I am currently in the Romanian Parliament in Bucharest participating in the NATO parliamentary assembly. I am in the Civic Dimension of Security Committee. A few months ago Lord JOPLING presented a report on Cyber Security. His report dealt with a wide range of topics: WikiLeaks and Anonymous were of great concern in his report, where he wove together real and serious attacks on nations such as Estonia with the threat of leaks: a very dangerous trend. Leaking information to the public domain is not an act of war, I would rather classify it a civic duty to expose war crimes.
I have not been able to find a legal way to provide changes in this biased report. I did criticize it harshly yesterday and basically said i could not support it with all its factual errors and biased perspective and attempts to make cyber attacks into something that would justify the usage of article 5. Apparently such criticism is not common here at the assembly on reports. The Lord thus offered me to send in info on factual errors. I did. I have with some great help from activists from all over the world gone through this report step by step and provided both amendments and deeper perspectives. You can download it HERE as pdf.
In the draft resolution on cyber security is no mention of the factual errors in Lord Jopling report and no proper way for me to amend those. Looking through the draft resolution on Cyber Security the following struck me with discomfort:
“9. URGES member governments and parliaments of the North Atlantic Alliance:
- to ensure swift implementation of the revised NATO Policy on Cyber Defence and the related cyber defence Action Plan, adopted in June 2011, introducing the cyber dimension in all three of NATO’s core tasks: collective defence, crisis management and co operative security;
We are URGED to ensure swift implementation of: revised NATO Policy on Cyber Defence and the related cyber defence Action Plan, adopted in June 2011
As this is a secret document and we will not be given access to review the policy. It is not wise for us the parliamentarians present here to ensure swift implementation of something we have not seen and will not be granted access to. It makes a mockery of the Nato parliamentary assembly to request its members to accept this process. If this is a common practice I urge all parliamentarians to abstain from participating in such an act because we cant possibly ask for legalizing something we have not been able to scrutinize and this process of accepting policies blindly is not very democratic and it does not provide the needed core information for us to have debate and offer political guidance and authority.
Thus I have requested that we will delete sub-paragraph 9.a in the draft resolution on Cyber Security unless we be given prior access to NATO Policy on Cyber Defence and the related cyber defence Action Plan, adopted in June 2011.
No one has chosen to do a report on the findings in the Afghan War logs. I will ask if my committee would be willing to do that at this assembly, there are not many like minded parliamentarians at the assembly and thus harder to get a Rapporteur status. I will keep on trying.
Here is the entire draft resolution:
209 CDS 11 E
NATO Parliamentary Assembly
Lord JOPLING (United Kingdom)
1. Recognizing the benefits offered by the cyber domain to our societies as well as to the defence and security sector, including opportunities for greater situational awareness and co ordination among the armed forces of the Allies as well as for the Alliance‘s public diplomacy;
2. But also concerned with the emergence of a new category of threats that target national information infrastructures, and that could seriously undermine the security interests of the Alliance and its member states;
3. Anxious that cyber defence capabilities and awareness of cyber threats vary significantly across NATO member states thereby weakening the Alliance’s overall cyber security;
4. Welcoming the decisions made by the leaders of the Alliance at the NATO Lisbon Summit and the meeting of NATO Defence Ministers in June 2011, identifying cyber security as one of the key priorities of the Alliance;
5. Saluting NATO’s approach aimed at expanding its cyber defence policy to include centralized cyber protection of all NATO bodies and the use of NATO’s defence planning processes in the development of the Allies’ cyber defence capabilities. ;
6. Believing that, in view of the growing scope and severity of cyber attacks, in addition to exploiting fully the opportunities offered by Article 4, the potential application of Article 5 of the Washington Treaty in case of a serious cyber attack against the Alliance or its individual members, should not be ruled out;
7. Noting that legislative “black holes” still exist both at a national level and in terms of international law when it comes to setting security standards for the cyber domain;
8. Emphasizing that stricter security regulations for the cyber domain should not come at the cost of reduced civil liberties and rights, such as freedom of speech and the right to communicate over the Internet, and noting the key role of the Internet in mobilizing democratic movements in authoritarian countries;
- URGES member governments and parliaments of the North Atlantic Alliance:
a. to ensure swift implementation of the revised NATO Policy on Cyber Defence and the related cyber defence Action Plan, adopted in June 2011, introducing the cyber dimension in all three of NATO’s core tasks: collective defence, crisis management and co operative security;
- to promote domestic awareness of cyber threats, taking into account lessons learned from milestone events including the cyber attacks against Estonia in 2007 and against Georgia in 2008 as well as the emergence of Stuxnet malicious software;
- to scrutinize domestic legal frameworks, ensuring that coherent and effective laws are in place to address the evolving cyber threats;
- to provide necessary support for the efficient functioning of national Computer Incident Response Teams, and to invest sufficiently in the training of national cyber security experts;
- to promote closer partnerships between governments and the private sector in order to ensure the security of government networks and improve the exchange of expertise in case of a breach of security;
- to ensure that the introduction of additional security measures in the cyber domain are accompanied by adequate mechanisms of parliamentary and public oversight over their respective government institutions;
- to support international efforts to develop universal norms of acceptable behaviour in the cyber domain that would ban the use of cyber attacks against civilian targets, promote exchange of best practices and establish mechanisms of international assistance to stricken nations, while ensuring full universal access to the Internet as a venue for the exchange of ideas and information;
- to ensure that adequate attention is paid to the physical protection of networks, including undersea fiber-optic infrastructures;
- URGES relevant NATO bodies:
- to ensure that NATO Computer Incident Response Capability is fully operational by the end of 2012, and that NATO’s cyber defence services are centralized;
- to facilitate, if requested, national efforts of NATO member states to acquire adequate cyber defence expertise and state-of-the-art technologies;
- to test the efficacy of NATO and member states’ cyber defence efforts through NATO’s periodic international exercises, and to ensure that these exercises are fully funded, staffed and well-attended;
- to use capabilities such as NATO Cyber Defence Management Board and NATO Co operative Cyber Defence Centre of Excellence, to analyze rapid developments further in the cyber domain and to develop strategies for strengthening cyber defences across the Alliance, while exploiting the advantages of the information age through initiatives such as NATO Network Enabled Capability;
- to develop efficient co-operation mechanisms with the relevant EU institutions, with the particular aim of supporting the EU’s legislative efforts to establish robust cyber security standards across the private sector;
- to increase assistance, if requested, to NATO partner countries in the field of cyber security, particularly by sharing best practices and raising awareness of cyber threats.