Shaping a UN Cyber Programme of Action | IGF 2023 Open Forum #84

12 Oct 2023 00:30h - 01:30h UTC

Event report

Speakers and Moderators

Speakers:
  • David Fairchild, Global Affairs Canada, WEOG
  • Raman Jit Singh, Access Now, Asia-Pacific
  • David Hevey, Australian Department for Foreign Affairs and Trade, Asia-Pacific
  • Henri Verdier, French Ministry of Foreign Affairs, WEOG
  • Joyce Hakmeh, Chatham House, WEOG
Moderators:
  • Keerti Rajagopalan; Namrata Maheshwari
  • Ellie McDonald, Global Partners Digital, WEOG

Table of contents

Disclaimer: It should be noted that the reporting, analysis and chatbot answers are generated automatically by DiploGPT from the official UN transcripts and, in case of just-in-time reporting, the audiovisual recordings on UN Web TV. The accuracy and completeness of the resources and results can therefore not be guaranteed.

Full session report

Audience

The participants in the discussion addressed various significant aspects of counterterrorism policies in relation to cyber issues and human rights. One of the main arguments raised was the critical need to broaden the cybersecurity discussion within counterterrorism policies. It was noted that the current mandate of the CTED (Counter-Terrorism Committee Executive Directorate) and the UN Office on Counterterrorism is too narrow when it comes to cybersecurity. This limitation restricts the discussion on crucial matters like state-sponsored cyber warfare, hindering the development of comprehensive strategies to address cyber threats in counterterrorism efforts.

Another key argument put forward during the discussion was the necessity of incorporating human rights laws in online contexts. The OHCHR (Office of the High Commissioner for Human Rights) and the Special Rapporteur for Human Rights and Counterterrorism stressed that human rights laws should be applicable online as well as offline. This recognition underscores the importance of protecting fundamental rights in the digital realm. Including human rights laws in counterterrorism policies is vital to ensure a balanced approach that safeguards both security and individual rights.

The participants also emphasised the need for an advanced counterterrorism approach that effectively intercepts the exploitation of information and communication technology (ICT) for terrorist purposes. The CTED is currently finalising non-binding guiding principles for member states on ICT and its prevention of terrorist exploitation. This initiative demonstrates the acknowledgement that terrorists are increasingly utilising digital platforms and technologies to advance their objectives. Developing effective strategies to counter this exploitation is essential in addressing the evolving nature of modern threats.

Furthermore, the discussion highlighted the importance of supporting the work of the OEWG (Open-Ended Working Group) and other General Assembly bodies in the development of counterterrorism strategies. It was suggested that the Security Council should refine its counterterrorism strategies with input from other UN bodies. This collaborative approach can lead to a more comprehensive and inclusive framework for tackling the multifaceted challenges posed by terrorism.

In conclusion, the discussion shed light on various critical aspects of counterterrorism policies concerning cyber issues and human rights. Expanding the cybersecurity discussion within counterterrorism policies and including human rights laws in online contexts were identified as crucial steps. Intercepting the exploitation of ICT for terrorist purposes and promoting collaboration among UN bodies were also emphasised as important strategies. However, it was noted that the current mandate of the CTED and the UN Office on Counterterrorism is limiting in its scope. Efforts are currently focused on training law enforcement officers to monitor online content, but there is a need for broader discussions and strategies to effectively address cyber threats in counterterrorism efforts.

David Hevey

Australia has been a long-standing advocate for the establishment of the Plan of Action (POA) as an institutionalised UN mechanism. They were heartened by the broad cross-section, cross-regional support for the UN General Assembly resolution on the POA last year. Australia believes that the POA should build on the hard, collaborative work of the open-ended working group and provide practical guidance to implement the UN framework on responsible state behavior. This signifies a positive sentiment towards the POA.

From Australia’s perspective, a functioning POA should have clear scope, flexibility both substantive and procedural, functionality in terms of its framework being put into practice, and inclusion of states and non-state actors. They suggest that the framework of the POA may be further developed by consensus. Australia values the POA as a means to facilitate all countries, irrespective of their size or level of development, to determine their own digital future. This reflects a positive sentiment towards the POA’s role in promoting peace, justice, and strong institutions, aligning with Sustainable Development Goal 16.

Australia’s advocacy extends to the participation of all member states and non-state actors in the POA. They view this as a key aspect of the POA’s success. In line with this, Australia has included this messaging in their stance, indicating a positive sentiment towards inclusivity in the POA.

Furthermore, Australia sees the POA as a way to implement permanent changes and emphasizes the importance of capacity building. They strongly support the emphasis on capacity building, considering it a significant component for achieving the objectives of the POA. This highlights their positive stance towards using the POA to bring about long-lasting and actionable measures.

To summarise, Australia has been a staunch supporter of the establishment of the POA as a UN mechanism. They believe it should be built upon the collaborative work of the open-ended working group and provide practical guidance for responsible state behaviour. Australia emphasises the need for clear scope, flexibility, functionality, and inclusion in the POA. They advocate for the participation of all member states and non-state actors, view it as a way to implement permanent changes, and stress the importance of capacity building. Their approach is geared towards an actionable, permanent, and inclusive approach to security. The general sentiment expressed by Australia regarding the POA is positive.

Joyce Hakmeh

States have already agreed on a framework for responsible behaviour in cyberspace, but the challenge lies in successfully implementing it. This framework agreement, known as the Plan of Action (POA), has been achieved three times, in 2015 and twice in 2021. However, failure to implement this framework usually stems from a lack of capacity, resources, and a structured approach. The POA can help address these challenges by bringing in resources and fostering a sustainable and permanent forum.

Open dialogues and dedicated discussions within the POA are crucial in promoting understanding and progress in cyber capacity building and the application of international law in cyberspace. By having separate streams for different pillars of the framework, such as confidence-building measures (CBMs), international law, and norms, their entanglement can be avoided. Regular conversations among states foster better understanding and learning in these areas. Furthermore, the inclusion of non-state stakeholders in these discussions can provide valuable expertise and perspective.

However, one key issue that needs attention is the lack of interconnectivity among the United Nations’ (UN) cyber processes. The UN’s cyber processes should be interconnected in order to address this issue effectively. It is important to understand the sensitivities involved in making these connections.

To address this challenge, multi-stakeholders can play an important role in linking the different issues related to cyber processes. They can help in understanding where these issues connect and where the links and overlaps are. The hope is that the POA can serve as a vehicle to accomplish this.

Notably, Joyce Hakmeh appreciates the push for multi-stakeholderism and inclusion in the initiative. The emphasis on including various stakeholders and perspectives is seen as a positive aspect of the initiative. Hakmeh also advocates for enhanced collaboration among multi-stakeholders, recognizing its importance in advancing the conversations beyond just having multi-stakeholders in the room.

In conclusion, while states have already agreed on a framework for responsible behavior in cyberspace, the challenge lies in successfully implementing it. The POA can help address this challenge by bringing in resources and fostering a sustainable and permanent forum. Open dialogues and dedicated discussions within the POA are pivotal in promoting understanding and progress in cyber capacity building and the application of international law in cyberspace. Multi-stakeholders have an important role to play in linking these issues and enhancing collaboration among different stakeholders. The push for multi-stakeholderism and inclusion in the initiative is applauded, and the hope is that the UN’s cyber processes can be interconnected to address the challenges effectively.

David Fairchild

The analysis explores different perspectives on cyber policies, focusing on the contributions and approaches of various stakeholders. One key observation is the positive recognition of Canada’s active participation in Global Governance Entities (GGEs) and Open and Working Groups, demonstrating its commitment to shaping global cyber policies. Canada’s policy development process is highlighted for its co-creation model, which involves engaging multiple stakeholders to ensure inclusivity and a human-centric approach.

Another important argument presented is the significance of a human rights framework as the basis for cyber policies. The analysis emphasizes that the human rights framework is currently under attack and must be protected. Canada, in line with SDG 16 (Peace, Justice and Strong Institutions), aims to ensure that the transition to a program of action is firmly framed within the context of human rights. This demonstrates a commitment to protecting individuals’ rights and privacy within the cyberspace ecosystem.

The analysis also introduces the concept of cyberspace as a co-owned space. This perspective emphasizes the need for dialogue and partnerships among member states to collectively address cybersecurity issues. By recognizing cyberspace as a shared responsibility, countries can work together to create a more secure and equitable online environment. The analysis underscores the importance of dialogue and providing a platform for addressing these issues, promoting collaboration and building partnerships.

The Programme of Action (POA) is highlighted as a valuable tool for institutionalizing dialogue and addressing cyberspace issues. The POA acts as an aggregator, bringing together diverse stakeholders to work through challenges and bridge gaps. It is seen as an effective means to foster cooperation and find solutions to complex cyber-related problems. This aligns with SDG 16’s goal of promoting peace, justice, and strong institutions.

In conclusion, the analysis commends Canada for advocating multi-stakeholder and human-centric approaches to cyber policies. Additionally, it stresses the importance of a human rights framework, a co-owned perspective of cyberspace, and the institutionalization of dialogue through the POA. These perspectives and arguments provide a comprehensive understanding of the complexities and challenges associated with cyber policies, offering valuable insights for creating more inclusive and secure digital ecosystems.

Ellie McDonald

Ellie McDonald has presented the concept of a Cyber Programme of Action (POA), which has garnered support from a group of UN member states. The POA aims to address threats in cyberspace and promote engagement and cooperation among stakeholders in a human-centric and rights-respecting way. It supports the implementation of the Responsible State Behaviour Framework and primarily targets states and actors involved in the UN’s Open-Ended Working Group on Information and Communication Technologies (ICTs).

Supporters argue that the POA has the potential to establish permanent, open, transparent, and inclusive discussions. It recognizes shared but differentiated responsibilities and encourages the contributions of stakeholders to be heard and acted upon. The POA also emphasizes the importance of capacity-building and operationalization to ensure effective implementation.

Furthermore, the POA must be responsive to real-life events and threats, demonstrating its relevance and effectiveness. Diversity of views is considered essential to inform the discussions, ensuring inclusivity and representation. Additionally, the POA should be co-created and co-owned, involving various stakeholders in its development.

In summary, the proposal for a Cyber Programme of Action aims to address cyber threats and foster collaboration among stakeholders. It advocates for open, transparent, and inclusive discussions that respect human rights and international law. The POA should prioritize capacity-building and operationalization, responsiveness to real-life events, and the inclusion of diverse views. Co-creation and co-ownership will contribute to its success as a collective effort in combatting cyber threats.

Raman Jit Singh

Raman Jit Singh highlights the need for the Program of Action (POA) on cybersecurity to address real-world threats, particularly those targeting civil society and human rights actors. Singh argues that proactive measures must be taken to protect these vulnerable groups. Singh expresses concern about the increase in harmful cyber operations against humanitarian and civil rights actors, including human rights defenders who face various forms of cyber intimidation. He emphasizes the urgency of addressing these pressing issues in the POA. Singh’s overall sentiment is one of concern.

Another important concern raised by Singh is the proliferation of spyware and the ‘hack-for-hire’ industry, which he believes significantly undermines global cybersecurity. Singh urges the POA process to explore, challenge, and take action against these dangerous activities. He maintains a critical stance, emphasizing the importance of confronting these threats head-on.

Singh also stresses the need for more detailed discussions on cybersecurity concerns, state collaboration, and joint action. He asserts that the POA should delve deeper into current threats and specific topics such as cybersecurity vulnerabilities. Singh advocates for tangible cooperative actions between states to effectively address these challenges. His sentiment is assertive, reflecting a strong call for collaboration and action in the cybersecurity domain.

In terms of protection, Singh advocates for actors at immediate risk, particularly Computer Security Incident Response Teams (CSIRTs), who play a critical role in advancing and maintaining cybersecurity. He highlights the need to discuss and take actionable steps to protect these first responders in cybersecurity. Singh’s sentiment is supportive, emphasizing the significance of safeguarding these key players.

Furthermore, Singh points out the complexity and lack of clarity in combining the counterterrorism debate with the cyber conversation within the United Nations. He highlights the sensitive nature of discussions around non-state actors in the existing Open-Ended Working Group (OEWG) process. Singh notes the reliance on previous rulings such as the Delhi Declaration and the outcomes of the Counterterrorism Committee and Security Council. His sentiment is negative towards the current challenges faced in integrating counterterrorism and cyber issues in UN discussions.

Singh also stresses the need to incorporate human rights and their defense in the cyber conversation. He highlights resistance to discussing human rights defenders (HRDs) and the targeting of HRDs within the OEWG. Additionally, Singh points out the challenging nature of the conversation for humanitarian actors and international humanitarian law. His sentiment is positive towards the inclusion of human rights in the cyber conversation.

Singh supports a comprehensive approach in the cyber conversation, advocating for not only establishing norms but also implementing security measures. He emphasizes the importance of balancing both aspects to effectively combat cyber threats. Singh’s sentiment is positive, highlighting the need for a holistic strategy.

Despite acknowledging the contentious nature of topics such as HRDs, counterterrorism, and cyber issues, Singh advocates for addressing them in the POA process. He encourages open discussions and the pursuit of solutions despite initial reluctance. Singh holds a positive sentiment towards addressing these contested topics.

Additionally, Singh expresses concern that the POA process is primarily anchored in UN headquarters locations, limiting international participation. He believes that wider participation is crucial to ensuring a comprehensive and inclusive approach to cybersecurity. Singh’s sentiment is negative regarding the current lack of international involvement.

Furthermore, Singh encourages governments and actors to have consultations on the POA process in their respective capitals or locations. This approach will allow for a broader range of perspectives and ensure the inclusion of diverse voices in shaping the POA. His sentiment is positive towards fostering dialogue and engagement.

In conclusion, Raman Jit Singh highlights several key points related to the POA on cybersecurity. He emphasizes the need to address real-world threats targeting civil society and human rights actors, while also taking action against the proliferation of spyware and the ‘hack-for-hire’ industry. Singh advocates for detailed discussions on cybersecurity concerns, state collaboration, and joint action. He supports the protection of key actors at immediate risk, the inclusion of human rights in the cyber conversation, and a comprehensive approach that balances norms and security measures. Singh also calls for addressing contested topics and increasing international participation. Finally, he emphasizes the importance of fostering frankness and ambition in the POA process.

Henri Verdier

The UN Program of Action aims to create a more inclusive forum for conversations on cybersecurity, involving civil society and the private sector. It recognizes the importance of these actors in shaping the cyber space and the blurred boundaries between conflicts, belligerence, and civil society. Implementing international law in cyberspace is challenging due to the unique complexities and lack of infrastructure. Progress has been made in recognizing principles and norms, with ongoing efforts to further develop frameworks. A permanent body is needed to ensure the effective implementation of cybersecurity norms, providing continuity and facilitating knowledge sharing and capacity building. Building peace and security in the cyber space requires not only norms and laws, but also good organizations and infrastructure. A broader approach is necessary to address the evolving cyber threats, going beyond established frameworks.

Session transcript

Ellie McDonald:
Hello, everyone, welcome to our open forum, shaping a UN Cyber Programme of Action. Thank you for joining us despite the early hour and I’m sure despite some fatigue as we reach the end of our community’s gathering. I’m Ellie McDonald from Global Partners Digital. We are a civil society and human rights organisation and we work to ensure a digital environment underpinned by human rights. This session has been co-organised by my own organisation alongside Access Now, Global Affairs Canada and the Australian Department of Foreign Affairs and Trade. We have a brilliant panel of speakers who we’re honoured to have with us and I’d now like to introduce the panel from left to right. So we have, or rather from left to right, we have Dave Hevey, First Secretary of Cyber and Digital Affairs of the Australian Permanent Mission to the UN in Geneva. We have Ambassador Henri Verdier, French Ambassador for Digital Affairs with the French Ministry for Europe and Foreign Affairs. We have Joyce Hakme, Deputy Director of the International Security Programme at Chatham House and the co-editor of the Journal of Cyber Policy. And finally, on his way, we have Ramanjit Singh Cheema, Senior International Counsel and Asia-Pacific Policy Director of Access Now. And we also would have had David Fairchild, First Secretary of the Permanent Mission of Canada, but sadly David is no longer able to join us. So the topic of our open forum is the Cyber Programme of Action. The POA is a proposal by a group of UN member states, including from those we’ll hear from today. The UN General Assembly has welcomed the proposal as a mechanism to discuss threats in cyberspace, to support states’ capacities to implement the Responsible State Behaviour Framework, to discuss and further develop, where appropriate, this framework, and to promote engagement and cooperation with relevant stakeholders. Many stakeholders, including my own organisation, have also welcomed the initiative, provided that it’s built on a clear and action-oriented political commitment, focused on implementing the key of responsible state behaviour in a human-centric and rights-respecting manner. We see that the POA offers a means to establish a permanent venue for discussions, rather than limited-term deliberations, to recognise the shared but differentiated responsibilities of different actors, by ensuring a mechanism which is open, inclusive and transparent, and where the contributions of stakeholders are heard and acted upon. Given both the promise of the Cyber POA and the peril of not addressing the threats which it seeks to combat, we feel there’s a need for discussions of the POA to reach a wider audience. To date, the POA proposal has been primarily directed at states and actors active within discussions at the UN’s Open-Ended Working Group on ICTs, and so for that reason, we all hoped to hold this open forum, to provide an opportunity to receive updates on the POA from those actively involved in discussions about its design, but also for those gathered in this room and online to share their views on the proposal and to ask questions. So we encourage you all to contribute enthusiastically, we have the benefit of being a small group, so please do share your views. So because we’d like to foster an interactive discussion, we’d like to begin with a poll for both our participants in person and online. We are going to be using Slido as a platform to facilitate this poll. Some of you might be familiar with this already, but if not, we ask you to please go to the URL currently displayed on the screen, yes, which is slido.com. You’ll then be prompted to enter a code which is, all capitals, cyber-POA, also displayed on the screen, and my colleague Kirti, who is our online moderator, will also share this in the chat. So while you’re setting this up, I will briefly explain the structure of our session today. So after talking through briefly the poll, I’ll ask questions to our first three panellists. We’ll then briefly pause for some questions and discussion from those in the room and online. This first round of discussion will be focused on getting an overview of the programme of action, unpacking what it is, what it hopes to achieve, and why it is needed. After this, we’ll move to our final question, to be followed by questions and discussion. And the second round is focused on ensuring the POA is genuinely multi-stakeholder and founded upon the international human rights law framework. Finally, I’ll ask each of the panellists to share a final reflection, and we’ll attempt to share some summary reflections. If you would like to ask a question, please come to the front of the room or the middle of the room to use one of these two microphones. We have only an hour, so I also ask that our panellists are timely in their interventions to ensure that the discussion remains interactive. So I’d like to turn briefly now to the Slido poll. So if you have it up, you’ll see that it asks a series of questions. The first asks for perspectives on the POA. The second asks if you have yet inputted to dialogue on the POA, whether through interaction with a member state, through a regional consultation, through statements or consultations undertaken by the open-ended working group on ICTs, through the UNIDIR consultation, or through a stakeholder effort to consolidate inputs. Our next question then asks for those that have inputted to one of these dialogues on the POA, did you feel that your input was or has been meaningfully considered and reflected in the design of the POA, and if not, what needs to change? So we’ll be collecting responses to that to include in our summary report of the session, and perhaps I can ask my colleague Kirti if we have had any reflections to the first question which asks about perspectives on the POA. Predominantly state-based. Okay, so we can return to this again later in our discussion, and perhaps it gives our panellists something to consider in their remarks. So with that, returning to that later, I’d like to ask our first question which is to Ambassador Verdier. Ambassador Verdier, France is one of the co-sponsors of the UN Programme of Action, a proposal for a permanent, inclusive and action-oriented mechanism. This proposal aims at supporting the implementation of the Responsible State Behaviour Framework, and through the UN General Assembly Resolution 7737, it has received wide support. But for those who may be less familiar with the proposal, what precisely is the Cyber POA and what is the objective that it seeks to achieve?

Henri Verdier:
Thank you for the invitation and for the opportunity to exchange about those important topics. But we will have to enter a bit within the UN machinery on those topics, machinery matters. So you just have, very briefly, to understand that the rise of the cyberspace could jeopardise all the security architecture, because every conflict now has a cyber aspect, and there is also a real conflictuality within the cyberspace, and this is a new situation because a cyber attack is not like a cynetic attack, this is invisible, very fast, geography doesn’t matter anymore, so it doesn’t matter anymore. So you have to be sure that the framework of global security, like the UN Charter, the Geneva Convention, can be implemented or respected. And this is a long story. In 1998, the UN started to work on this new context, so 25 years ago. Since 2004, there were some group of governmental experts, so it was usually, the first one was 15 states working during three years to write together a final report, and we did analyse the new situation, and do you know, first at this time, the question was, does international law apply in the cyberspace, so it took 10 years to recognise that international law did apply in the cyberspace. And then there were a series of expert governmental groups, GGE, and since 2021, we did extend this conversation through open-ended working groups, so open to every state, so it was more complex to manage, but more inclusive and more diverse, so it was a good step forward. And more or less since this year, since 2021, France, Egypt, and a group of trans-regional states is proposing to go further and to choose a new vehicle, which is the POA. Why do we propose this? That’s because, so as I told you 25 years ago, the question was, do we have to implement international law in the cyberspace? And then we did work hard to understand how to implement international law, and we did all together adopt some norms, and norms of state behaviour, and important principles, and some red lines, and that was important. I can tell you, for example, that when I do observe what’s happening in Ukraine and in some conflicts, we understand that some red lines are known, and there is little form of refrain, some attitudes are not there, so we can observe that it was important to collectively, together, recognise some principles and promise to respect some norms. But that’s not enough, and our view is that it’s time to go further. The most obvious aspect is that in the UN system, we are more or less 200 states, and for most of them, to implement those norms is very difficult. If you don’t have a cyber law, a cyber police, a cyber justice, a CERT, et cetera, how can you implement those very complex norms? So capacity building, for example, matters. If we don’t organise collectively to be sure that every state will have the ability to build serious resilience, what’s the point to discuss norms if you cannot implement them? That’s one important aspect. The second one is, of course, the multi-stakeholder issue. So as I told you, those processes were born within the first committee. The first committee deals with state behaviour and state religion. It’s about war and peace. So the first committee is not the most multi-stakeholder committee in the UN system, of course. But regarding cyber security, cyber war, cyber peace, first, the cyber space is not a natural space. It’s a space by someone. So private sector matters. And then the boundaries between conflict, belligerence, civil society are weaker and weaker. So for a lot of reasons, a strong real conversation with civil society and private sector is important. So we want to open a more inclusive forum, open to more actors, while respecting state sovereignty, of course. So we have to design something with rooms to exchange all together, and while respecting some prerogatives and responsibilities of states. So for all those reasons, we consider that it’s time to build the next VIKON, and we intend to implement it after the end of the current Open Energy Working Group. And the interest of a program of action, so this is a format that does exist in the UN system. For example, there is a program of action for small arms and lethal weapons. First, this is a permanent body. That’s very important. First, of course, this is a UN and inclusive body. Everyone can join the project. This is not for a few states. This is open to every member state. A permanent body that can have a dedicated team, that’s important, because if you observe the 25-year process, there were sequences of three and then five years. But every three years, you do negotiate a mandate, you build a new team, you adopt a final resolution, and then you dismantle everything, and you renegotiate a new process. So we need continuity, we need memories, we need a dedicated team. We need a more action-oriented process, because we want to be able, for example, to contribute to finance capacity building. Or why not to publish some indexes, the POA for small arms and lethal weapons does produce the disarmament index, so they create knowledge and they share resources. They are not just there to adopt a final resolution. And we need a body where you can design a global architecture to have a better cooperation and conversation with civil society and private sector. That’s why we are proposing a new format and a new project, and we hope that in the next three years we will succeed to create this.

Ellie McDonald:
Thank you very much, Ambassador Verdier. I think that was a very helpful context into the evolution of these discussions, and I’m sure we’ll be picking up on your point about the need for a strong and real conversation with a range of stakeholders, so thank you. With that, I’d like to turn to our next speaker, Dave. Australia has been a long-standing advocate of the establishment of the POA as an institutionalized UN mechanism and as the next evolution in UN cyber discussions. But what does a functioning POA look like, and in your view, what are the key ingredients to its success?

David Hevey:
Thank you, Ellie. Thank you for that, for the question. Also, g’day to everyone here in the room this morning, thank you for joining us. My response has a lot of overlap, and we’ll reaffirm some of the sentiments shared by Henry here, and even though I am, I really want to reaffirm the importance of that. So look, Australia is proud to be a strong supporter of the initiative to establish a permanent mechanism for responsible state behavior in the UN. We really are. We really believe that time is ripe to collectively discuss a future permanent mechanism to ensure the durability of the UN dialogue on responsible state behavior. As Henry said before, the continuity is really important in that respect. We were heartened by the broad cross-section, cross-regional support for the UNGA resolution on the POA last year, and so we’re really, I think with that, we really want to continue and drive forward on the POA and use that momentum. And I suppose we’re looking forward to seeing how that pans out in the coming negotiations in the first committee. Really, I think, we think, Australia thinks, that the POA should build on the hard, collaborative work of the open-ended working group in providing practical guidance to implement the UN framework on responsible state behavior. That’s absolutely paramount. The POA is the mechanism to carry forward this commitment. It’s really important to rules-based cyberspace. And again, the permanent nature allows us to focus on the matters at hand, the substance at hand, rather than renegotiating the processes. But importantly, the POA’s focus on capacity building, which is actually something really strong to my heart, that I used to work on in Australia, the focus on the capacity building will facilitate all countries, big and small, developing and developed, to determine their own digital future. And I think that’s absolutely imperative. It’s critical, again, that we do not lose that momentum of setting up a functioning POA. So what does that involve? I say to you a couple of elements. One, it’s scope. It needs a clear mandate that builds upon and reaffirms the agreed framework on responsible behavior in cyberspace, responsible state behavior. The second thing I’d say is flexibility. It needs both substantive and procedural flexibility, so that the POA can evolve with the global developments. Now, really, what does this mean? It means that the framework may be further developed by consensus, but it also has the procedural flexibility in meeting the structures, plenary reviews, and technical meetings that is involved in this whole system. The third element is ensuring that the framework can be put into practice. And again, that really highlights my focus, as mentioned before, on capacity building. And the fourth element is inclusion. And that’s a really, really important thing. Although states remain the main players in the state-based process, discussion should be open to all, to other stakeholders. We need to empower meaningful participation of voices that aren’t normally at the table, as they bring unique perspective, whether, for example, Indo-Pacific countries and Pacific Island countries that do not have the capacity or the resources meaningfully to engage. We want to be able to foster that. I think the other thing is that non-state actors would also help to further refine the POA and to advance the solutions under this. So I think that we’re confident that if we’re serious and we’re all committed collectively to this and incorporating these elements, that the POA and its process will see a strong initiative for fostering peace and stability in cyberspace. Thank you, Ellie.

Ellie McDonald:
And thank you so much, Dave. I think that was really helpful. to unpack and understand better what the POA could achieve and the different ingredients in your view that are so important to it. Just for those who’ve joined us recently, we are also using the Slido platform to facilitate interaction during the session. Some of you may be familiar with it already. If not, I promise it’s very simple to use. You can just visit the URL slido.com and then you’ll be prompted to enter a code, which is cyber-POA. We’ve asked a series of questions there on your perspectives on the POA and whether you’ve already inputted to consultations on its contents and if you feel they’ve been reflected in its design. The first question on perspectives, I’ll just ask our online moderator, Kirti, if there have been any further inputs to that question. So actionable, permanent, inclusive, and a crucial roadmap. Those have been the contributions from people, our participants virtually and in person. Thank you. So at this point, before we turn to our next two brilliant speakers, I’d just like to take pause to ask if we have any questions at this stage. So far our discussion has focused on understanding what the POA is and what it could hope to achieve. In the next aspect of the discussion, we’ll be focusing on precisely which aspects of the agenda it could seek to move forward, how it can ensure that it’s multi-stakeholder and rights respecting. So perhaps if you have questions, please focus them more on the broad scope of the POA. With that, does anyone have any questions in the room? If you do, please use one of these two microphones. Or Kirti, do we have any questions online? Perfect. Okay. Well, I will move to our next question, which is to Joyce Hackney from Chatham House. Joyce, Chatham House has been an active observer of the UN Open-Ended Working Group on ICTs and is undertaking research on key areas of its mandate, including the application of international law in cyberspace and the further interpretation and application of cybercapacity building principles, among other things, I’m sure. So based on your findings so far and your experience in this process, how could the POA make progress in these areas and contribute to responsible state behavior in cyberspace?

Joyce Hakmeh:
Thank you very much, Ellie, and good morning, everyone. It’s great to be with my panelists here and to be speaking about this very important topic. I mean, we’ve heard from the previous speakers about the importance of the POA and the importance of the issue, right? The importance of international peace and security and responsible behavior in cyberspace. And we heard also from them about how it should be ensuring this continuity and have this flexibility. And I guess maybe sort of like my starting point to your question is to focus on the importance of applying the consensus, applying the acquis that you talked about. It’s very important to reiterate that states have agreed on the rules of the road, right? This framework that we often refer to, not once but three times, right? First in 2015 and then again in 2021, both in the open-ended working group and in the GGE that the ambassador talked about. So it is very, very important and not very, you know, common that states agree on something, you know, and particularly in cyberspace and that, you know, there is a consensus that is reached. So this building on that consensus and operationalizing this framework is extremely important. And the POA, as we have heard, can help with that. As we know, there is a conversation now, you know, or like, you know, maybe different visions between implementing what we have agreed upon or, you know, sort of like building new norms or building new legal instruments. And sort of like my position to that is first, you know, these don’t have to be mutually exclusive. And second, you know, before we understand what is needed, we have to understand how the current agreement works, right? Does it work well? Does it sort of address the issue that we’re trying to solve? Are there gaps, et cetera? And if so, what is the appropriate sort of solutions that we need to develop? So that’s quite an important process, I suppose, in order not to develop half-baked solutions. So I guess the sort of the focus of the POA on implementing the framework is a very important one. Now, if we all agree that the implementation is important, then the next question becomes how do you actually do that? And as we know, you know, the failure to implement the framework is often not related to willingness, right? Like it’s not like because states don’t want to do so. More often than not, it’s an issue of capacity, right? There’s lack of capacity. There is lack of resources. And there is a lack of a structured and consistent approach. So as we’ve heard, the POA can help address all of those, right? It can help build the capacity. It can help, you know, create the sustainable and long-term sort of permanent forum. And also, as we have seen with other POAs, it can help bring resources that will help with operationalization, right? Because it’s all good to talk about, oh, yes, we want to do this, we want to do that. But if we don’t have the funding, the resources, human and otherwise, it’s very difficult to actually make progress. Now to your specific question on how the POA can contribute to the international law discussions specifically, I guess when I first sort of, you know, heard about the POA when it was first put on the table, what I was interested in the most is this sort of like this approach of kind of like having dedicated conversations about the different pillars of the framework. You know, on CBMs, on international law, on norms. So you’re not entangling them with each other and so that, you know, the success of one of the pillars is not contingent upon the successes of others. And I think that’s really important because we need to appreciate that, you know, conversations need to proceed somehow at a different pace. They need to require different approaches, et cetera. So the way the POA can function or if it goes in that direction, I think can be helpful to generate meaningful progress. So on the international law, you know, front, there can be dedicated discussions, dedicated work stream that not only talk about international law in broad terms but also goes specifically, let’s say, in international human rights law, international humanitarian law and address that sort of like those importance, specificities and nuances in those conversations. And something that the previous speakers focused upon and of course, you know, like a strong advocate being, you know, a stakeholder, non-state stakeholder ourselves, there is the importance of bringing the different perspectives into the debate. Of course, you know, the development of international law is the prerogative of states and no one is disputing that but the experts’ perspectives and the experts’ input is extremely valuable. In my organization, we have been doing quite a lot of work about the application of international law to cyberspace. A lot of like really important findings have come out of that work. So having the opportunity to contribute to the discussions is extremely valuable. And not only sort of like bringing the perspectives of multistakeholders, I think by having those dedicated conversations that aren’t necessarily always confrontational, right? We’ve agreed on that. What does that mean? What do we think it means? It also can help create that opportunity for states to learn from each other, right? And we have seen, you know, at the moment, I think the states who have published their positions on how international law applies to cyberspace, I think there are 30. So like a very small group of the 193 states and that is expanding. I was the first. You were the first, yes. But looking, for instance, at the UK, you know, the country I’m based in, there have been sort of evolution in the way they’ve been thinking about the international law application to cyberspace to take into more consideration how the threat landscape is evolving. You know, in the latest one, 2022, there was quite a big focus on ransomware, on the health sector, etc. So having those dedicated discussions in the POA will allow this opportunity to kind of compare notes because as we know, even countries that are allies don’t agree on all the principles of international law and how they think they apply. So having those constructive conversations will be very, very important. And maybe I’ll conclude by one more thing because you also asked me about the capacity building principles and how they can be operationalized. We’re doing at Chatham House a project at the moment taking the 10 principles that were agreed upon in the OEWG report in 2021 and trying to kind of like unpack them. What do they mean? What is driving them? How can they be implemented in a kind of capacity building context? And we’ll be presenting that work in New York on the sides of the July session of the open-ended working group. So if we had the work stream on capacity building as part of the POA, it would be great to sort of like be part of that and contribute with our perspectives and the perspectives of other stakeholders on this important issue.

Ellie McDonald:
Thank you so much, Joyce. That was really helpful to understand how the POA itself as the mechanism could be a really valuable venue for progressing discussions on those specific areas. And I found very compelling your remark that the different strands could potentially progress at different paces. I know that there have indeed only been around 30 states sharing their views on international law, but we’ve observed at least that some of these discussions have become richer and more detailed at recent sessions on international law and its application to cyberspace specifically. So I’m sure we can unpack that more in the discussion. But I’d like to turn now to Raman Singh Cheema from AccessNow. Raman, given AccessNow’s work to defend and extend the digital rights of users at risk, how in your view can the POA help to ensure cyber stability and peace with a focus on the protection of those most at risk from threats in cyberspace?

Raman Jit Singh:
Thank you so much, Ali. And I just wanted to give some context for why we participate in the program of action and what our interests are. AccessNow is an international digital rights organization, a civil society organization. And we, in a sense, are in an interesting position. We are a cybersecurity or digital security provider. We assist civil society and actors in the wider civil sphere, you could say, at risk when it comes to their reactive and proactive cybersecurity needs. And we also additionally analyze, track, publicly advocate, and campaign on these issues. And our engagement on this, in terms of all the cyber processes in the UN and the discussions around the program of action, is also recognizing a couple of different facts. The current status of cyber’s, you could say, operations of state cyber behavior, which is alarming. There’s a significant increase in problematic cyber operations between states, but also increasingly targeting civil human rights actors as well as humanitarian actors. And additionally, you are seeing a contestation on some of even these agreed norms, which is extremely alarming. But that said, the fact that we essentially have a new cyber process in the United Nations, agreed by such a large number of stakeholders, is a significant development. It’s a milestone. And it goes to the fact that we do recognize that, again, many actors have said they want regular forms of dialogue that is anchored in the UN, even though people acknowledge that the UN is not the best place for all of these conversations, but perhaps it is one of those regular places, a sort of common space or a court that people go to very regularly on this. And from our perspective, we do think that the fact that the space exists is good, but we should challenge actors. As I’ve said to Andre or to others as well, I think it’s very important that we do have some ambition, and we do have some objectives here. Ultimately, we are a human rights organization. For us, the conversation is important. The fact that we’re having this civilly, instead of trading either literally cyber warfare or cyber norm warfare by different resolutions or contestation is a good thing, but they are very real-world outcomes or very real-world threats we need to recognize that should be addressed by these processes. For us, it is definitely even the recognition of the threats that civil society and wider actors face that should be part of the POA process. I think, for example, many of us have acknowledged and been glad that at least the sort of problematic space for cyber, problematic cyber threats at humanitarian actors has at least been discussed in the UN Open-Ended Working Group. But the fact that it’s been difficult to secure success on that in even naming it in the reports of the current OEWG shows that that is a space we can do more. We can talk about how humanitarian actors are under regular concerted cyber attack, how human rights defenders are under different forms of cyber intimidation, including specifically the proliferation of spyware and of the hack-for-hire and cyber mercenary industry that makes spyware possible. And even a recognition, for example, in that area that spyware or the activities of this hack-for-hire cyber mercenary industry undermines global cyber security as a whole. And that’s, I think, for us, for example, a very important area that we could see potential progress. And I was heartened that even in the UN Open-Ended Working Group process, the current OEWG chaired by Ambassador Gafoor of Singapore, there was an attempt to name this in the recent draft of the annual periodic report of the OEWG. Unfortunately, it wasn’t accepted, which shows the importance of having a cyber process where we can talk about these issues. But I keep saying we need a little bit of a real-world check. We need to make sure that this OEWG, sorry, the POA, implements the agreed norms in the OEWG, but also talks about the current external threats and also talks about where we need norm evolution. And that way, in fact, I wanted to strongly second what Joyce was saying, that it’s not a choice between one or the other. It’s doing both in one place there. I also just wanted to comment on the real-world politics that drives some of these cyber processes. The fact that, for example, we can go into deeper discussion. I think having a regular fixed place to discuss this is a good thing because I think anyone who follows the OEWG or other processes knows that there is a lot of even fear and uncertainty about having dedicated deep discussions on particular topics because of the sort of shifting nature of the OEWG or even an uncertainty that, okay, if you separate into working groups, you might allow one state or a couple of states to dominate on one issue compared to others. And these are, again, important modality issues to work out there. But I think a regular place that is an existing standing mechanism also provides more comfort to states. That is not something where people are going to try to rush through one agenda. There may be many different things. So we can go deep into detail because I think when you talk to any of the delegates outside of the main committee rooms in even the OEWG right now, many of them acknowledge that we know we need to go deeper. We need to go deeper into current threats. We need to go deeper on concrete things, like, for example, state cooperation on talking about cybersecurity vulnerabilities, vulnerability sharing, joint action, and many other areas, including the always-favorite topic of international law. But no one right now is willing, I think beyond a point, to go deep into this in the OEWG structure. So more progress there would be useful. And I did want to name one more area that I think is interesting, which is the implementation. When we’ve talked about the current OEWG norms, for example, and the GGE norms, rather, as talked about in the OEWG, even areas such as the targeting of CSIRTs, computer security, incident response teams, and others, is an area that we can talk more about and concretely take action. So at least the current key, you could say, first responders who are trying to protect the Internet, trying to advance cybersecurity are not further put at risk. My hope is that we talk about the actors who are immediately right now at risk, and who have perhaps not been able to be served or at least better talked about in the OEWG process. We do challenge the more proliferating actors there, and I would put it to all of you that I think there is space to talk about spyware and to talk about the hack-for-hire industry, because if we let it continue to proliferate, and I’m using that term to provoke the diplomats here in the room, that will in fact reduce cybersecurity as a whole, and as I mentioned, we do need to think about who is actually there. I think if you have a regular form of dialogue, many actors will be there beyond the usual suspects as well, particularly from the cybersecurity community, including those outside of, say, the global north, or even like-minded states, who do have a critical role to play in this, and that’s why I’m very happy that we’re having this conversation in this IGF here in Japan. Thank you, Ali.

Ellie McDonald:
Thank you so much, Rahman. Yeah, very much appreciate and second your remarks, and I thank you also for that reality check and also for grounding our conversation in some of the real-life impacts of these most systemic threats, including spyware and otherwise. So I hope we can pick up on that in the discussion shortly. But I’d also just like to welcome David Fairchild, First Secretary of the Permanent Mission of Canada, and to ask David a question before opening to a more open and interactive dialogue. So David, Canada has played an active role in promoting multi- stakeholder and human-centric approaches to cyber policymaking processes. What are the challenges in ensuring states and other actors can meaningfully input to the POA, and how can these be overcome to ensure a mechanism which benefits all participants?

David Fairchild:
Good morning, and I apologize for being late. Very unprofessional, so excuse me for that. It’s just something I could not avoid this morning. So thank you for the question, Ali, and good morning to everybody and the panelists. I won’t take a lot of time arriving late, but I think it’s very important a couple of questions. Of course, human-centric approach is an issue we’re starting to see more and more in the UN. This relates, I think, largely to efforts by a number of member states, I think, to further entrench the international human rights frameworks into ongoing UN processes. This is an effort I think Canada obviously supports, gender being one primary one that Canada both for its foreign policies and international assistance policies pushes as a bedrock element of our policies. When it comes to multi-stakeholderism and Canada’s efforts, I think if you were to go back and look at Canada’s submissions and activities over the previous years, whether it be the GGEs or Open and Working Group, we’ve tried to make working with the multi-stakeholder community an aspect of our policy development going into these negotiations. And so whether it be on some norms development, preparing our Open and Ended Working Group policy itself, we’ve tried to reach out and work before in the months leading up to develop policies together. So a bit of co-creation. I think we spoke about this in the July session. For us, co-creation is not something scary. I think some member states see sometimes the multi-stakeholder community as antagonistic, contrarian, or perhaps pushing policies that they can’t support. For us, we’ve focused a lot of our efforts in the Latin American region. I see Pablo’s in the room. We support a number of Women in Cyber fellows. We actively support their activities and their work and policy development into these processes. But I think whether it be here or in other UN forums, I think we’ve found that actually the co-creation model actually provides huge benefits. There are views, there are perspectives. I think member states either don’t necessarily have the bench depth, they don’t have some of the expertise that exists in the other civil society communities, academia. And I think we’ve found that actually opening the doors, sitting down, in fact framing some of the policies that we wish to pursue working with certain organizations in a trusted environment has actually allowed us to deepen some of our policy understanding which improves our ability to negotiate in the room. On the human-centric approach, I won’t spend a lot of time because I think that one’s probably been covered off, we see this is becoming quite an important aspect I think in our negotiating position strategically. The human rights framework is, I would argue, somewhat under attack. I think we wish to ensure that as we transition hopefully to program of action, but we also see this in other UN processes, that we ensure that the root of much of what we’re trying to do is framed within the human rights framework context, which I think is a disputed space unfortunately. I think I’ll stop there for now.

Ellie McDonald:
Thank you so much, David. I always really appreciate Canada’s support for multi-stakeholders and advocacy for the value of co-creation in these spaces. So we now have some time for discussion, for questions. For those in the room, please use these microphones. If you’d like to ask a question, please walk up to them and then I can hand the mic over to you. For those virtually, please place your questions in the chat. Kirti, do we have any questions online? Not at the moment. I will also share at the start of the discussion, we shared the details of a Slido with a poll to ask views and perspectives on the POA. They’ve been coming in throughout the discussion, so perhaps while we wait for some questions, I can share some of the inputs that have been made. In terms of reflecting, sharing perspectives on the POA, participants have commented that the POA should be a shared responsibilities of different actors, that it should be actionable and permanent. Some have also commented that it’s undefined. Others have noted the value of it being inclusive. And speaking to the point of inclusivity, others have noted that it’s predominantly state-based. We then asked if participants have inputted to dialogue on the POA. Some have, through member states, through engagement at the open-ended working group and through civil society consultation. And when we asked if they felt their views had been incorporated, there was a spectrum of opinion on that point. So unless we have any questions online or in person, not yet, I’ll just pose a question. Please go ahead when you get to the mic.

Audience:
Okay, right, good morning. Thank you. Jennifer Bramlett. I work with the Counterterrorism Executive Directorate with the Security Council’s Counterterrorism Committee. We talked about the threat landscape and, of course, what we’re looking at from the counterterrorism point of view is basically how violent extremists and terrorists can misuse cyber capacities to conduct terrorist attacks. We’re focused very much on content, very much on purchase of weapons, use of the dark web, use of drones, use, you know, financing of terrorism, etc., etc., through cyber means, largely because we can’t really talk about cybersecurity. The mandate for cybersecurity in the Security Council is limited to the protection of critical infrastructure from terrorist attacks. We’re even somewhat limited to talking about the types of cyber attacks that terrorists could conduct against critical infrastructure. There, we have kind of a no-go zone, particularly when it comes to anything that could smack of state sponsored cyber warfare. We can’t even approach it, so we have a very, very, very narrow window in cybersecurity in the Security Council, and what this means is that CTED and the UN Office on Counterterrorism are very limited in the types of technical assistance and capacity building that we can do. So UN OCT, and, you know, it’s not normal for CTED to promote OCT, but here we are. They’ve put out some very good knowledge products. They’re available on OCT’s website. It’s through the OCT program on cyber and emerging technologies, and, again, they’ve put out a practical guide for first responders to an event of what to look for in terms of e-evidence, how to process it, etc. There are a number of other really interesting guidelines, but the focus of the work is largely on open-source intelligence, training law enforcement officers and security officers how to comb through and look for content because of this limitation, and so where I’m going with this is really to see, like, and to encourage the work of OEWG, the work of the other bodies in the UN on the General Assembly side of the House to start to bring this language into the counterterrorism strategy and to bring it in through negotiations with member states into the Security Council area so that we can work on it more effectively. With regards to human rights, just to point out that OHCHR and the Special Rapporteur for Human Rights and Counterterrorism have very emphatically stated that international law frameworks, including international human rights law, applies equally online as offline, and that’s language that, you know, from my perspective, I’d like to see that repeated more often and brought into UN architectures and reports to emphasize that because, again, that helps me to be able to talk more specifically about human rights and not having to debate that, that human rights, yes, apply equally online as offline. And then, finally, CTED’s in the process of finalizing the drafting for the non-binding guiding principles for member states on ICT and preventing and countering their exploitation for terrorist purposes, and, you know, granted it will be a negotiated document, but I do invite you to reach out to me or to my office if there is language that you want to see. I did 14 rounds of negotiations and consultations with civil society, academia, with UN partners, IROs, etc., but there’s still room for language to come in, and if there’s language that’s being developed for the POA that could be rolled into these non-binding guiding principles for member states, because implementation of regulations and everything else is going to be very important, kind of the downstream piece, then please do. Thank you very much.

Ellie McDonald:
And thank you very much for that very helpful contribution, and I don’t, I think there was some really helpful remarks there, and I wonder if anyone wants to react to them? Yeah, Henri?

Henri Verdier:
So you did have a small view on the vast diversity of topics, actors, and that’s very interesting, and thank you for the opportunity. I would like to put the emphasis of one very important aspect. We did all mention implementation, action-oriented, etc., but the big question is, can we build peace, stability, and security just with norms? Just with promises of good behavior, and my view, our view, is that that’s not enough. Norms, law matters, of course, a lot, but we are speaking about the cyberspace. I was thinking a long time before Tolkien wrote The Lord of the Rings, Plato, do you remember, wrote about the Ring of Giges. Do you remember this text? And the question was, if I can be invisible, will I remain ethical? And Plato said, no, if I’m invisible. And the question is, in the cyberspace, can we build more resilience? And to build resilience, we need to go a bit further than norms and texts. We need to help everyone to have good infrastructures. We need to help everyone to have good organization to build capacities, and I’m very serious, because as I said, the next step in the cyber warfare, or terrorist attack, or hybrid threat, is that everyone will attack someone through another country and will remain invisible, not eternally, but during a few weeks, which is enough to destabilize or to change the course of conflict. So the question is, the real reason why we did propose to go further than DGEs and Open-Ended Working Group, is that we consider that if we want peace, stability, security, you need to introduce within, not just a conversation, but the work, design of infrastructures, capacity building, etc. And that’s very important, because that’s a bit new in the first committee. We have to think not just in terms of international law, but also in terms of building security, which is a step further. And I want to emphasize this, because this is the reason why it was so long, because we did change the framework of the conversation, but also why there is some interest on this, and we really need to go in this direction. Thank you.

Ellie McDonald:
Thank you, Ambassador Verdier. Romain, I think, wish to respond. I might ask you just to be brief, so that we also have time for some final remarks.

Raman Jit Singh:
Thank you. Thank you for the question, I think it’s an excellent one, and a comment also about all these different issues and equities that play in cyber conversation in the UN. And I think that’s one important part of, as you built out the POA still, right, I think you’ve hit that very importantly. There are going to be many other cyber conversations, some that will take direction or steer from the POA, but others that may continue independently. My suspicion is that the counterterrorism debate is one that is still fairly complicated, particularly because of the sensitive nature or the contested nature of discussions around non-state actors in the existing OEWG process and elsewhere, that there may still be some lack of clarity for a while. And in a sense, many actors would have to depend on the Delhi Declaration and what came out of the Counterterrorism Committee and Security Council. But I think, again, naming that right, that the role of the POA with regards to Security Council overall is going to be that sort of tricky area that we need to think about it further. I did want to, like, strongly, like, second what, you know, Henry said, it’s not just about norms, it’s about thinking through security and how we implement it. I think that that is why I’m also interested very specifically on how human rights and human rights defenders come into the conversation, because the conversation in the OEWG is being challenging for humanitarian actors and international humanitarian law. I suspect there’s still a lot of resistance to talking about targeting of HRDs, and if one were to talk about HRDs, counterterrorism, and cyber as well, it’s even more contested. So I think we should go there. That’s exactly where we should land in a few years. I suspect in the initial period, everyone’s going to shy away from it.

Ellie McDonald:
Just a brief reaction from Joyce before our final remarks. Thank you. Very briefly,

Joyce Hakmeh:
I think you raise a very important point, and building on what Rahman said, I mean, you know, how can, and it’s important, actually, that it’s coming from someone within the UN system. I mean, we struggle with the fact that the UN cyber processes do not connect with each other, right? And you’re raising a larger point, how can they connect with other issues? And Rahman talked about the sensitivities, and I think, to me, this is really where the multi-stakeholders can play a very important role, right? Kind of in understanding where they connect, understanding where the linkages are, where the overlaps are, and bringing them to the table, and hopefully the POA can be a vehicle for doing that.

Ellie McDonald:
Thank you so much, Joyce. I’d now like to turn to speakers just for their final remarks, and I ask that you maybe take no more than 30 seconds, a minute, if possible. But in those final remarks, I would be keen particularly to hear your views on the next steps, and specifically how the wider community and stakeholders can become more involved in these discussions. So I’d like to turn first to Ambassador Verdier, if you’re ready, or else to another speaker.

Henri Verdier:
I’ve made my final remark. I think security in a world where you can be

David Hevey:
invisible. Thank you. And Dave? Thank you. I really want to pick up on three things as mentioned before. Actionable, permanent, and inclusive. Absolutely hear you. Australia does. I think that’s why Australia is advocating the participation of all member states, all countries, and non-state actors. That was in our messaging, and we really want to emphasize that. Permanent, absolutely. Again, that’s why we highlighted that. We see the POA as a means to do that. The POA in itself does that. And actionable, that’s why, again, we absolutely support the emphasis and focus on the capacity building there, too. Thank you.

Ellie McDonald:
Ali and Joyce? Thanks, Ali.

Joyce Hakmeh:
I think it’s heartening to hear about how multi-stakeholderism and the inclusion aspect is being pushed for by some of the pioneers of this initiative, and we look forward to hopefully seeing this initiative as one, you know, sort of like moving the conversation beyond just should the multi-stakeholders be in the room, to actually how do we work better together.

Ellie McDonald:
Thank you, Joyce. Raman, may I turn to you?

Raman Jit Singh:
Participation is crucial. I think, in fact, there I am worried that the POA is still one more cyber process anchored in UN headquarter locations and not internationally. And just actionable things. Many of the governments and actors here, are there consultations on the POA process in your capitals or where you are? That’s maybe an immediate next step. I’ll leave this with you. Participation is crucial. Frankness and ambition is, as if not even more important.

David Fairchild:
Okay, well, last word to me. Yeah, just thanks very much, and I think much of what I said is already covered off here. It’s about equity and agency. I’ve said this for a long time. I mean, cyberspace is a co-owned space. I think member states have to recognize that. The POA is an aggregator. There are lots of strands of works. It will only increase as we look at the bridging the digital divide and accelerating connectivity. Cyber resilience, which was mentioned, I think is a developmental issue closely linked to cybersecurity, and that is only going to expand as we try to bring on the last 2.6. For Canada, involvement, the POA for us is just simply the way to institutionalize that dialogue and provide a platform to bring people together to work through the issues and look at ways to bridge the gaps, so from a capacity-building perspective. Thank you.

Ellie McDonald:
Thank you so much to all the speakers for those important reflections. I hope we can capture them in the report, and then just to conclude with some very short summary reflections. I think we’ve heard that the POA would be only the next step in a long history and evolution of discussions on cyber at the UN, that it must implement the framework, but that it must also allow for evolving discussions, but indeed that it’s also more than the framework. It must allow for capacity-building and operationalization of discussions within it, but also that it must walk the talk and respond to real-life events and to threats, that a diversity of views must inform it, and indeed that as a mechanism it must be co-created and co-owned. With that, I would like to thank you for your time, for your participation in the poll, and wish you a happy rest of your time at the IGF. Thank you.

Audience

Speech speed

164 words per minute

Speech length

660 words

Speech time

241 secs

David Fairchild

Speech speed

172 words per minute

Speech length

787 words

Speech time

275 secs

David Hevey

Speech speed

139 words per minute

Speech length

772 words

Speech time

333 secs

Ellie McDonald

Speech speed

155 words per minute

Speech length

2767 words

Speech time

1072 secs

Henri Verdier

Speech speed

150 words per minute

Speech length

1450 words

Speech time

579 secs

Joyce Hakmeh

Speech speed

202 words per minute

Speech length

1569 words

Speech time

465 secs

Raman Jit Singh

Speech speed

217 words per minute

Speech length

1872 words

Speech time

519 secs