Today, many countries and international or regional organizations cooperating and forming mutual obligations on cybersecurity. Their goal of cybersecurity cooperation is relating to the Draft International Code of Conduct for Information Security and which is supporting or criticizing by their cybersecurity cooperation. This article examines the cooperation policy on the cybersecurity of countries and impact of Draft International Code of Conduct for Information Security on a sphere of international information security. Keywords
Cyber-attacks; cybersecurity; information security; international code of conduct for information security; cooperation of countries.
United Nations Office on Drugs and Crime has defined that cybercrime is a part of a transnational organized crime and each year millions of victims are affected as a result of the activities of organized crime groups. This situation was expressing countries will have been cooperating other countries on cybersecurity. Today, total 76 countries approved cybersecurity strategy documents which are officially expressed their interest in international cooperation on cyber issues.
In addition, the International Telecommunication Union’s Global Cybersecurity Index is focusing on five work areas, including cooperation. Currently, researchers named some countries’ bilateral and trilateral relations on cybersecurity such as interactions between U.S.-Russia; China-South Korea-Japan; U.S.-Japan; Russia-China, Australia-South Korea; U.S.-China; U.S.-South Korea; and Estonia-Japan.  Moreover during the 2016 World Summit on the Information Society stakeholders discussed cybersecurity and sustainable development. ASEAN defense ministers adopted a concept paper on the establishment of a cybersecurity working group. Also, G7 Summit issued G7 Principles and Actions on Cyber.
Above circumstances are expressing that we need to analyze key countries and international coalition’s cooperation on cybersecurity and defining the impact of Draft International Code of Conduct for Information Security on the sphere of international information security.
WHICH ARE KEY PLAYERS ON CYBERSECURITY COOPERATION?
The following table is showing some countries’ cooperation on cybersecurity.
Table 1. Countries’ cooperation on cybersecurity
|Parties||Date||Purpose and direction|
|The USA, Russia||2013||Developing cyber capabilities[5-6]|
|China, South Korea, Japan||2014||Creating a consultation mechanism on cybersecurity[7-8]|
|The USA, Japan||2013||Preventing and combating cyber-attacks from China, North Korea, Russa, and Iran[9-11]|
|Russia, China||2009||Ensuring cybersecurity [12-14]|
|India, Mongolia||2015||Establishing Cyber Security Training Centre in Mongolia|
|Australia, South Korea||2013||Cooperating on development of cybersecurity[16-17]|
|The USA, China||2015||Combating cybercrime and creating a mechanism on cybersecurity |
|The USA, South Korea||2013||Preventing and combating cyber-attacks from North Korea[19-20]|
|Estonia, Japan||2015||Ensuring cybersecurity on Tokyo Olympic games 2020|
This table is showing the key players of cybersecurity are USA, Japan, Republic of Korea, Russia, China, Australia, Estonia, and India. Those countries are cooperating and mutual obligating on cybersecurity. Also, this was expressing that countries cooperating on confidentiality and integrity of information than information availability. Information security researchers were have been expressing that management of cybersecurity is defined by the CIA Triad which means Confidentiality, Integrity, and Availability of information. 
In addition, some countries are cooperating on combating cybercrime. A single cybercriminal may simultaneously attack the critical infrastructure of a large number of world countries. Thus, the Convention on Cybercrime is an international treaty that seeks to harmonize national laws on cybercrime, improve national capabilities for investigating such crimes, and increase cooperation on investigations. 
Currently, the leading international treaty on cybercrime is the Council of Europe‘s Convention on Cybercrime, which was signed in Budapest in 2001 and entered into force in 2004. Its main objective, set out in the preamble, is to pursue a common criminal policy aimed at the protection of society against cybercrime, especially by adopting appropriate legislation and fostering international co-operation. The Convention is treaty open for signature by the member States and the non-member States of European Council which have participated in its elaboration and for accession by other non-member States.
Article 37 of the Convention has also been drafted on precedents established in other Council of Europe conventions, but with an additional express element. Under long-standing practice, the Committee of Ministers decides, on its own initiative or upon request, to invite a non-member State, which has not participated in the elaboration of a convention, to accede to the convention after having consulted all contracting Parties, whether member States or not. This implies that if any contracting Party objects to the Non-member State’s accession, the Committee of Ministers would usually not invite it to join the convention. However, under the usual formulation, the Committee of Ministers could – in theory – invite such a non-member State to accede to a convention even if a non-member State Party objected to its accession. This means that – in theory – no right of veto is usually granted to non-member States Parties in the process of extending Council of Europe treaties to other non-member States. However, an express requirement that the Committee of Ministers consult with and obtain the unanimous consent of all Contracting States – not just members of the Council of Europe – before inviting a non-member State to accede to the Convention has been inserted.
As indicated above, such a requirement is consistent with practice and recognizes that all Contracting States to the Convention should be able to determine with which non-member States they are to enter into treaty relations. Nevertheless, the formal decision to invite a non-member State to accede will be taken, in accordance with usual practice, by the representatives of the contracting Parties entitled to sit on the Committee of Ministers. This decision requires the two-thirds majority provided for in Article 20.d of the Statute of the Council of Europe and the unanimous vote of the representatives of the contracting Parties entitled to sit on the Committee. Therefore, non-member countries of the Convention on Cybercrime need to get support from member states of Convention on Cybercrime.
HOW IS DRAFT INTERNATIONAL CODE OF CONDUCT FOR INFORMATION SECURITY IMPACTING SPHERE OF INTERNATIONAL INFORMATION SECURITY?
One specific aspect countries need to consider is its response to the draft International Code of Conduct for Information Security, an annex to a letter dated 9 January 2015, addressed to the UN secretary-general from the permanent representatives of China, Kazakhstan, Kyrgyzstan, Russia, Tajikistan, and Uzbekistan.
The original 2011 draft was criticized by many Western countries, including the United States, as an attempt by the countries of the Shanghai Cooperation Organization to justify greater state control over the Internet’s governance structures and online content. Member states of the SCO then updated and submitted a draft of a code of conduct in the sphere of international information security to the UN and officials have called for others to support the draft’s underlying idea.
Table 2. Purpose and scope of the draft International Code of Conduct for Information Security
|The original 2011 draft||The original 2015 draft|
|to identify the rights and responsibilities of States in information space, promote their constructive and responsible behaviors and enhance their cooperation in addressing the common threats and challenges in information space, so as to ensure that information and communications technologies, including networks, are to be solely used to benefit social and economic development and people’s well-being, with the objective of maintaining international stability and security.||to identify the rights and responsibilities of States in the information space, promote constructive and responsible behavior on their part and enhance their cooperation in addressing common threats and challenges in the information space, in order to establish an information environment that is peaceful, secure, open and founded on cooperation, and to ensure that the use of information and communications technologies and information and communications networks facilitates the comprehensive economic and social development and well-being of peoples, and does not run counter to the objective of ensuring international peace and security.|
This table is showing the purpose of the draft code of conduct for information security changed such as to establish an information environment that is peaceful, secure, open and founded on cooperation, and to ensure that the use of information and communications technologies and information and communications networks facilitates the comprehensive economic and social development and well-being of peoples, and does not run counter to the objective of ensuring international peace and security. Also, this draft code has formed a Resolution of the General Assembly. According to the Article 10 of United Nations Charter, the General Assembly may make recommendations to the Members of the United Nations or to the Security Council or to both on any such questions or matters. Its seems that the General Assembly only the power to recommend and advise. In addition, the General Assembly has adopted many Resolutions concerning international legal principles that members of the Assembly hoped would serve as normative standards. Specifically the United Nations General Assembly Resolutions as nonbinding recommendations reflecting idealized international legal principles. In addition, Recommendations of the General Assembly do not create legal obligations under the UN Charter and there is thus no potential conflict of “obligations” as required by the Recommendations of the General Assembly.
Therefore, we consider that the draft International Code of Conduct for Information Security is a recommendation to the Members of the United Nations and do not create legal obligations. Despite this, draft International Code of Conduct for Information Security is related to the interest of Member states’ of the SCO in international activities on cyber issues. Also, Russia, in its Draft Cybersecurity Strategy Concept, advocated for enhancing international cooperation on development agreements and mechanisms to enhance global-level cybersecurity. And China’s Military Strategy makes it clear that ”As cyberspace weighs more in military security, China will … participation in international cyber cooperation, so as to stem major cyber crises, ensure national network and information security, and maintain national security and social stability.”
If the draft International Code of Conduct for Information Security had adopted by the United Nations General Assembly, International Code of Conduct for Information Security would key policy on cybersecurity of the UN or member countries of the UN. Therefore, we need to analyze draft International Code of Conduct for Information Security by its provisions. The draft International Code of Conduct for Information Security consists 13 provisions to comply, use, cooperate, endeavor, reaffirm, recognize, respect, develop, assist, bolster, promote and settle.
Table 3. Method of the draft International Code of Conduct for Information Security
|Comply||1||Charter of the United Nations and universally recognized norms|
|Use||2, 3||Information and communications technologies and information and communications networks for international peace and security and economic and social stability|
|Cooperate||4, 8, 9||All states|
|Endeavor||5||To ensure the supply chain security of information and communications technology|
|Reaffirm||6||The rights and responsibilities of all States|
|Recognize||7||The rights of an individual in the online environment.|
|Respect||7||Rights and freedoms in the information space; rights or reputations of others;|
|Bolster||12||Bilateral, regional and international cooperation|
|Promote||12||A prominent role for the United Nations|
Some researcher underlined that the draft International Code of Conduct for Information Security of 2015 references the 2012-2013 report of the group of governmental experts (GGE) on developments in the field of information and telecommunications in the context of international security. The Group Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security was established pursuant to paragraph 4 of General Assembly resolution 66/24 and Secretary-General of the UN was noted, the United Nations plays an important role in promoting dialogue among the Member States on the issue of security in the use of ICTs and in further developing international cooperation in this field. Also, the Group was recommended that supporting bilateral, regional, multilateral and international capacity-building efforts to secure ICT use and ICT infrastructures; to strengthen national legal frameworks, law enforcement capabilities and strategies; to combat the use of ICTs for criminal and terrorist purposes; and to assist in the identification and dissemination of best practices.
Table 4. Similar provisions between “Report of the Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security” and the Draft International code of conduct for information security
|Report of the Group of Governmental Experts||The draft International code of conduct for information security|
|22. States should intensify cooperation against criminal or terrorist use of ICTs, harmonize legal approaches as appropriate and strengthen practical collaboration between respective law enforcement and prosecutorial agencies.
|(4) To cooperate in combating criminal and terrorist activities that use information and communications technologies and information and communications networks, and in curbing the dissemination of information that incites terrorism, separatism or extremism or that inflames hatred on ethnic, racial or religious grounds;|
|20. State sovereignty and international norms and principles that flow from sovereignty apply to State conduct of ICT-related activities, and to their jurisdiction over ICT infrastructure within their territory.||(8) All States must play the same role in, and carry equal responsibility for, international governance of the Internet, its security, continuity and stability of operation, and its development in a way which promotes the establishment of multilateral, transparent and democratic international Internet governance mechanisms which ensure an equitable distribution of resources, facilitate access for all and ensure the stable and secure functioning of the Internet;|
This table is showing the draft International code of conduct for information security is adequate for the 2013 Report of the Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security (A/68/98).
In addition, The Group of Governmental Experts (GGE) released the consensus report (A/70/174) on rules of behavior in cyberspace, particularly during peacetime. The A/70/174 report contains recommendations developed by governmental experts from 20 States to address existing and emerging threats from uses of ICTs, by States and non-State actors alike, that may jeopardize international peace and security. Also, this report provides suggestions that can help to address this worrisome trend and contribute to the formulation of my forthcoming plan of action on preventing violent extremism. All States have a stake in making cyberspace more secure. Some researchers noted that this report is signaling worries on the part of some GGE members about possible interventions in their internal affairs and breaches of sovereignty via cyberspace; in this context, for example, Russia and China have been strongly emphasizing the principle of information sovereignty in their diplomatic efforts.
Many countries, including USA, Japan, Republic of Korea, Russia, China, Australia, Estonia, and India cooperating and forming mutual obligations on cybersecurity. In addition, international or regional organizations such as World Summit on the Information Society, ASEAN, and G7 Summit are defining international principles on cybersecurity. Their goal of cybersecurity cooperation is relating to combating cybercrime and availability of information. This relations are relating to the Draft International Code of Conduct for Information Security and it is supporting or criticizing by their cybersecurity cooperation.
After these situations, the purpose of the draft code of conduct for information security changed such as to establish an information environment that is peaceful, secure, and open and founded on cooperation, and does not run counter to the objective of ensuring international peace and security. Therefore, we consider that the draft International Code of Conduct for Information Security is a recommendation to the Members of the United Nations and do not create legal obligations.
Initiators of International Code of Conduct for Information Security are keen on their sovereignty over the sphere of an international information security. If the draft International Code of Conduct for Information Security had adopted by the United Nations General Assembly, International Code of Conduct for Information Security would key policy on cybersecurity of the UN or member countries of the UN. Thus, the draft International Code of Conduct for Information Security impacting framework and practices for cybersecurity cooperation of countries.