2-4 December, New York – This week, representatives of the Cybersecurity Tech Accord joined over 100 organizations, and as many United Nations (UN) member states for a first-of-its kind multistakeholder dialogue on promoting international peace and stability in cyberspace.
The consultative meetings were part of the ongoing efforts of the Open-Ended Working Group on information security (OEWG), established by the UN General Assembly to address global cybersecurity challenges and advance expectations for responsible state behavior online. Amidst an escalating number of sophisticated cyberattacks, which harm individuals and organizations of all sizes around the world, UN leadership has never been more important. Equally important, however, is the inclusion of multistakeholder voices in these discussions, which is why it was so encouraging to see the OEWG open its doors to participation by nonstate delegations this week.
As the owners and operators of the majority of the global ICT infrastructure, the technology industry has access to unique insights and expertise that are essential for protecting this infrastructure from cyber threats. Similarly, academia and civil society organizations brought invaluable perspectives of their own, and their vivid descriptions of the impact that cyberattacks and cyber conflict can have on civilians particularly resonated in the room. Over the course of the three-day meeting, there was robust debate and some points of disagreement between stakeholders, but there was far more consensus overall and several priorities, trends and themes emerged across stakeholder groups, including on:
- Threats: The UN needs to adopt a human-centric approach to improving cybersecurity, appreciating that victims of cyberattacks are disproportionately from vulnerable populations and in nations coming online for the first time.
- Capacity building: Cybersecurity capacity building efforts need to be more robust, and more responsive to local contexts, to improve overall cybersecurity.
- Rules and norms: Development of norms and rules for responsible behavior in cyberspace needs to be more transparent. There needs to be a clear focus on prohibiting attacks on essential infrastructure, as well as preserving strong encryption.
- Accountability: In addition to norms and rules for cyberspace, states need to be held accountable for living up to these expectations via international systems and structures.
- Inclusion: Multistakeholder participation in these discussions at the UN, and elsewhere, needs to become the standard expectation, not the exception.
We were encouraged by the constructive atmosphere of the meeting and by the desire expressed by all participants to translate these discussions into actionable commitments by states. For our part, the Cybersecurity Tech Accord listened intently, and delivered several statements on how the technology industry perceives these critical issues, and how we believe they should be approached. We stressed the importance of multistakeholder collaboration in both designing and implementing clear rules of state behavior.
We also gave an overview of what the group has done so far to contribute to this dialogue. The commitment to have all signatories adopt vulnerability disclosure policies was highlighted, as well as our call to governments to adopt their own vulnerabilities equities processes. In addition, the Cybersecurity Tech Accord representative spoke about the value of well-structured confidence building measures in cyberspace, and elaborated upon the recommendations we provided on the subject earlier this year. We presented the group’s support for cybersecurity capacity building through our webinar series, developed in partnership with the Global Forum on Cyber Expertise (GFCE), and for cybersecurity awareness raising in our review and guidance on awareness initiatives in the Commonwealth of Nations, developed in partnership with the UK’s Foreign and Commonwealth Office.
But more than anything, we emphasized that action to reduce tensions in, and increase the stability of, cyberspace is needed today, and that such action cannot be taken in isolation. It is time for this community, comprised of representatives from across industry, civil society, and governments, to work together on concrete actions to secure our digital ecosystem. The fruitful discussions that took place this week should not be the end, but the beginning of a collaborative process. They need not be constrained to any single venue, as progress can and should be made across different forums and institutions. However, the UN is in a unique position to recognize where there is commonality and agreement across forums, institutions and stakeholder groups, and to then codify that agreement to achieve meaningful progress.
We hope that our contributions, as well as those of the other participants, have provided useful insights to the UN member states participating in the OEWG, both on the technological possibilities and the priorities weighing on the minds of the technology industry. The Cybersecurity Tech Accord signatories stand ready to provide further input and are also ready to learn from other participants in what we hope will be a continuation of this important debate.