"Strengthening and protecting cyberspace by joint international efforts"

Es gilt das gesprochene Wort.

Ladies and gentlemen,

I am grateful for the opportunity to speak to you right at the beginning of this session. Unfortunately, owing to prior commitments, I will have to leave the conference immediately after my speech. However, I would like to use this opportunity to outline the current deliberations of the German Federal Government about the subject of this panel.

This panel is dedicated to "International Security" and the question of how problems between states can be prevented and settled. This question has already been addressed at this year’s G8 and G20 summits.

Resilient infrastructures and a secure, available, intact and reliable Internet across national borders and jurisdictions are the backbone of our globalized world. As such, they are of great importance to all states for economic and societal reasons. With this in mind, Germany, like other G8 countries, considers major IT failures, especially those resulting from cyber attacks, a real risk and a global threat. Unfortunately, owing to the global nature of digital networks, our computer systems and IT-assisted infrastructures are very vulnerable.
Worldwide, we are witnessing sabotage, espionage, hacker attacks and fraud: just think of Stuxnet and Anonymous.
There has been a nineteen-percent increase in cybercrime in Germany last year. This year, even the Federal Police was hit by a cyber attack, as you may know.

Typically, investigators face the problem of attribution, because it is very difficult and sometimes even impossible to identify the authors of such attacks. This entails the risk of misperception and inadequate responses which, in turn, might increase the risk of conflict.

Mindful of the threat situation, the Federal Government adopted the Cyber Security Strategy for Germany this February. The key components of this strategy are

  • greater protection for critical infrastructures and the Federal Government against IT attacks,
  • protection of IT systems in Germany, including greater public awareness,
  • the creation of a National Cyber Response Centre and a National Cyber Security Council, and
  • international cooperation.

Given the great political importance of the matter, cyber security is one of the primary items on the agenda of numerous international processes, forums and bodies, including the Council of Europe, OECD / APEC, OSCE, the UN, NATO, the EU, the ITU, the G8 and G20, the Internet Governance Forum and the Shanghai Cooperation Organization.

Currently the only international convention open to all countries which is tailored to the cyber sphere is the 2001 Council of Europe Convention on Cybercrime; however, it only covers a small segment of this area and has so far been ratified by only 30 countries.

This experience leads us to the more general question of what a broader international consensus could embrace. We must not forget that we live in a world of diverging political views and major differences in economic capacity. In this context, another but no less fundamental question arises as to how a perhaps possible consensus could be implemented over the short, medium and long term.

In our differentiated world with diverging interests the agendas of international forums set similar – although differently weighted - priorities: They all address the protection of global cyberspace, the stability of critical infrastructures and their protection against failure, economic aspects, intellectual property protection, human rights and development aid.

Despite the different starting positions, I see a common denominator in the area of economic growth, because established as well as expanding national economies both need to keep in mind that digital dependency requires them to make provision for interoperability, availability of networks and the protection of critical infrastructures.

As regards the evolution of a new legal environment, soft law seems to lend itself to cyberspace because it promotes common law among nations and may serve as an aid to interpretation in disputes. My vision is to jointly prepare a politically binding soft law code based on the consensual assumptions referred to above, which is accepted by a large part of the international community.

Specifically, I can imagine establishing Norms of State Behaviour in Cyberspace to be signed by as many countries as possible. Such a cyber commitment should include measures:

  • to promote transparency and predictability of activities in cyberspace;
  • to build trust and security,
  • to fight cybercrime and promote international cooperation.

In compliance with international law and effective elements of the Council of Europe Convention on Cybercrime, governments could furthermore agree on general principles for the use of cyberspace, such as:

  • peaceful usage;
  • a culture of cyber security;
  • availability, confidentiality, integrity, authenticity;
  • a commitment to protecting critical infrastructures;
  • a commitment to fighting malware and the misuse of cyberspace for criminal and terrorist purposes as it is generally understood;
  • the right to self-defence;
  • cooperation of governments in attributing cyber attacks.

This could lead to a number of concrete measures, including trust-building measures and cooperation mechanisms, for example:

  • creating a network of points of contact for crisis communication;
  • setting up early warning mechanisms and improving cooperation between Computer Emergency Response Teams;
  • sharing national strategies, white papers and best practices;
  • building capacity in less-developed countries;
  • improving the resilience of critical infrastructures in view of transnational interdependencies, etc.

If this is of interest in the subsequent discussion, my colleagues from the German delegation will be happy to further explain the individual items on the list, also with a view to ongoing work in the OSCE and UN.

Germany will actively contribute to developing common norms of behaviour. But we all have to realize that many further questions will arise in the future:

  • What about the liability of states conniving at or failing to prevent cyber attacks committed from their territory?
  • How do we deal with states tolerating legal vacuum?
  • Do we need, over the long term, internationally binding rules, given the enormous significance of the Internet for the prosperity of our national economies?

To answer these questions further discussion is needed, I think.

The Internet is an asset of the global public, the backbone of growth and prosperity. It is a global public space in which we all want to move around safely and securely. In order to preserve this possibility and optimize the benefits of cyberspace, we need security and trust.

This conference helps improve mutual understanding and thus plays a significant role in building trust. Therefore, on behalf of my government, I wish to express my most sincere thanks to you, Secretary Hague, for hosting this event.

Thank you for your attention, and I hope you have a productive and forward-looking discussion.