China and Russia's 'International Code of Conduct for Information Security'

The following document was submitted to the United Nations General Assembly on 12 September 2011, one day before the opening of its official 2011 session opening. It was also posted on the Chinese government's foreign ministry website.


Preamble:

On September 12, 2011, the permanent representatives of China, Russia, Tajikistan and Uzbekistan to the United Nations submitted a letter jointly to the United Nations Secretary-General Ban Ki-moon, asking him to distribute the International Code of Conduct for Information Security drafted by their countries as a formal document of the 66th session the General Assembly and called upon countries to further discuss the document within the framework of the United Nations so as to reach consensus on the international norms and rules standardizing the behavior of countries concerning information and cyberspace at an early date.

The International Code of Conduct for Information Security raises a series of basic principles of maintaining information and network security which cover the political, military, economic, social, cultural, technical and other aspects. The principles stipulate that countries shall not use such information and telecom technologies as the network to conduct hostile behaviors and acts of aggression or to threaten international peace and security and stress that countries have the rights and obligations to protect their information and cyberspace as well as key information and network infrastructure from threats, interference and sabotage attacks. They advocate establishing a multilateral, transparent and democratic international Internet governance mechanism, fully respecting the rights and freedom of information and cyberspace with the premise of observing laws, helping developing countries develop the information and network technologies and cooperating on fighting cyber crimes.

In recent years, information and network security have drawn wide attention from the international community. There are rising calls to formulate international rules to standardize information and cyberspace behavior. It is understood that the draft submitted by China, Russia, Tajikistan, Uzbekistan and Uzbekistan is the first relatively comprehensive and systematic document in the world proposing the international rules on information and network security.


International Code of Conduct for Information Security

The General Assembly,

Recalling the General Assembly's resolutions on the role of science and technology in the context of international security, in which, inter alia, it recognized that scientific and technological developments could have both civilian and military applications and that progress in science and technology for civilian applications needed to be maintained and encouraged,

Noting that considerable progress has been achieved in developing and applying the latest information technologies and means of telecommunication,

Recognizing the need to prevent the potential use of information and communication technologies (ICTs) for purposes that are inconsistent with the objectives of maintaining international stability and security, and may adversely affect the integrity of the infrastructure within States, to the detriment of their security,

Underlining the need for enhanced coordination and cooperation among States in combating the criminal misuse of information technologies, and, in this context, stressing the role that can be played by the United Nations and other international and regional organizations,

Highlighting the importance of the security, continuity and stability of the Internet, and the need to protect the Internet and other ICT networks from threats and vulnerabilities, and reaffirming the need for a common understanding of the issues of Internet security and for further cooperation at national and international levels,

Reaffirming that policy authority for Internet-related public issues is the sovereign right of States, which have rights and responsibilities for international Internet-related public policy issues,

Recognizing that confidence and security in the use of information and communications technologies are among the main pillars of the information society, and that a robust global culture of cyber-security needs to be encouraged, promoted, developed and vigorously implemented, pursuant to Paragraph 4 of General Assembly Resolution A/RES/64/211,"Creation of a global culture of cybersecurity and taking stock of national efforts to protect critical information infrastructures",

Stressing the need for enhanced efforts to close the digital divide by facilitating the transfer of information technology and capacity-building to developing countries in the areas of cyber-security best practices and training, pursuant to Paragraph 11 of General Assembly Resolution A/RES/64/211,"Creation of a global culture of cybersecurity and taking stock of national efforts to protect critical information infrastructures",

Adopts the International Code of Conduct for Information Security as follows:

I. Purpose and Scope

The purpose of this Code is to identify States' rights and responsibilities in information space, promote their constructive and responsible behaviors, and enhance their cooperation in addressing the common threats and challenges in information space, so as to ensure the ICTs including networks to be solely used to the benefit of social and economic development and people's well-being, and consistent with the objective of maintaining international stability and security.

Adherence to this Code is voluntary and open to all states.

II. Code of Conduct

Each State voluntarily subscribing to this Code pledges:

  1. To comply with the UN Charter and universally recognized norms governing international relations, which enshrine, inter alia, respect for the sovereignty, territorial integrity and political independence of all states, respect for human rights and fundamental freedoms, as well as respect for diversity of history, culture and social systems of all countries.
  2. Not to use ICTs including networks to carry out hostile activities or acts of aggression and pose threats to international peace and security. Not to proliferate information weapons and related technologies.
  3. To cooperate in combating criminal and terrorist activities which use ICTs including networks, and curbing dissemination of information which incites terrorism, secessionism, extremism or undermines other countries' political, economic and social stability, as well as their spiritual and cultural environment.
  4. To endeavor to ensure the supply chain security of ICT products and services, prevent other states from using their resources, critical infrastructures, core technologies and other advantages, to undermine the right of the countries, which accepted this Code of Conduct, to independent control of ICTs, or to threaten other countries' political, economic and social security.
  5. To reaffirm all States' rights and responsibilities to protect, in accordance with relevant laws and regulations, their information space and critical information infrastructure from threats, disturbance, attack and sabotage.
  6. To fully respect the rights and freedom in information space, including rights and freedom of searching for, acquiring and disseminating information on the premise of complying with relevant national laws and regulations.
  7. To promote the establishment of a multilateral, transparent and democratic international management of the Internet to ensure an equitable distribution of resources, facilitate access for all and ensure a stable and secure functioning of the Internet.
  8. To lead all elements of society, including its information and communication private sectors, to understand their roles and responsibilities with regard to information security, in order to facilitate the creation of a culture of information security and the protection of critical information infrastructures.
  9. To assist developing countries in their efforts to enhance capacity-building on information security and to close the digital divide.
  10. To bolster bilateral, regional and international cooperation, promote the United Nations' important role in formulation of international norms, peaceful settlement of international disputes, and improvement of international cooperation in the field of information security, and enhance coordination among relevant international organizations.
  11. To settle any dispute resulting from the application of this Code through peaceful means and refrain from the threat or use of force.