International Cybersecurity Convention
Category: International Security
Strength: Mild
The World Assembly,
Noting that the prevalence of technology in our day-to-day lives,
Realising that technological advancement has made us vulnerable to various forms of cyberattacks,
Recognising previous efforts to regulate against cyberattacks, as seen in GA#100 and GA#360,
Determined to establish regulations to protect against cyberattacks,
Hereby:
- Defines the following:
- Critical infrastructure as systems and structures, physical or technological, which are vital to the functioning of the society. This includes water and energy utilities; agriculture and food storage facilities; as well as healthcare facilities and their associated computer infrastructure.
- A cyberattack as an offensive action targetting computer networks and associated infrastructure for the purpose of causing disruption or destruction of services, and/or divulgence or theft of sensitive information.
- Cyber hygiene as a set of routines individuals should undertake to ensure the security of the computer infrastructure.
- Cybercriminals as individuals or organisations who conduct cyberattacks for the sake of personal profits.
- Malware as computer applications which are used for malicious purposes, as part of a cyberattack.
- Penetration Testing as a closely-monitored process of checking for vulnerabilities in a computer infrastructure, with prior permission from the owner of the infrastructure.
- Criminalises cyberattacks, or attempts to conduct cyberattacks, on critical infrastructure.
- Establishes the Cybersecurity Advisory Board (CAB), which will be empowered to do the following:
- Keep a record of known cybercriminals around the world and their tactics, techniques and procedures.
- Maintain a database of known malware for reference by cybersecurity agencies and organisations.
- Facilitate intelligence sharing of known cyber threats between member states.
- Assist member states in the formation of local cybersecurity agencies.
- Requires that member states establish a cybersecurity agency in their country, which shall do the following:
- Support private organisations to establish protocols to protect the organisation against cyberattacks.
- Investigate cases of known cyberattacks in the state's jurisdiction.
- Implement measures to reduce the number of cyberattacks in the state.
- Assist the CAB in the investigation of cross-border cybercriminals.
- Educate the public about cyberattacks and the importance of cyber hygiene.
- Encourages member states to establish a framework governing penetration testing.
- Clarifies that this resolution does not affect state-sponsored cyberattacks, and encourages the Assembly to adopt a separate resolution to regulate state-sponsored cyberwarfare.