Since 1995, the Group of Eight (G8) has become increasingly involved in issues relating to cyber-crime, the Information Society, and Critical Infrastructure Protection. At the Halifax summit in 1995, a group of senior experts was set up with the task of reviewing and assessing existing international agreements and mechanisms to fight organized crime. This G8 Senior Experts Group took stock extensively and critically before drawing up a catalog of 40 operative recommendations. These recommendations were approved at the G8 summit in Lyon in 1996. The G8 Senior Expert Group, known since then as the Lyon Group, was the first international political forum to fully recognize the significance of high-tech crime. The Lyon Group has since developed into a permanent multi-disciplinary body with numerous specialized sub-working groups. Since October 2001, the Lyon Group meetings have been held together with the Roma Group dealing with combating terrorism (Lyon/Roma Group) .
Reprinted with permission from Elgin M. Brunner and Manuel Suter. International CIIP Handbook 2008/2009, Series Editors: Andreas Wenger, Victor Mauer and Myriam Dunn Cavelty, Center for Security Studies, ETH Zurich.
A further important stage for the G8 and CIP/CIIP came in spring 2000. On 15–17 May 2000, government officials and industry participants from G8 countries and other interested parties attended the G8 Paris Conference on Dialogue Between the Public Authorities and Private Sector on Security and Trust in Cyberspace . The aim was to discuss common problems and to find solutions associated with high-tech crime and the exploitation of the internet for criminal purposes. The G8 member states were convinced that a dialog between governments and the private sector was essential in the fight against the illegal or prejudicial use of ICT, and they agreed on defining a clear and transparent framework for addressing cyber-crime .
The Okinawa Charter on Global Information Society was published in July 2000 . The charter states that ICT is one of the most potent forces shaping the 21st century, enabling many communities to address social and economic challenges with greater efficiency. One of the key principles and approaches of the charter is that international efforts to develop a global Information Society must be accompanied by coordinated action to foster a crime-free and secure cyberspace. In this respect, the Okinawa charter refers to the OECD Guidelines for Security of Information Systems. 1 Moreover, in the Okinawa Charter, the G8 asked both the public and private sectors to make efforts to bridge the international information and knowledge gap.
G8 members met in Paris in March 2003 for the first multilateral meeting devoted to CIP/CIIP. Top-level experts from G8 member states, together with the major CIP/CIIP operators (e.g., France Telecom for France) came together to define common principles for the protection of vital CI/CII . The 11 clearly defined CIIP principles were adopted on 5 May 2003 by the G8 justice and interior ministers. They cover the following topics :
Countries should have emergency warning networks regarding cyber-vulnerabilities, threats, and incidents;
Countries should raise awareness to facilitate stakeholders’ understanding of the nature and extent of their CII, and the role each must play in protecting them;
Countries should examine their infrastructures and identify interdependencies among them, thereby enhancing protection of such infrastructures;
Countries should promote partnerships among stakeholders, both public and private, to share and analyze information on their critical infrastructure in order to prevent, investigate, and respond to damage to or attacks on such infrastructures;
Countries should create and maintain crisis communication networks and test them to ensure that they will remain secure and stable in emergency situations;
Countries should ensure that data availability policies take into account the need to protect critical information infrastructures;
Countries should trace attacks on critical information infrastructures and, where appropriate, disclose the results to other countries;
Countries should conduct training and exercises to enhance their response capabilities and to test continuity and contingency plans in the event of an attack on the information infrastructure, and should encourage stakeholders to engage in similar activities;
Countries should ensure that they have adequate substantive and procedural laws, such as those outlined in the Council of Europe Cybercrime Convention of 23 November 2001, and trained personnel to enable them to investigate and prosecute attacks on critical information infrastructures, and to coordinate such investigations with other countries as appropriate;
Countries should engage in international cooperation, when appropriate, to secure critical information infrastructures, including by developing and coordinating emergency warning systems, by sharing and analyzing information regarding vulnerabilities, threats, and incidents, and by coordinating investigations of attacks on such infrastructures in accordance with domestic laws;
Countries should promote national and international research and development and encourage the application of security technologies that are certified according to international standards.
With the adoption of these principles, the G8 member states suggested that the emergence of a new “security culture” should encourage them to strengthen international co-operation, to implement the best professional practices in the field of computerized surveillance and alert, to conduct common exercises to test the reaction capabilities in case of incidents, to make other countries aware of the problems, and to invite them to adopt the same main courses of action . The 11 principles are intended to guide national responses to CIIP. However, to this end, it is crucial that the principles be communicated to all parties concerned.
The essential elements of the principles of protecting CII were adopted by the 78th United Nations General Assembly . Resolution 58/199 of January 2004, entitled “Creation of a global culture of cyber security and the protection of critical information infrastructures”, is complemented by the annex Elements for Protecting CII, which is based on the 11 principles defined by the G8 in 2003 .
The G8 justice and home affairs ministers (the ministerial meeting of the Lyon/Roma Group) met in Washington in May 2004 and endorsed Best Practices for Network Security, Incident Response and Reporting to Law Enforcement. This guide assists network operators and system administrators in responding to computer incidents .
One of the sub-groups of the Lyon Group, called the High-Tech Crime sub-group, deals with issues concerning CIIP. The sub-group’s goal for CIIP work is to find a way to protect the infrastructure that G8 countries are dependent on, and to provide a more unified approach to multinational companies that deal with a number of G8 countries for setting up an international information-sharing mechanism. Furthermore, the High-Tech Crime sub-group is active in a number of areas, including:
A CIIP handbook of national contact points. This International CIIP Directory is compiled and maintained by CPNI (UK), 2 and its scope is limited to national governmental organizations. The directory is not available publicly, commercially, or to industry (except on government business);
A summary of domestic legal frameworks and avenues of co-operation for addressing illegal internet content;
Best practice for law enforcement in addressing criminal misuse of wireless networks ;
A summary of countries’ national legislation regarding law enforcement treatment of encrypted evidence and current trends in criminal use of encryption;
A standard template for making and responding to requests for 24/7 high-tech investigative assistance;
A work plan for tackling viruses, worms, and other malicious code.
During its presidency of the G8 for the year 2005, the UK defined the improvement of international co-operation in the field of CIIP as a main objective.
From 15–17 June 2005, a meeting of the justice and home affairs ministers was held in Sheffield. On the basis of this meeting, the justice and home affairs ministers published a communiqué on CIIP. The communiqué refers to the Unified Response Tabletop Exercise hosted in New Orleans by the G8 High-Tech Crime sub-group in May 2005, where various experts in law enforcement, watch and warning, and industry met to find solutions to challenges in the field of CIIP. The communiqué also outlines areas where further action is required:
To continue to enhance communication and information-sharing between watch and warning organizations and law enforcement agencies;
To ensure that all G8 countries have, and encourage other countries to develop, watch and warning organizations able to detect vulnerabilities and threats;
To ensure that law enforcement agencies can quickly respond to serious cyber-threats and incidents;
To continue and strengthen cooperation with the private sector;
To continue to conduct national and multinational training and exercises.
At the same meeting in Sheffield in June 2005, the High-Tech Crime sub-group released a further paper on Best Practices for Law Enforcement Interaction with Victim-Companies During a Cyber-Crime investigation .
We acknowledge the contribution of the expert, Harry Hoverd of the Home Office, United Kingdom, who validated the content of this chapter.
6. G8 Principles for Protecting Critical Information Infrastructures, NISCC Quarterly (April–June 2003), p. 9.
The Group of Eight Survey of 2006 was reviewed by Harry Hoverd, Home Office, UK. For this edition, the authors have thoroughly updated the Group of Eight survey by referring to open-source material.
See the survey on the OECD in this volume.
See the country survey on the UK in this volume.
An informal grouping of the seven most advanced economies in the world, plus Russia. It is essentially a club for the world’s most powerful...
1. Introduction 2. Overview 3. Oligopoly Models 4. Competitive Models 5. OPEC and the Cartel Status 6. Conclusion ...
The Group of Seven/Eight (G7/G8) is an informal intergovernmental institution for the leaders of the world’s most powerful countries to govern...