Global Commission on the Stability of Cyberspace

Together with the Global Forum on Cyber Expertise, the GCSC was a product of the 2015-2017 Dutch chairmanship of the London Process, and particularly the work of Wouter Jurgens who, as head of the cyber security department of the Dutch Ministry of Foreign Affairs, had responsibility for organizing the 4th Global Conference on CyberSpace ministerial, which was held in The Hague April 16–17 of 2015, and formalizing its outcomes. Jurgens had been working for several years on the topic of governmental non-aggression in cyberspace, in collaboration with Uri Rosenthal, Bill Woodcock, Olaf Kolkman, James Lewis, and others who would subsequently become GCSC commissioners. The GCSC was launched by Dutch Foreign Minister Bert Koenders at the 53rd Munich Security Conference, on February 18, 2017, with a three-year charter, and issued its final report at the Paris Peace Forum, on November 13, 2019. == Published norms ==

Norm to Protect the Public Core of the Internet The Norm to Protect the Public Core is the GCSC's principal product, and has been included or referenced in many subsequent legislative and diplomatic work. It was included in the European Union's Cybersecurity Act, which extends the mandate of the European Union Agency for Cybersecurity to include the protection of the public core. The Paris Call for Trust and Security in Cyberspace included a call for compliance with the Public Core norm. The United Nations cites the Public Core norm in the 2019 report of the Secretary General and the report of the Secretary General’s High-level Panel on Digital Cooperation, The Age of Digital Interdependence. Norm to Protect the Electoral Infrastructure Norm to Avoid Tampering Norm Against Commandeering of ICT Devices into Botnets Norm for States to Create a Vulnerabilities Equities Process Norm to Reduce and Mitigate Significant Vulnerabilities Norm on Basic Cyber Hygiene as Foundation Defense Norm Against Offensive Cyber Operations by Non-State Actors == Other publications ==

In addition to the Norm to Protect the Public Core and the seven subsequent norms, the GCSC has published several other documents. Definition of the Public Core, to which the Norm Applies Early in the process of defining the Norm to Protect the Public Core the effort was divided into two working groups, one, principally diplomatic, to specify what actions should be precluded; the other, involving subject-matter experts, to specify which infrastructures were deemed most worthy of protection. This latter working group specified a survey of cybersecurity experts, delegated implementation of the survey to Packet Clearing House, and integrated its results to form the Definition of the Public Core, to which the Norm Applies. This definition of the "public core of the Internet" to include packet routing and forwarding, naming and numbering systems, the cryptographic mechanisms of security and identity, and physical transmission media, with more-specific details attending to each, has since been used by the OECD and others as a standardized description of the principal elements of Internet critical infrastructure. Statement on the Interpretation of the Norm on Non-Interference with the Public Core On September 22, 2021, the GCSC released a three-page statement responding, in large part, to Russia's submission to the ITU Council Working Group on International Internet-related Public Policy Issues, Risk Analysis of the Existing Internet Governance and Operational Model. The statement reiterates the GCSC's findings that state actors are the primary threat to Internet stability, not private actors; that the GCSC believes that the multistakeholder model of Internet governance is key to maintaining Internet stability, and that the Internet's critical infrastructure is principally operated by the private sector. == Derivative work ==

In addition to the norms the commission published, several other organizations were created and efforts undertaken as byproducts of the commission's work. CyberPeace Institute One of the most notable derivative outcomes of the GCSC's work was the formation of the CyberPeace Institute, headed by GCSC commissioner Marietje Schaake and Europol veteran Stéphane Duguin. This independent, non governmental organization has the mission to highlight the human aspect of cyberattacks. It works in close collaboration with relevant partners to reduce the harms from cyberattacks on people’s lives worldwide. The Institute builds on the GCSC's work by monitoring compliance with its norms and coordinating cyber-attack forensic and analytic efforts that broaden public understanding of norm violations. Critical infrastructure assessment As input to the Definition of the Public Core, a global survey of Internet infrastructure security experts was conducted in 2017 by Packet Clearing House, headed by GCSC commissioner Bill Woodcock. == Participants ==

Image:GCSC-at-PPF-2019-945px.jpg rect 591 12 657 84 Jeff Moss rect 582 86 666 181 Marina Kaljurand rect 715 3 770 80 Bill Woodcock rect 715 81 773 181 Michael Chertoff rect 672 29 714 115 Marietje Schaake rect 260 41 329 127 KHOO Boon Hui rect 329 104 401 195 Latha Reddy rect 368 38 433 102 Chris Painter rect 447 2 503 79 Olaf Kolkman rect 469 86 552 209 Frédérick Douzet rect 772 28 809 96 Timo Koster rect 811 53 856 130 Wolfgang Kleinwächter rect 188 89 244 163 Alexander Klimburg rect 45 7 109 112 Louk Faesen rect 511 16 559 83 Phil Grabensee rect 164 27 234 88 Anneleen Roggeman desc none Commissioners • Marina Kaljurand (Co-chair 2017-2018) • Latha Reddy (Co-chair 2017-2019) • Michael Chertoff (Co-chair 2019) • Motohiro Tsuchiya • Joseph Nye • Christopher Painter • Ilya Sachkov • Jeff Moss • Khoo Boon Hui • Anriette Esterhuysen • Xiadong Lee • Abdul-Hakeem Ajijola • Virgilio Almeida • Marietje Schaake • Bill Woodcock • Wolfgang Kleinwächter • Scott Charney • Elina Noor • Isaac Ben-Israel • Jonathan Zittrain • Nigel Inkster • Jane Holl Lute • Samir Saran • Olaf Kolkman Former commissioners • William Saito • Wolff Heintschel von Heinegg • Sigrid Kaag • Hugo Zylerberg Research Advisory Group • Sean Kanuck (Chair) • Liis Vihul (Deputy Chair for Law) • Marilia Maciel (Deputy Chair for Internet Governance) • Hugo Zylberberg (Deputy Chair for International Peace & Security) • Koichiro Komiyama (Deputy Chair for Technical and Information Security) Secretariat • Bruce McConnell (EastWest Institute) • Alexander Klimburg (Hague Centre for Strategic Studies) == References ==