha Reddy.
Commissioners include Def Con conference founder Jeff Moss and Harvard academic Joseph Nye, along with other representatives from India, Germany, Japan, Brazil, China, Russia and elsewhere.
Some group members will meet again later this month on the margins of the Black Hat cybersecurity conference in Las Vegas.