The next chapter of UN cyber dialogues

Event report

Building blocks and new bricks

All the panellists agreed that the next chapter of the UN cyber dialogues must be based on the existing framework for responsible state behaviour in cyberspace (i.e. the reports of the UN Group of Governmental Experts (GGE) and the Open-Ended Working Group (OEWG)). Mr Henri Verdier (French Ambassador for Digital Affairs) cited good behaviour and international engagement as the core elements of cyber stability but noted that the consequences for those who do not adhere to the agreed framework also need to be discussed. Mr Pablo Castro (Cybersecurity Coordinator for the Ministry of Foreign Affairs of Chile) highlighted the importance of confidence-building measures (CBMs) for the Americas, especially establishing points of contact among states.

Yet, there is lots of work ahead as well. Mr Gerardo Isaac Morales Tenorio (Coordinator for Multidimensional Security at the Ministry of Foreign Affairs of Mexico) called for the implementation of the agreed measures. Castro reminded the session that implementation is the main challenge in the Americas, and noted the proposed national survey that may be very useful to understand the level of implementation of norms. Both Morales Tenorio and Castro emphasised the critical role of capacity building for implementation since it allows the processes to start on the national level. For example, for the development of national positions on the applicability of international law to cyberspace, states need lawyers and public sector experts. Mr Giacomo Persi Paoli (Programme Lead for Security and Technology Programme at the United Nations Institute for Disarmament Research (UNIDIR)) noted that one of the key roles of UNIDIR is as a knowledge provider and knowledge builder to support processes. He suggested its Cyber Policy Portal as a confidence-building tool.

Ms Nathalie Jaarsma (Ambassador-at-Large for Security Policy & Cyber of the Netherlands) underlined the important work of the Global Commission on Stability of Cyberspace (GCSC) on norms development, and the Global Forum on Cyber Expertise (GFCE) on capacity building. She suggested developing an understanding of the existing norms, such as on coordinated vulnerability disclosure; developing new norms, such as to protect the public core of the Internet; enhancing discussions on the international humanitarian law and the international human rights law; and clarifying positions of states on the applicability of international law. Verdier supported further understanding of norms, such as those related to the due diligence of states, and the development of new principles, such as ‘no hack-back’ and enhancing the culture of safety (including security-by-design and responsible disclosure of vulnerabilities). Castro agreed on the importance of clarifying state positions on the applicability of international law, though remained sceptical of establishing a common understanding in the near future. In the chat, Mr Amir Mokabberi suggested non-discriminatory access to capacity building, accountability of global digital platforms, and non-intervention as new norms.

Process(es)

In terms of the process itself, Morales Tenorio reaffirmed the importance of a multilateral setting (with substantial contributions from other sectors), the UN role, and regional processes as the best way to address the core elements of international cyber issues. Verdier, however, suggested that the multilateral UN processes are not enough, and should be complemented by other multistakeholder processes, such as the Paris Call for Trust and Security in Cyberspace, currently supported by 80 states (including the USA recently), 700 companies, and 350 civil society organisations. He also reminded the session about the initiative to establish an inclusive and multistakeholder Programme of Action (PoA), currently supported by 55 countries, to run in parallel with the OEWG as a permanent dedicated organisation. PoA, which will likely be proposed to the UN General Assembly in autumn 2022, would focus on financing norms implementations, capacity building, information sharing, and maintaining the cyber-stability index.

Persi Paoli noted that the OEWG will last for 5 years and will provide many opportunities to receive inputs and deliver outputs. He explained that one of UNIDIR’s roles is to support the OEWG Chair and his team with the process. Castro also highlighted the importance of regional organisations, such as the Organization of American States (OAS), which helps states to implement CBMs.

In the chat, participants raised concerns about the multiplicity of processes. Morales Tenorio noted that one single track would be ideal, but not possible in practice. Instead, more discussions are better, and simulations processes could pressure each other towards success, as happened with the OEWG and GGE in 2021. In his view, inclusivity of all states, and a feeling of ownership of states and involved stakeholders for the process, is very important.

Ms Kaja Ciglic (Senior Director, Digital Diplomacy – Microsoft) added that different processes have different purposes (e.g. in UN OEWG on cyber, GGE on Lethal Autonomous Weapons Systems, Paris Call), as it is hard to make progress on all issues in one process. According to Verdier, different cyber questions (like human-centric artificial intelligence (AI), or fair taxation systems) should be addressed through different forums rather than from a peace and security perspective, which could be dangerous for internet governance overall. For instance, disinformation comes as a consequence of the business model and should be addressed through regulations, while terrorist and violent content is a multistakeholder challenge, also addressed through the Christchurch Call. 

A question from the chat asked the difference between the OEWG and the Ad hoc committee on cybercrime. Persi Paoli clarified that the OEWG and GGE deal with international peace and security, and report to the First Committee of the UN, while the Ad hoc committee was set up by the Third Committee and focuses on cybercrime, although there is certain thematic overlap between them. A few participants offered useful resources: Interpol’s contribution to the Ad hoc discussions, and ICANN UN Update: Cyber-Related Developments. 

Jaarsma also reflected on the role of the UN Secretary-General’s High-level Panel on Digital Cooperation and the subsequent process. Its recommendation on trust and security connects to the sustainable development goals (e.g. connectivity of vulnerable groups, and economic and social growth) and the World Summit on the Information Society (WSIS) principles ahead of the WSIS+20 review (especially multistakeholder approach). The Netherlands is participating in drafting the working paper, which will be circulated also through the IGF and national and regional IGF communities for comments. In addition, the recently published Our Common Agenda report by the Secretary-General calls for a multistakeholder track for developing a Global Digital Compact. 

The multistakeholder approach in practice

In all these processes, and particularly the OEWG, it is very important to listen to other stakeholders, underlined Jaarsma sharing regrets that the OEWG has not devised formal mechanisms for involvement, but also her hope that the first substantive session will address this issue. In support of this, Ciglic invited states and stakeholders to endorse the Multi-Stakeholder Letter for OEWG Chair on Modalities and to take part in the side event to the OEWG first substantial session. Verdier also supported the multistakeholder engagement in the UN processes and shared a recent report on this by the Paris Call working group. Persi Paoli underscored the UNIDIR role as an independent think tank under the UN, to connect various stakeholders from governments to industry and civil society, even the hacker communities. Science-fiction communities might be useful as well, according to Castro’s personal experience. Persi Paoli also pointed out that ‘multistakeholder’ is not a single group – there are multiple interests and positions within the industry, as well as within civil society, and proposed increasing the understanding of what ‘multistakeholder’ means and what roles different stakeholders can play.

How could multistakeholder participation be organised in practice for the ongoing OEWG, participants asked in chat? For Morales Tenorio, the first OEWG showed that multistakeholder contributions are important not only as a narrative but for valuable contributions and a helping hand to the states. In practice, both formal and informal intersessional multistakeholder consultations should take place; in some phases, however, UN level negotiations also benefit from no participation of the broader community. In the chat, Ms Anastasiya Kazakova (Senior Public Affairs Manager at Kaspersky) suggested that having a more diverse set of experts could make the UN cyber dialogues clearer and more aligned, but smaller players (like SMEs) don’t have many resources to meaningfully participate. Mr Wolfgang Kleinwaechter (Professor Emeritus at the University of Aarhus) suggested planning more structured and extended informal consultations back-to-back with the OEWG meeting in 2022 (week of 28 March). Ciglic added the relevance of direct consultations of stakeholders with states.

How can the IGF itself address challenges of the OEWG, some participants asked? Ms Anriette Esterhuysen ( outgoing IGF Multistakeholder Advisory Group (MAG) Chair) suggested the IGF as a venue for continuous discussion of compliance with cyber-norms and CBMs on a national level, and a possible connection with the PoA. Discussion in the chat highlighted the potential of the IGF Plus – in particular the roles of the UN Tech Envoy, the IGF Leadership Panel, and the MAG, as well as the parliamentarian track. Submissions through the IGF to the OEWG was also suggested. Ms Yik Chan Chin (Associate Professor at the Beijing Normal University) and Chris Buckridge (RIPE NCC) emphasised the role of regional IGFs, such as the Asia-Pacific IGF and  EuroDIG, as outreach for the OEWG and related processes to broader communities, and the role of the academic community, like GIGANet. 

Christmas Wishlist

Following a chat question by Mr Amir Mokabberi as to whether states could recognise cyber as a civilian, development-oriented space for peaceful purposes only, participants recognised this would unfortunately not be realistic, but offered their own ‘Christmas Wishlist’ of possible achievements in the next period. Jaarsma had a long list of wishes: a common understanding of the normative framework, including the application of human rights; more countries to be able to articulate their positions on the applicability of international law; OEWG and other processes to continue to be used as CBMs; constructive, human-centred and action-oriented discussions based on evidence, reality, and multistakeholder participation; finding ways to have other stakeholders more engaged; and conducting the WSIS+20 review in the spirit of consensus. Persi Paoli expressed his hope that we won’t have to wait for the full 5 years of the OEWG – and its final report – to have new actional outcomes. Verdier hoped for prohibiting certain behaviours, continuing multistakeholder-based processes on human rights and internet governance, and enhancing discussions (possibly within the Paris Call or the PoA) on digital safety standards which can have consequences for the behaviour of states. Castro was less optimistic, reminding us that differences between states are huge and it will be hard to bridge them in the near future. Finally, Morales Tenorio wished for more: more people to get access to technologies, more experts to engage in these conversations, more gaps to be bridged, a more certain stable environment, more implementation and reporting of the implementation of agreed norms, more responsibility, and more capacity.

By Vladimir Radunović

Session in numbers and graphs

Automated summary

Diplo’s AI Lab experiments with automated summaries generated from the IGF sessions. They will complement our traditional reporting. Please let us know if you would like to learn more about this experiment at ai@diplomacy.edu. The automated summary of this session can be found at this link.