サイバーセキュリティの国際政治

Cyberspace is an arena of disruptive activities as well as social, economic, and political transactions. With ever-increasing risks and threats, securing cyberspace is among the priorities of governance in the electronically connected world. However, global rules and norms for cybersecurity have been slow to develop, lagging behind the exponential growth of information networks. This article provides an account of the rivalries and cooperation among states with regard to emergent rules and norms for secure cyberspace. It argues that global cyber security norms are underdeveloped because of the divergence of principles espoused by cyber powers.<br> At the outset of the information revolution, a small number of relatively homogeneous states, namely western European countries and the United States, led the way to develop rules and norms for cybersecurity at such fora as the Council of Europe (CoE) and the Organisation for Economic Cooperation and Development (OECD). As major developers and users of information technologies, these countries were concerned with “cybersecurity” in the sense of the safety of information systems and their components (i.e. computers) and information processed over them. An important outcome of their cooperative efforts is the CoE Cybercrime Convention of 2001, which is the only binding international instrument in the field so far.<br> Meanwhile, with the diffusion of information technologies, a greater number of states became interested and involved in global cyberpolitics and began to challenge Euro-American standards. Significantly, China and Russia have been actively pursuing an international arrangement for “information security”. In 2007, the Shanghai Cooperation Organization (SCO), led by China and Russia, endorsed an action plan for “international information security” and, in 2009 the member states of the SCO signed an agreement on inter-governmental cooperation in the field of “international information security.” Furthermore, in 2011 Russia and China in cooperation with other SCO countries proposed to the United Nations General Assembly a resolution regarding an international code of conduct for information security, which called on member states, among other things, to refrain from distributing information that might destabilize the political systems of other countries.<br> It should be noted that “information security” as proposed by SCO countries includes not only the integrity of information and availability of information systems but also protection of socio-political systems from threats arising from cyberspace, that is, information that might have detrimental effects on the domestic regime. This notion of information security is inconsistent with the Euro-American conception of cybersecurity, which places emphasis on free flow of information. The United States, in particular, criticized the code of conduct as an attempt to offer an alternative view that would legitimize government control of the Internet. China and Russia, nonetheless, have found allies in the developing world.<br> In short, two groups of like-minded states now are promoting their respective rules and norms of behavior in cyberspace. It may be argued that, given the difference in the underlying principles, a comprehensive framework for cybersecurity is unlikely to be established in the foreseeable future.