Roadmap for confidence building measures (CBM) in cyberspace

27 Nov 2019 11:30h - 13:00h

Event report

[Read more session reports and updates from the 14th Internet Governance Forum]

The session gave an overview of the progress made in terms of developing confidence-building measures (CBMs) in cyberspace and provided insights on how to move forward and bring multiple stakeholders to the discussion table. The participants agreed that the CBMs used in the online environment do not differ much from those applied in the offline world and that the already established approach could be applied to modern-day security challenges.

Although usually perceived as narrow, CBMs can provide a crucial component to the reduction of conflict, as seen by Mr Nikolas Ott (Project Manager in the cyber/ICT security team within the Transnational Threats Department of the Organization for Security and Co-operation in Europe (OSCE)). This is because these measures assist diplomats in navigating a landscape that is sometimes dominated by distrust and mutual contention.

Apart from members of the International organisations, the discussion on the state of confidence-building measures involved members of the private sector, who do not generally participate in CBMs conversations. However, the private sector represents a wide range of actors, ranging from the developers, the operators, the defenders and sometimes even the targets of particular attacks. To that end, Ms Caroline Greer (Head of European Public Policy, Cloudflare) shared the experience of CloudFare that currently protects over 20 million web properties worldwide, and noted along with other participants that public-private partnerships, sharing of the know-how as well as capacity development are key to safe and secure cyberspace.

The participants also addressed the issue of diversity and the importance of CBMs to bridge the differences between countries of a particular region. In this regard, Mr Sithuraj Ponraj (Director, International Cyber Policy Office, Cyber Security Agency of Singapore) emphasised the importance of confidence-building measures in a region where countries differ in terms of capacity, language, culture, and values, and pointed to the CBMs as a precondition for co-operation. He noted that their CBM proposals aimed to increase trust and confidence in a very fragmented landscape ‘where different countries have different ways of organising themselves for cybersecurity.’

Multistakeholder co-operation on developing and implementing CBMs was perceived by all the participants as the sine qua non for the success of these measures and the protection of cyberspace. To that end, Ms Camille Gufflet (Cybersecurity Policy Officer, European External Action Service (EEAS)) referred to the co-operation between the EU and its member states as well as the third partners that is essential to developing the trust required for developing an open, stable, and secure cyberspace. She also emphasised the importance of co-operating with the private sector due to the interconnectedness of the cyberspace.

By Katarina Andjelkovic