Making norms work: Pursuing effective cybersecurity

20 Jun 2019 09:30h - 10:30h

Event report

[Read more session reports and live updates from the EuroDig 2019]

The session looked at ways in which cybersecurity norms could be entrenched into standard behaviour.

Mr Vladimir Radunovic (Cybersecurity and E-diplomacy Programmes Director, DiploFoundation) underlined that existing international law applies to cyberspace and that over 1000 digital policy instruments exist. This leads to the questions of whether new norms and instruments are needed, whether the existing ones have been effective, and whether they should remain voluntary and non-binding. Radunovic also stated that we might need to adopt new norms for evolving digital such as artificial intelligence (AI), but possibly also ones that will reflect the behaviour of state actors in peacetime rather than just during conflict.

Mr Uri Rosenthal (Commissioner, Global Commission on the Stability of Cyberspace (GCSC)) stressed the vital importance of having norms in cyberspace, highlighting the norm on protection of the public core of the Internet. He stated that we should aim for adopting the necessary norms, but also adopting rules and confidence building measures (CBMs). On implementation of norms, Rosenthal stated that effective communication with the wider public is needed. He underlined that we should not give up on the multistakeholder mechanism and that it should not be put in contrast with the multilateral mechanism, but rather these approaches should be brought together.

Ms Marietje Schaake (Commissioner, GCSC) highlighted that norms are the vehicle that stops the sense of lawlessness and unaccountability when it comes to breaches in the digital world. She explained that norms bridge the gap between unaccountability and legally binding principles, which brings to the discussion table actors that are not interested in discussing accountability. However, norms can also be used as a shield from adopting any binding principles. She stated that European stakeholders must come together and articulate principles that should not be disrupted by technology or the governing of technology. Schaake also stated that enforceable minimum standards are necessary for actors to behave well.

Ms Els de Busser (Assistant Professor Cyber Security Governance – Educational Director Executive MA Cyber Security, Leiden University) stated that the engagement between disciplines should be brought into the discussion on norms on a meta level. Busser stressed that what follows is implementing norms in an interdisciplinary way. Busser stated that the EU is a successful regulator because it is made from a small group of states with common values, which means that norms were built from the ground up. She also stated that the technical community should be brought to the table and be involved in the debate on norm building from the ground-up.

Mr Thomas Grob (Senior Expert Regulatory Strategy, Deutsche Telekom AG) agreed that an interdisciplinary approach to cyber norms is needed. He underlined that there is just one Internet and this is why global solutions are needed. He suggested that regional solutions build on a consensus that can be scaled up to the global level. In his view, non-binding mechanisms are not effective enough and a multilaterally agreed-upon cybersecurity convention will have to be adopted. Responsibilities of actors in cyberspace need to be defined clearly and enforcement and penalties need to be harmonised.


By Andrijana Gavrilović