Many states are investing in offensive and defensive ICT capabilities, adding a complex dimension to interstate relations. Such capabilities can range from reconnaissance and information operations, to the disruption of critical networks and services or control and command abilities.
The unique characteristics of ICTs have considerably increased the potential for misperceptions, miscalculations and even tensions between states as they grapple with questions of intent, attribution, rules and norms.
In response, OSCE participating States are working on confidence-building measures (CBMs) to reduce the risks of conflict stemming from the use of ICTs. They are designed to make cyberspace more predictable and offer concrete tools and mechanisms to avoid misunderstandings, including:
- A mechanism to bring together states for consultations over potential cyber/ICT security incidents to de-escalate rising tensions;
- A platform for exchanging views, national cyber/ICT security policies and approaches to allow states to better “read” each other’s intentions in cyberspace; and
- Concrete work items, for instance to protect ICT-enabled critical infrastructure, allowing participating States to collectively enhance cyber resilience in the OSCE region for the benefit of all.
In addition to the cyber/ICT security CBMs, the OSCE and its institutions also focus on tackling cyber/ICT security threats from non-state actors, such as organized criminals and terrorists. A key emphasis here is on promoting adequate and timely responses by national authorities to these evolving threats, ranging from better forensics to innovative approaches to prevent ICTs from becoming tactical facilitators for terrorists.