The Shanghai Cooperation Organization: Maintaining Cyber Security in the Central Asia and Beyond

1. The Shanghai Cooperation Organization:Maintaining Cyber Security in the Central Asia and Beyond Oleg Demidov, CSCAP Russia Bengaluru, 2011 POLITY Foundation

2. General Info Intergovernmental regional organization Successor of the Shanghai Five grouping since 2001 Membership: Member States, Observer States, Dialoue Partners (Sri-Lanka, Belarus’ since 2009), Guest Attendances (ASEAN, CIS, Turkmenistan). POLITY Foundation

3. Milestones The first steps: 1. The Shanghai five Grouping - April 26, 1996 (border issues); 2. 15 June 2001: Declaration of Shanghai Cooperation Organization; 3. July 2001: Treaty of Good-Neighbourliness and Friendly Cooperation POLITY Foundation

4. Structure Cyber Security Agenda? POLITY Foundation

5. Potential Population: 1548 mln people (22,2 percent of the world’s population (3021 mln or43,4 % with Observer States or of the world’s population); Territory: 30,2 mln km2 (37,5 km2 with observer states); GDP (PPP), expected in 2011: $13 trln in 2011 or nearly 18 % of the world’s total GDP (PPP) ; Number of internet users: • 529 mln or 26 % of the world’s total in 2010; • 87 % of those being Chinese users, expected growth in 2011 -16 %; • Low level of internet penetration (<40%) POLITY Foundation

6. Security Cooperation • Shift from border security issues to broader cooperation in stabilizing the Central Asia. • Adoption of the SCO Convention on Counterterrorism (2009). • Coordination on reforming the UN mechanisms. • Confirmation of NPT and The Central Asian Nuclear-Weapon-Free Zone (CANWFZ). • Joint military exercises – “NORAK-Anti-Terror (April 2009). But the Russian-Chinese Peace Mission exercises are held outside of the SCO. • Elaboration of mechanisms for anti-drug cooperation. • Coordination of Afghanistan agenda. POLITY Foundation

7. Economic & Cultural Cooperation Economy, energy & trade: • Trade: Chinese proposal of free-trade area • New SCO Stabilization fund: $10 billion • Finances: Interbank Consortium, actions against global financial crisis (Chinese loans) • Energy: joint resources projects (oil, gas, water) Culture: Arts, festivals, exhibitions (largely symbolic) POLITY Foundation

8. SCO and CSTO Models SCO Policy, energy, economy, new threats Forum for Nations CSTO Single Actor Military alliance, security POLITY Foundation

9. Functions 1. The SCO = Political and Diplomatic Coordination Forum; 2. The SCO = Economic Alliance; 3. The SCO = Energy “Club”; _ _ _ __ _ _ __ _ _ __ _ _ __ _ _ __ _ _ __ _ _ __ _ _ _ BUT! 1. The SCO is not a military alliance 2. The SCO is not a hard security community, it has been dealing only with “the new threats” POLITY Foundation

10. Cyber Security Agenda • Not a part of the SCO’s major agenda before 2006; • Starting point - October 2006, founding meeting of the SCO Group of Governmental Experts in Cybersecurity; • Initial Functions: • To provide an alternative tribune for Russian initiatives on IIS regulation; • To be a “minimum denominator” harmonizing the three forces’ agenda; • Context: Failure of the Russian initiatives on IIS in the UN POLITY Foundation

11. Major Developments • The 7th council meeting of the SCO Heads of State held on August 16in Kyrgyzstan. “The SCO Member States Action Plan to Safeguard IIS” adopted. 2. The Council of the Heads of the member States in Dushanbe, August 2008. Joint communiqué: The member states “considered it expedient to draft an intergovernmental agreement in the SCO framework in the field of international information security” “with the aim of creating legal framework for cooperation in this field”. POLITY Foundation

12. Yekaterinburg Accord Intergovernmental Agreement of the SCO member states on cooperation in providing IIS - Adopted on 16 June 2009; • Came into effect on 2 June 2011 after ratification by 6 member states; • Basically deals with cyberwars and use of ICT in order to affect national interests; • Terminology and concepts similar to those proposed by Russia during the UN GEG and HLEG meetings since 1998; • Might be regarded as a blue-print for a comprehensive regional treaty on cybersecurity POLITY Foundation

13. Yekaterinburg Accord Common agenda with the CSCAP: • Threats of natural or man-induced character to secure and stable operation of global and national information infrastructure 2. Information crime 3. The document is open for any other states to join POLITY Foundation

14. Matrix for CS Agenda SCO CSCAP POLITY Foundation

15. Recent Initiatives • SCO summit in Astana on 15-16 June 2011: • strengthening cooperation on internet security issues ; • strengthening state control over the internet (impact of the Arab spring); The Kazakh President Nazarbaev : • The idea of SCO “cyber police” (not put into effect) • 2. September 2011, regional anti-terrorism meeting in Beijing: • Call to further strengthen their cooperation to fight cyber terrorism and online terrorist financing; • Major roots of these evils: free access, lack of supervision, anonymity and unlimited information dissemination POLITY Foundation

16. IIS Code of Conduct Initiative • 4 SCO members: the letter from 12 September 2011 to the UN Secretary-General • Draft: International code of conduct for information security • Purpose: ”…to identify the rights and responsibilities of States in information space, <...> and enhance their cooperation in addressing the common threats and challenges in information space…” (a) Impact of the Arab spring; (b) Proves Russian leadership and dominating approach in reference to this initiative; (c) The three forces directly from the SCO agenda; (g) Call for taking away control over root servers from ICANN to the UN; (h) A novative element both for Russia and the SCO - referrence to ”IS culture” Conclusion: the Draft largely goes beyond the scope of the discussion POLITY Foundation

17. CSTO&CIS Contribution CSTO: PROKSI operations (“Countering crime in the information sphere”) – over 1700 websites revealed in 2009. CIS: - TheInformation Security Concept of CIS elaborated in 2007; - Strategy for the CIS member States’ cooperation in the sphere of informatization and its Action plan adopted in 2010 POLITY Foundation

18. Conclusions: the SCO’s Cyber Security Agenda A) Not a common minimum denominator anymore; B) Cyber conflicts and nation states’ behavior in cyber space at the core of the cyber security agenda; C) Attention to cyber terrorism and cyber crime largely through the lens of the three forces; D) A profound lack of multistakeholderist approach; E) Potential site for a comprehensive cybersecurity strategy for the CA to be elaborated and adopted POLITY Foundation

19. Recommendations for CSCAP • To move cooperation with SCO to systemic ground by arranging regular meetings with SCO representative in order to discuss and elaborate common agenda for cyber terrorism, cyber crime and to negotiate possible steps to forge international information security regime in the Asia Pacific by joint efforts. 2. To examine thoroughly the Information Security Policy Agreement of 2009 as an example of legally binding international act addressing major cyber security issues, and as a possible blue-print for a comprehensive regional cyber security strategy in the Central Asia. POLITY Foundation

20. Thank you for your attention! POLITY Foundation