The Shanghai Cooperation Organization:Maintaining Cyber Security

in the Central Asia and Beyond

Oleg Demidov, CSCAP RussiaBengaluru, 2011

General Info

Intergovernmental regionalorganization

Successor of the Shanghai Five grouping

since 2001

Membership: Member States, Observer States,

Dialoue Partners (Sri-Lanka, Belarus’

since 2009), Guest Attendances

(ASEAN, CIS,Turkmenistan).

Milestones

The first steps:

1. The Shanghai five Grouping - April 26, 1996 (border issues);

2. 15 June 2001: Declaration of Shanghai Cooperation Organization;

3. July 2001: Treaty of Good-Neighbourliness and Friendly Cooperation

Structure

Cyber Security Agenda?

PotentialPopulation: 1548 mln people (22,2 percent of the world’s

population (3021 mln or43,4 % with Observer States or of the world’s population);

Territory: 30,2 mln km2 (37,5 km2 with observer states); GDP (PPP), expected in 2011: $13 trln in 2011 or nearly 18 % of the world’s

total GDP (PPP) ;Number of internet users: - 529 mln or 26 % of the world’s total in 2010;- 87 % of those being Chinese users, expected

growth in 2011 -16 %; - Low level of internet penetration (<40%)

Security Cooperation

• Shift from border security issues to broader cooperation in stabilizing the Central Asia.

• Adoption of the SCO Convention on Counterterrorism (2009).

• Coordination on reforming the UN mechanisms.

• Confirmation of NPT and The Central Asian Nuclear-Weapon-Free Zone (CANWFZ).

• Joint military exercises – “NORAK-Anti-Terror (April 2009). But the Russian-Chinese Peace Mission exercises are held outside of the SCO.

• Elaboration of mechanisms for anti-drug cooperation.

• Coordination of Afghanistan agenda.

Economic & Cultural Cooperation

Economy, energy & trade:

• Trade: Chinese proposal of free-trade area

• New SCO Stabilization fund: $10 billion

• Finances: Interbank Consortium, actions against global financial crisis (Chinese loans)

• Energy: joint resources projects (oil, gas, water)

Culture: Arts, festivals, exhibitions (largely symbolic)

Policy, energy, economy, new threats

SCO and CSTO Models

Military alliance, securitySingle Actor

Forum for Nations

Functions

1. The SCO = Political and Diplomatic Coordination Forum;

2. The SCO = Economic Alliance;

3. The SCO = Energy “Club”;

_ _ _ __ _ _ __ _ _ __ _ _ __ _ _ __ _ _ __ _ _ __ _ _ _

BUT!

1. The SCO is not a military alliance

2. The SCO is not a hard security community, it has been dealing only with “the new threats”

Cyber Security Agenda

- Not a part of the SCO’s major agenda before 2006;

- Starting point - October 2006, founding meeting of the SCO Group of Governmental Experts in Cybersecurity;

Initial Functions:- To provide an alternative

tribune for Russian initiatives on IIS regulation;

- To be a “minimum denominator” harmonizing the three forces’ agenda;

Context: Failure of the Russian initiatives on IIS in the UN

Major Developments

1. The 7th council meeting of the SCO Heads of State held on August 16 in Kyrgyzstan.

“The SCO Member States Action Plan to Safeguard IIS” adopted.

2. The Council of the Heads of the member States in Dushanbe, August 2008.

Joint communiqué: The member states “considered it expedient to draft an intergovernmental agreement in the SCO framework in the field of international information security” “with the aim of creating legal framework for cooperation in this field”.

Yekaterinburg Accord

Intergovernmental Agreement of the SCO member states on cooperation in providing IIS

- Adopted on 16 June 2009;- Came into effect on 2 June 2011 after ratification by 6

member states;- Basically deals with cyberwars and use of ICT in order

to affect national interests;- Terminology and concepts similar to those proposed

by Russia during the UN GEG and HLEG meetings since 1998;

- Might be regarded as a blue-print for a comprehensive regional treaty on cybersecurity

Common agenda with the CSCAP:1.Threats of natural or man-induced character to secure

and stable operation of global and national information infrastructure

2. Information crime

3. The document is open for any other states to join

Yekaterinburg Accord

Matrix for CS Agenda1. Citizens VS Citizens = 2. Cybercrime

2. Citizens VS States = Cyber Crime or Cyber Terrorism

3. States VS Citizens = ? Attacks again bloggers by hacker teams from pro-governmental youth movements in Russia

4. States VS States = Cyber Conflicts

SCO

CSCAP

Recent Initiatives

1. SCO summit in Astana on 15-16 June 2011:

- strengthening cooperation on internet security issues ;

- strengthening state control over the internet (impact of the Arab spring);

The Kazakh President Nazarbaev :

- The idea of SCO “cyber police” (not put into effect)

2. September 2011, regional anti-terrorism meeting in Beijing:

- Call to further strengthen their cooperation to fight cyber terrorism and online terrorist financing;

- Major roots of these evils: free access, lack of supervision, anonymity and unlimited information dissemination

IIS Code of Conduct Initiative

• 4 SCO members: the letter from 12 September 2011 to the UN Secretary-General

• Draft: International code of conduct for information security• Purpose: ”…to identify the rights and responsibilities of States in information

space, <...> and enhance their cooperation in addressing the common threats and challenges in information space…”

(a) Impact of the Arab spring;

(b) Proves Russian leadership and dominating approach in reference to this initiative;

(c) The three forces directly from the SCO agenda;

(g) Call for taking away control over root servers from ICANN to the UN;

(h) A novative element both for Russia and the SCO - referrence to ”IS culture”

Conclusion: the Draft largely goes beyond the scope of the discussion

CSTO&CIS Contribution

CSTO: PROKSI operations (“Countering crime in the information sphere”) – over 1700 websites revealed in 2009.CIS: - The Information Security Concept of CIS elaborated in 2007; - Strategy for the CIS member States’ cooperation in the sphere of informatization and its Action plan adopted in 2010

Conclusions: the SCO’s Cyber Security Agenda

A) Not a common minimum denominator anymore;

B) Cyber conflicts and nation states’ behavior in cyber space at the core of the cyber security agenda;

C) Attention to cyber terrorism and cyber crime largely through the lens of the three forces;

D) A profound lack of multistakeholderist approach;

E) Potential site for a comprehensive cybersecurity strategy for the CA to be elaborated and adopted

Recommendations for CSCAP

1. To move cooperation with SCO to systemic ground by arranging regular meetings with SCO representative in order to discuss and elaborate common agenda for cyber terrorism, cyber crime and to negotiate possible steps to forge international information security regime in the Asia Pacific by joint efforts.

2. To examine thoroughly the Information Security Policy Agreement of 2009 as an example of legally binding international act addressing major cyber security issues, and as a possible blue-print for a comprehensive regional cyber security strategy in the Central Asia.

Thank you for your attention!