Last week the Cybersecurity Tech Accord submitted an official consultation response on the Pall Mall Process concerning the Code of Practice for States to Tackle the Proliferation and Irresponsible Use of Commercial Cyber Intrusion Capabilities (CCICs).
Our key recommendations, detailed in the statement below, focused on the pillars of the Code of Practice dedicated to oversight and transparency.
Regarding oversight, the Cybersecurity Tech Accord recommends including provisions that aim to ensure that the structures put in place for oversight are effective by reviewing their activity and ensuring their independence and impartiality. Additional recommendations on this pillar include:
- Allocating resources to staff oversight structures with cybersecurity professionals and technical experts
- Encouraging mechanisms for reviewing government use of CCICs
- Collecting technical data on CCIC usage in malicious incidents in a standardized format
- Developing a shared methodology for attributing CCIC incidents.
Regarding transparency, we recommend that the Code includes provisions asking states to work towards developing a standardized format for reporting to support robust information sharing between governments. Additional recommendations on this pillar include:
- Setting up whistleblower programs to ensure CCIC vulnerabilities are procured legally.
- Keeping a record of incidents involving CCICs, detailing tools used, nature of intrusion, impact and other key details.
- Creating a system to report CCICs to affected targets, companies or individuals.
Finally, the Cybersecurity Tech Accord recommends including provisions encouraging states leading on this globally to amplify capacity building efforts so as to strengthen the capacity of states whose capabilities may be less developed in the area of tackling CCICs.
The Tech Accord is thankful for the opportunity to contribute to the Pall Mall Process and provide feedback on the draft Code of Practice for States. Our initiative has been closely following the Pall Mall process as part of our longstanding engagement in multi-stakeholder initiatives that aim to push back against cyber mercenaries, and we look forward to further such engagement opportunities.
Our official feedback submission on the Pall Mall Process can be read in full below.
The post The Cybersecurity Tech Accord’s Feedback on the Pall Mall Process – Code of Practice for States to Tackle the Proliferation and Irresponsible Use of Commercial Intrusion Capabilities appeared first on Cybersecurity Tech Accord.