Geneva Dialogue on Responsible Behaviour in Cyberspace
The Geneva Dialogue on Responsible Behaviour in Cyberspace (Geneva Dialogue) is an international process established in 2018 to map the roles and responsibilities of non-state stakeholders – private sector, civil society, academia, and technical community – in contributing to greater security and stability in cyberspace.
It is led by the Swiss Federal Department of Foreign Affairs (FDFA) and implemented by DiploFoundation, with support of the Republic and State of Geneva, C4DT, Swisscom and UBS.
Challenges
The ICT infrastructure that makes the internet such a unique and valuable place is neither owned or operated by states, nor do states have the sole ability to govern it, due to its transnational nature. In fact, most of the ICT infrastructure is owned and operated by thousands of private companies, which also produce the devices, from traditional computers to medical devices, connecting to, and utilising the internet. In addition, technical community sets the standards and has the hands-on knowledge and expertise on running and securing the ICT environment, while civil society, with its broad understanding of social and economic context, wide networks, and ability to reach out to end-users, plays and can play an important role to enhance citizens’ awareness and advocate for their safety and rights.
These stakeholders are often only spectators to the normative processes by states, yet, in the end, play an important role for the implementation of the state-led diplomatic agreements.
Meanwhile, digital products are ubiquitous and underpin the functioning of modern society. The fact that they can be vulnerable means they can be abused by other actors for malicious purposes. This raises security concerns at various levels – from the security of particular users, to matters of international peace and security. States carry primary responsibility for security of its citizens and infrastructure; however, this responsibility is not absolute, as it is clear that they cannot meet these expectations about cyberspace without engaging with other actors: a cooperation between states, private sector, academia, civil society, and technical community is required to ensure an open, secure, accessible, and peaceful cyberspace.
Norms of responsible behaviour in cyberspace, adopted within the UN and which are further discussed in the UN Open-Ended Working Group (OEWG), give common guidance to what states are expected to do to ensure stability of cyberspace, including the security of digital products. But what are these other actors expected to do to support the implementation of those norms? Where and how can they support states in ensuring the security and stability of cyberspace, along with promoting responsible behaviour in it? What challenges may they face along the way, and how to address them through dialogue with states and other stakeholders?
Goals and Value
The Geneva Dialogue investigates the consequences of agreed upon cyber norms for relevant non-state stakeholders from the private sector, academia, civil society, and technical community, and tries to clarify their roles and responsibilities. It does not aim to find consensus, but to document agreement or disagreement on the roles and responsibilities as well as concrete steps each stakeholder could take, and the relevant good practices as examples. For this, the Dialogue has invited over 50 experts and representatives of stakeholders around the world to discuss their roles and responsibilities, and the implementation of these cyber norms in this context.
The results – published in the form of the Geneva Manual – offer possible guidance for the international community in advancing the implementation of the existing norms and establishing good practices. The Geneva Manual also reflects the diverse views of relevant non-state stakeholders and outlines some of the open questions to which the Dialogue has yet to provide answers, but which are important for a better understanding of challenges by states. The first chapter of the Geneva Manual discusses the implementation of the norms related to ICT supply chain security and responsible reporting of ICT vulnerabilities.
Through the next phase in 2024, the Geneva Dialogue analyses the implementation of existing cyber norms and confidence-building measures (CBMs) related to critical infrastructure protection (CIP).
Results and publications
- Geneva Dialogue on Responsible Behaviour in Cyberspace: Private Sector. Framework Document, November 2018
- Geneva Dialogue on Responsible Behaviour in Cyberspace: Civil Society. Framework Document, November 2018
- Phase 1 Report by Camino Kavanagh and Paul Cornish, May 2019
- Output report ‘Security of digital products and services: Reducing vulnerabilities and secure design: Good practices’, November 2020
- Report and messages on ‘Security of digital products and international standards’, May 2021
- Report and messages on ‘Security of digital products and the regulatory environment’, September 2021
- Comparative analysis of Governance Approaches to the Security of Digital Products, November 2021
- Geneva Manual on Responsible Behaviour in Cyberspace, Chapter 1: The implementation of the agreed cyber norms on ICT supply chain security and responsible reporting of ICT vulnerabilities by non-state stakeholders, December 2023