Cyber/ICT security

Cyberspace has added a complex dimension to inter-state relations in the OSCE region and beyond. Events in cyberspace often leave room for ambiguity, speculation and misunderstanding, potentially leading to tensions between states as they grapple with questions of intent, attribution, rules and norms.

The worry is that miscalculations and misperceptions between states arising from activities in cyberspace could escalate, leading to serious consequences for citizens, as well as for the economy and administration, and potentially fueling political tensions.

A key challenge is that information and communication technologies (ICTs) have made offence easy and defence difficult. While states are heavily investing in offensive and defensive cyber capabilities—ranging from reconnaissance and information operations to the disruption of critical networks and services or control and command abilities—currently there are no technical means to attribute cyber activities beyond a reasonable doubt.

Based on a set of 16 confidence-building measures (CBMs) agreed upon by the participating States, we are engaged in making cyber activity more predictable and helping avoid potential misunderstandings and miscalculations.

The CBMs are divided into a set of transparency measures and a set of co-operative measures. The first set establishes official contact points and communication lines to prevent possible tensions resulting from cyber activities, while the second focuses on further enhancing co-operation between participating States.

Confidence-building measures between participating States

In addition, we also work on tackling cyber/ICT security threats from non-state actors, such as organized criminals and terrorists, with an emphasis on promoting adequate and timely responses by national authorities to such evolving threats, ranging from better forensics to innovative approaches to prevent ICTs from becoming tactical facilitators for terrorists.

Our institutions and offices

Our Transnational Threats Department, part of the OSCE Secretariat, includes a team of cyber security experts who implement and develop new cyber/ICT security confidence-building measures. The team also offers guidance and policy advice, as well as concrete activities designed to strengthen participating States’ capacities to tackle cyber/ICT security-related threats. This ranges from exercises promoting adequate national responses to potential cyber attacks on critical infrastructures to workshops on countering the use of the internet for terrorist purposes and training on investigating and prosecuting cybercrimes.