The Shanghai Cooperation Organization: Maintaining Cyber Security in the Central Asia and Beyond Oleg Demidov, CSCAP Russia Bengaluru, 2011
General Info Intergovernmental regional organization Successor of the Shanghai Five grouping since 2001 Membership: Member States, Observer States, Dialoue Partners (Sri-Lanka, Belarus’ since 2009), Guest Attendances (ASEAN, CIS, Turkmenistan).
Milestones The first steps: 1. The Shanghai five Grouping - April 26, 1996 (border issues); June 2001: Declaration of Shanghai Cooperation Organization; 3. July 2001: Treaty of Good-Neighbourliness and Friendly Cooperation
Structure Cyber Security Agenda?
Potential Population: 1548 mln people (22,2 percent of the world’s population (3021 mln or43,4 % with Observer States or of the world’s population); Territory: 30,2 mln km 2 (37,5 km 2 with observer states); GDP (PPP), expected in 2011: $13 trln in 2011 or nearly 18 % of the world’s total GDP (PPP) ; Number of internet users: -529 mln or 26 % of the world’s total in 2010; -87 % of those being Chinese users, expected growth in %; -Low level of internet penetration (<40%)
Security Cooperation Shift from border security issues to broader cooperation in stabilizing the Central Asia. Adoption of the SCO Convention on Counterterrorism (2009). Coordination on reforming the UN mechanisms. Confirmation of NPT and The Central Asian Nuclear-Weapon-Free Zone (CANWFZ). Joint military exercises – “NORAK-Anti-Terror (April 2009). But the Russian-Chinese Peace Mission exercises are held outside of the SCO. Elaboration of mechanisms for anti-drug cooperation. Coordination of Afghanistan agenda.
Economic & Cultural Cooperation Economy, energy & trade: Trade: Chinese proposal of free-trade area New SCO Stabilization fund: $10 billion Finances: Interbank Consortium, actions against global financial crisis (Chinese loans) Energy: joint resources projects (oil, gas, water) Culture: Arts, festivals, exhibitions (largely symbolic)
Policy, energy, economy, new threats SCO and CSTO Models Military alliance, security Single Actor Forum for Nations
Functions 1. The SCO = Political and Diplomatic Coordination Forum; 2. The SCO = Economic Alliance; 3. The SCO = Energy “Club”; _ _ _ __ _ _ __ _ _ __ _ _ __ _ _ __ _ _ __ _ _ __ _ _ _ BUT! 1. The SCO is not a military alliance 2. The SCO is not a hard security community, it has been dealing only with “the new threats”
Cyber Security Agenda -Not a part of the SCO’s major agenda before 2006; -Starting point - October 2006, founding meeting of the SCO Group of Governmental Experts in Cybersecurity; Initial Functions: -To provide an alternative tribune for Russian initiatives on IIS regulation; -To be a “minimum denominator” harmonizing the three forces’ agenda; Context: Failure of the Russian initiatives on IIS in the UN
Major Developments 1.The 7 th council meeting of the SCO Heads of State held on August 16 in Kyrgyzstan. “The SCO Member States Action Plan to Safeguard IIS” adopted. 2. The Council of the Heads of the member States in Dushanbe, August Joint communiqué: The member states “considered it expedient to draft an intergovernmental agreement in the SCO framework in the field of international information security” “with the aim of creating legal framework for cooperation in this field”.
Yekaterinburg Accord Intergovernmental Agreement of the SCO member states on cooperation in providing IIS - Adopted on 16 June 2009; -Came into effect on 2 June 2011 after ratification by 6 member states; -Basically deals with cyberwars and use of ICT in order to affect national interests; -Terminology and concepts similar to those proposed by Russia during the UN GEG and HLEG meetings since 1998; -Might be regarded as a blue-print for a comprehensive regional treaty on cybersecurity
Common agenda with the CSCAP: 1.Threats of natural or man-induced character to secure and stable operation of global and national information infrastructure 2. Information crime 3. The document is open for any other states to join Yekaterinburg Accord
Matrix for CS Agenda 1.Citizens VS Citizens = 2.Cybercrime 2. Citizens VS States = Cyber Crime or Cyber Terrorism 3. States VS Citizens = ? Attacks again bloggers by hacker teams from pro-governmental youth movements in Russia 4. States VS States = Cyber Conflicts SCO CSCAP
Recent Initiatives 1.SCO summit in Astana on June 2011: -strengthening cooperation on internet security issues ; -strengthening state control over the internet (impact of the Arab spring); The Kazakh President Nazarbaev : -The idea of SCO “cyber police” (not put into effect) 2. September 2011, regional anti-terrorism meeting in Beijing: -Call to further strengthen their cooperation to fight cyber terrorism and online terrorist financing; -Major roots of these evils: free access, lack of supervision, anonymity and unlimited information dissemination
IIS Code of Conduct Initiative 4 SCO members: the letter from 12 September 2011 to the UN Secretary- General Draft: International code of conduct for information security Purpose: ”…to identify the rights and responsibilities of States in information space, and enhance their cooperation in addressing the common threats and challenges in information space…” (a) Impact of the Arab spring; (b) Proves Russian leadership and dominating approach in reference to this initiative; (c) The three forces directly from the SCO agenda; (g) Call for taking away control over root servers from ICANN to the UN; (h) A novative element both for Russia and the SCO - referrence to ”IS culture” Conclusion: the Draft largely goes beyond the scope of the discussion
CSTO&CIS Contribution CSTO: PROKSI operations (“Countering crime in the information sphere”) – over 1700 websites revealed in CIS: - The Information Security Concept of CIS elaborated in 2007; - Strategy for the CIS member States’ cooperation in the sphere of informatization and its Action plan adopted in 2010
Conclusions: the SCO’s Cyber Security Agenda A) Not a common minimum denominator anymore; B) Cyber conflicts and nation states’ behavior in cyber space at the core of the cyber security agenda; C) Attention to cyber terrorism and cyber crime largely through the lens of the three forces; D) A profound lack of multistakeholderist approach; E) Potential site for a comprehensive cybersecurity strategy for the CA to be elaborated and adopted
Recommendations for CSCAP 1.To move cooperation with SCO to systemic ground by arranging regular meetings with SCO representative in order to discuss and elaborate common agenda for cyber terrorism, cyber crime and to negotiate possible steps to forge international information security regime in the Asia Pacific by joint efforts. 2. To examine thoroughly the Information Security Policy Agreement of 2009 as an example of legally binding international act addressing major cyber security issues, and as a possible blue-print for a comprehensive regional cyber security strategy in the Central Asia.
Thank you for your attention!