The UN GGE - United Nations Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security - is a UN-mandated working group in the field of information security. Six working groups were established since 2004. The UN GGE can be credited with two major achievements: outlining the global cybersecurity agenda, and introducing the principle that international law applies to the digital space.
5 December 2018, New York: UN General assembly adopted the resolution A/RES/73/27 that establishes an open-ended working group, acting on the basis of consensus, for the further development of norms and principles of responsible behavior of states in cyberspace and ways of their implementation. The group will come up with the final report on the 75 session of the UN General Assembly. The first organizational meeting is scheduled in June 2019.
There is evidence from official documents and media coverage that countries are increasingly investing in both offensive cyber-capabilities.
Reports are the main outcome of the UN GGE's work. Although the reports are not legally binding, they carry significant influence in the field of global cybersecurity. They are frequently referred to in the main ICANN and Internet policy documents.
The 2015 UN GGE Report includes:
The 2013 UN GGE Report includes:
The 2010 UN GGE report includes recommendations for:
Excerpts from UNIDIR's Report on the International Security Cyber Issues Workshop Series:
GGEs are composed “on the basis of equitable geographical distribution”. The five permanent members of the Security Council traditionally have a seat on all GGEs, and the remaining seats are allocated by UN regional grouping. States often send an official request for a seat on a GGE of particular interest to them, and might even lobby at the highest levels of the Secretariat for a place at the table. The Office of the High Representative for Disarmament has the task of proposing the Group’s composition to the Secretary-General, taking into account not only geographical and political balance, but a demonstrated interest in the topic, the number of times that a country has served on other GGEs, whether they are currently serving on a different GGE, etc. Occasionally a government might decline to participate in a GGE if it believes it lacks the personnel or expertise necessary for the work.
Once the countries have been identified, they are asked to nominate an expert to participate in the GGE. In almost all cases, these experts are government officials. There was a mix of experts in the early GGEs on information security, some with diplomatic and others with technical backgrounds. Over time, the composition of the experts has changed, as nations have moved to select experts with diplomatic, arms control, or non-proliferation experience. Experts from technical backgrounds can be “left behind” in the sometimes intense diplomatic negotiations that accompany a GGE.
Each GGE selects a Chair from among its members. A strong and skilful Chair is vital to the success of the group. The Russian Federation chaired in 2005 and 2010, Australia in 2013, Brazil in 2015 and Germany in 2016. While it is the experts who sit at the table (there are no “delegations”), some experts are accompanied by advisers. In the recent GGEs, legal advisers have been particularly common.
The Group, guided by the Chair and shaped by the mandate included in the General Assembly resolution, largely determines its own agenda and work plan. Work, particularly commenting on drafts and informal consultations, is often conducted intersessionally.
Most GGEs meet for four one-week sessions. The Group holds its meetings in the UN format, sitting for six hours a day (from 10 a.m. to 1p.m., and then again from 3 p.m. to 6 p.m.), with simultaneous interpretation into all six official languages of the UN. The GGE’s meetings are closed and there are no publicly available meeting summaries. The closed door format is essential for the frank discussion that GGEs require to find agreement. Thus there are also no observers - whether representatives from other governments, non-governmental organizations, the private sector or international organizations such as the International Committee of the Red Cross. On more than one occasion it has been suggested that the International Telecommunications Union (ITU), the UN specialized agency responsible for developing technical standards for information and communications technologies (ICTs), might be invited to observe the group. However, the General Assembly mandates place the work of the GGEs squarely in the realm of international security and disarmament and thus not as a technical exercise.
Decisions, including decision on the final Report, are made by consensus.
That the GGE falls under the UN’s First Committee has important implications for how the Group interprets its mandate, by focusing and narrowing the scope of the task. The First Committee is a Main Committee of the General Assembly and is allocated agenda items on disarmament and international security. GGEs have decided after multiple discussions that issues that are not under the purview of the First Committee - such as espionage, Internet governance, development and digital privacy - are not the focus of the Group’s work. While terrorism and crime are important topics for understanding cybersecurity, previous GGEs have limited themselves to calling for greater cooperation among States, while deciding that detailed discussion of these topics and the development of recommendations for them is best done in other UN bodies.
A number of issues have been at the centre of the UN GGE's debate, including:
The UN Office for Disarmament Affairs is the institutional home to the UN GGE.
The UN Institute for Disarmament Research (UNIDIR) provides expertise for the UN GGE's work.
The UN General Assembly's First Committee deals with disarmament and related security issues.