The United Nations Institute for Disarmament Research (UNIDIR) held a conference on cyber stability on the theme of strengthening global engagement’. A total of four sessions were held on: the benefits of a secure and stable cyberspace; productive multistakeholder engagement; operationalisation of norms with the private sector and technical communities; and, cyber stability within the UN framework.
In her opening remarks, Ms Izumi Nakamitsu (UN Under-Secretary-General of Disarmament Affairs) highlighted that a lot of work has been done in the cyber field in the past and that now is the time to build on that. Nakamitsu also pointed out that stakeholders need to forge a collective vision of what they want to achieve in the digital environment and ensure inclusivity through a multistakeholder approach.
The participants of the conference also emphasised the importance of including different actors in discussions on cyber, in particular in the UN Group of Governmental Experts (UN GGE) and the Open-ended Working Group (OEWG), given that it is a topic of concern to a wide range of actors. They noted that the involvement of stakeholders from regional organisations, the private sector, civil society, academia, and the public is crucial for a stable cyber environment.
Role of stakeholders
The speakers agreed that as access to the Internet grows, so does the eagerness of actors to get involved in discussions on cyber stability. Ms Norah Mulira (Board Member of the Uganda Communications Commission) observed that there is a need to communicate with the youth because ‘this is their technology to take’ given that, in certain parts of the world, they constitute the majority of the population.
Ms Sheetal Kumara (Programme Lead at Global Partners Digital) addressed the role that civil society could play in cyber discussions. Kumara noted that the inclusion of civil society is important primarily because it is a diverse group of actors that possesses a wide range of expertise. She added that civil society should be involved in the discussions from the beginning and that it could help place cyber issues on the agenda.
Mr Olaf Kolkman (Chief Internet Technology Officer at Internet Society) stressed that the technical community can bring a sense of realism and complexity of the environment to the discussion. Kolkman highlighted two reasons why it is important to include the technologists. First, if they are absent from discussions, the end result might be a fragmented Internet. Second, they have an overview of technological developments and therefore can provide advice on policy measures.
The UN GGE and OEWG
The speakers also touched upon the UN GGE and the OEWG. Mr Tim Maurer (Co-director of the Cyber Policy Initiative and Fellow at the Carnegie Endowment for International Peace) pointed out that there is a need to see how the UN GGE and the OEWG can complement each other. Maurer noted that expectations on what can be achieved in these two processes need to be realistic given that the multilateral landscape is facing challenges. He observed that transparency as to how governments perceive cyberspace, as well as what their main security concerns are, could help the two processes.
Mr Anton Shingarev (Vice President of Public Affairs at Kaspersky Lab) , stressed that he expects a positive movement in the GGE because of the involvement of the private sector. Shingarev added that the process itself should be less political and more technical as this would allow companies to share their views on how things should be done.
Mr Jan Neutze (Senior Director, Digital Diplomacy & Head, Cybersecurity and Democracy Team, Microsoft) observed that there is an increased interest to hear from the broader community at these two processes. Neutze underscored that the broader community should be perceived as an asset and that their shared knowledge should be incorporated into the actual negotiations, which are mostly reserved for states. He added that the actors should be conscious about the urgency of the issue, given that we live in an environment where intended and unintended consequences are possible, and that there is an element of systemic risk.
Ms Kerry-Ann Barrett (Organisation of American States (OAS)) shared how the OWEG can learn from the OAS processes. She pointed out that the OAS has always had an open, multilateral, and multistakeholder process. They have involved the private sector (as the leader in the cyberspace) in discussions on confidence building measures, as well as other actors including civil society and non-member states. Berrett specified that multistakeholderism should also apply within stakeholder groups so that experience can cross-feed.
Capacity-building also featured on the discussion agenda. It was highlighted that the African region has been outpaced by technological development and that better capacity building, sharing of previously done work, and consensus on priorities, interests, and notions is required. Mr Frederick Douzet (Professor at the French Institute of Geopolitics, Paris 8 University, Center GEODE) observed that capacity building and training could help countries address the differences in capabilities, differences in cyberspace development, and differences in terms of risk (geopolitical context).
Ms Anne-Rachel Inne Through (Executive Director of Government Affairs and Public Policy at the American Registry for Internet Numbers (ARIN)) explained that regional Internet registries encourage the adoption of best practices, conduct awareness raising, and provide bottom-up and top-down training and education. However, the biggest challenge with regional Internet registries and technical organisations is that they do not have the power to enforce their recommendations.
Operationalisation of norms
Mr Chris Nissen (Director at the MITRE Corporation) observed that companies are doing very little about supply chain security and integrity of − a UN GGE 2015 norm. Niessen specified that supply chain amounts to third-party risk and that nobody should be accepting third-party risk. He went on to state that governments could do a lot of work on norms through policies and legislation, but also, technology. Moreover, Niessen pointed out that it is necessary to rethink what international communications organisations such as the International Telecommunication Union (ITU) do, primarily because they do not reflect the environment that we have today.
Mr Andy Purdy (Chief Security Officer at Huawei Technologies) said that norms can make a tremendous contribution to the stability of cyberspace, and ultimately, international peace and security. Purdy highlighted that it is important to create incentives for companies to manage their risks and put in place safety mechanisms.
Ms Eva Schulz-Kamm (Global Head of Government Affairs at Siemens) referred to the Charter of Trust as a step towards improving cybersecurity. Given that cybersecurity is a field that is often risk-associated, the Charter, which contains 10 principles (10 norms), is intended to raise awareness, but also, to establish rules and standards. However, important efforts at an international level are required in order to increase the level of trust and establish a common understanding of cybersecurity requirements and rules.
High-level Panel on Digital Cooperation
Mr Jovan Kurbalija (Executive Director, Secretariat, UN High-level Panel on Digital Cooperation (HLP)) gave an overview of the Panel’s work over the past nine months. Kurbalija observed that a number of calls (the Paris Call, Christchurch Call, etc.) have been made on digital and cyber challenges, and that the underlying question is whether there are mechanisms where these calls can be answered. Kurbalija pointed out that the Panel sought to identify the gaps in the existing mechanisms on digital co-operation. The gaps that the Panel singled out include: a lack of reciprocity between initiatives and perspectives; little knowledge about what is going on in cyberspace; and, a lack of substantive inclusion.
Kurbalija went on to explain that the HLP identified the core functions that the mechanisms should perform in order to deal with these gaps, but also discussed the possible three architecture forms that should employ these core functions. Moreover, he emphasised that the UN has a unique understanding of societies and communities worldwide and that it can be a crucial partner for the tech community. Kurbalija said that the UN should make good use of its internal assets.
The participants of the conference agreed that the cyber issues require urgency and that stakeholders need to act together and fast in order to keep pace with this fast changing landscape.