[Read more session reports and updates from the 14th Internet Governance Forum]
The world of cybersecurity is rapidly evolving, requiring various levels of co-operation, knowledge sharing, and sustained dialogue about norms. The national and regional IGF initiatives (NRIs) of Japan, Brazil, USA, South Korea, North Macedonia, Italy, and EuroDIG discussed their approaches, experiences, and perspectives on cybersecurity and cyber safety.
With numerous simultaneous ‘norm-making’ initiatives underway around the world, much of the discussion formed around the role of norms in cybersecurity and in which they are developed. Mr Koichiro Komiyama (Japan IGF) highlighted a few of the key processes currently focused on norms: the Global Commission on the Stability of Cyberspace (GCSC), UN Group of Governmental Experts (UN GGE), Siemens’ Charter of Trust, and Tim Berners-Lee’s Contract for the Web.
As Ms Tatiana Tropina (EuroDIG) stated, the global community has seemingly turned into a norm-making machine, but has had more difficulty with respect to the implementation of norms. In line with this, there was a lot of emphasis on the importance of involving a wide range of stakeholders: the technical community, the private sector, civil society, and governments, including military and intelligence agencies.
While the multistakeholder process was featured heavily, it was also argued that we need to avoid looking at multilateral and multistakeholder cybersecurity processes as exclusively competitive, but as possible opportunities for collaborative work. In further discussion on the appropriate role of government, Ms Melinda Clem (IGF-USA) stated that the government often acts as a convening body that brings together the necessary parties to ensure their feedback is included for any potential legislative or regulatory action.
Establishing norms is just one form of collaboration that is essential to improving cybersecurity. Mr Predrag Tasevski (North Macedonia IGF) provided a great example of what co-operation can do to develop capacity around cybersecurity in developing states. He said that as recently as 2016, North Macedonia was falling far behind in cybersecurity, but is now taking strong strategic steps nationally and partnering with international organisations. He highlighted SEE as a great example of regional co-operation, where computer emergency response teams (CERTs) meet at least twice a year to share knowledge and good practices.
While co-operation between governments is very important, Mr Eun Chang Choi (South Korea IGF) noted the importance of building industry capacity and fostering private sector co-operation. He highlighted that information sharing is absolutely essential to the timely identification of threats. Choi mentioned that if you are receiving information about threats in the ‘gray market’, these threats may be several years old. Ultimately, he said, we do not need international agreements, we just need to start sharing information.
Clem, reiterated the importance of engaging the private sector, stating that, ‘We operate services. We might be headquartered in one country, but we have offices and data centers, and provide services throughout the world. So we are an important actor for collaboration. We have relationships with governments beyond CERTs, including various cyber defense or cybersecurity organisations.’
Ultimately, the discussion demonstrated that co-operation in cybersecurity has many dimensions that are organised in different ways. Whether co-operation is between governments, between companies, between governments and companies, or a multistakeholder process; co-operation around developing norms and cybersecurity practice are improved and more efficient when stakeholders work together.
By Dustin Loup