The nongovernmental Global Commission on Stability in Cyberspace held a series of meetings aimed at establishing fundamental principles that states, non-state actors, and the privacy industry should follow to determine if a cyberattack constitutes an act of war.
The Commission worked with public and private stakeholders to develop language around behavior in cyberspace, with plans to release its final recommendations at the end of this year.
Last year, the Commission outlined precepts for state and non-state actors. They included:
avoidance of tampering with products and services if it impairs cyberspace stability;
proscriptions against the hacking of connected devices to create botnets;
government specification of a Vulnerabilities Equities Process, with a default presumption favoring public disclosure;
effective corporate policies for identifying and mitigating bugs and vulnerabilities in products and services vital to cyberspace stability;
state enactments of baseline cyber-hygiene regulations, and
bans on non-state actors engaging in offensive cyber operations against governments.