Cybersecurity discussions at the United Nations: Let drafting begin!

In 2019, the United Nations (UN) restarted their discussions on international peace and stability in cyberspace. The Cybersecurity Tech Accord signatories have welcomed this step as critical to our ability to increase the resilience of our common online environment, and have sought to constructively contribute whenever possible, whether through the relevant Group of Governmental Experts (GGE), Open-Ended Working Group (OEWG), or the High-Level Panel on Digital Cooperation. We were particularly honored to have been able to participate at the UN Intersessional meeting this past December, which included numerous participants not just from governments, but from civil society, and industry as well.

We are, therefore, excited about the next step in these processes – the consolidation of different views and discussions into a report that includes a set of concrete recommendations that will allow us to collectively build a more peaceful online world. In a move that needs to be praised for its transparency, the OEWG was first out of the gate and published its draft report for consultation with the deadline of 3rd April.

Most of the report serves to summarize the discussions in the OEWG so far, which might leave some observers feeling underwhelmed. Upon a closer read however, this summary represents an extremely helpful contribution to the discourse, as it in one place highlights the differences in approaches and in interpretation that exists among the UN members today.  Moreover, the report does conclude with a set of recommendations encouraging governments to continue to work on different aspects of international security of cyberspace.

Most noteworthy include:

  • The International Law Commission be requested by the General Assembly to undertake a study of national views and practice on how international law applies in the use of ICTs by states in the context of international security.
  • The Secretary-General be requested to establish a repository of national practices regarding international rules, norms and principles of responsible behavior of states, which could be further developed into guidance on implementation.
  • The Secretary-General be requested to establish a repository of CBMs adopted at regional and sub-regional levels to enable the sharing or exchange of information on CBMs and identify potential capacity and resource gaps.
  • The Secretary-General be requested to establish, in coordination with interested regional and sub-regional bodies, a global registry of national Points of Contacts at the policy or diplomatic level, bearing in mind coordination with other such registries, including at the regional and subregional levels. 
  • The Secretary-General be requested to establish a global mechanism for enhancing coherence in capacity-building efforts in the use of ICTs, possibly in the form of a facilitation mechanism, in coordination with existing efforts, including at the regional and sub-regional levels.
  • Member States be encouraged to further cooperate to build capacity to identify and protect national and transnational critical infrastructure as well as supranational critical information infrastructure.
  • The 76th session of the General Assembly to convene a new open-ended working group of the General Assembly and request the Secretary-General to establish a new group of governmental experts.

The Cybersecurity Tech Accord signatories welcome these recommendations, in particular the recognition that the conversation in this space needs to continue. Nevertheless, we would like to see the OEWG go a step further and recognize that while states clearly have a leading role to play in creating and upholding a normative framework for behavior, the multistakeholder community must also play a pivotal role in providing input and helping set direction for these discussions as they relate to cyberspace. This could be recognized in ensuring that these discussions going forward define a clear process for consultation and input from the civil society and private sector. Current references to “other stakeholders” in Section H (Conclusions and Recommendations) are not sufficient, in our view. Additionally, and more immediately, the OEWG could recognize in its report the outcomes of widely accepted multistakeholder efforts, such as the Paris Call for Trust and Security in Cyberspace, which currently has over 1,000 supporters, including the Cybersecurity Tech Accord. With that in mind, we would recommend incorporating the following principles agreed in that forum into the UN dialogues:

  • “Prevent malign interference by foreign actors aimed at undermining electoral processes through malicious cyber activities;” (Paris Call principle #3)
  • “Prevent ICT-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sector;” (Paris Call principle #4) and
  • “Prevent activity that intentionally and substantially damages the general availability or integrity of the public core of the Internet.” (Paris Call principle #2)

We hope that this initial response sparks further thinking on recommendations that could be put forward as part of the OEWG and help advance our shared objective: achieving a rules-based and rights-respecting online world for all.