Cyberspace has emerged as a new battlefield for nation states, one that is simultaneously also central to civilian economies and modern society. Each year, governments continue to invest greater resources in offensive capabilities in cyberspace that maliciously exploit peaceful technologies. Even in peacetime, these cyber-weapons threaten to disrupt and damage civilians’ personal and professional existences, and in war they could destroy them. This is the sobering state of affairs, driven by escalating geopolitical tensions and a new arms race in cyberspace.
To its credit, the United Nations (UN) has long since recognized this emerging reality. Cybersecurity first became an agenda item for the United Nations General Assembly (UNGA) in 1999, when resolution 53/70 on “Developments in the Field of Information and Telecommunications in the Context of International Security” was adopted. Since then, the debate on the topic has continued, with a significant breakthrough in the 2015 report of the Group of Governmental Experts (UNGGE) on the subject, which agreed on 11 norms for responsible behavior, as well as on the applicability of international law in cyberspace.
The Cybersecurity Tech Accord signatories are pleased that the UN continues to engage in this process and welcomes the two resolutions that were adopted last December and which are set to frame the conversation going forward. With this in mind, we encourage states to ensure that the new UNGGE and the Open Ended Working Group (OEWG) are coordinated and complementary efforts that advance the discussion of what constitutes responsible state behavior in cyberspace. Backtracking on the agreed-upon consensus of the 2015 report, or creating a path that purposefully seeks to create two adversarial camps in this work, would be counterproductive to global security, stability, and prosperity, both online and off.
Moreover, despite rumors of opening the discussion to input from non-governmental entities, we remain concerned that neither UN initiative will uphold a critical commitment to multi-stakeholder inclusion in their respective processes. We understand that the UNGGE will consult with regional intergovernmental organisations, as well as a broader set of states. However, to date, there seems to be limited opportunity for the private sector or civil society to provide input. Meanwhile, though the OEWG seems to provide a broader framework for non-state actor engagement, it remains as yet unclear what form that engagement will take.
Both the UNGGE and the OEWG should take note of the achievements of recent multi-stakeholder efforts to promote cybersecurity that effectively leveraged the expertise and perspectives of private industry and civil society. Chief among these examples is the Paris Call for Trust and Security in Cyberspace, which was first announced last November and which today has over 500 signatories – including 65 governments and numerous global companies and civil society groups. Due to the deliberative and inclusive process in its development, the Cybersecurity Tech Accord was proud to sign the Paris Call in November and endorse the principles it established.
While states clearly have a leading role to play in creating and upholding a normative framework for behavior, a multi-stakeholder community must also play a pivotal role in providing input and helping set direction for these discussions as they relate to cyberspace. After all, it is the private sector that continues to sustain damage and an erosion of trust due to state-driven and state-sponsored attacks. An informed and inclusive discussion of this subject should take into account these and other perspectives to recognize what is at stake and identify appropriate pathways forward.
Cyberspace needs to be protected for the good of states, citizens, and businesses alike. Security online would benefit from agreed-upon standards of behavior amongst states, allowing them to protect their national interests without endangering cyberspace and everything and everyone that depends upon its integrity. To this end, the Cybersecurity Tech Accord signatories hope that both the UNGGE and OEWG will welcome multi-stakeholder support of their efforts and allow for an industry perspective on cyberspace protections.