Effective Cyber Diplomacy White Paper: A Guide to Countries’ Engagement in International Security Dialogues

Each October, Cybersecurity Awareness Month encourages us all to consider the importance of protecting individuals and organizations from security threats in a digital domain that is increasingly intertwined with our daily lives. It reminds us that we all – industry, civil society, governments, and individuals – have a responsibility to help make the online world and, in turn, ourselves more secure. In that spirit, this year for Cybersecurity Awareness Month, the Cybersecurity Tech Accord is releasing a new white paper on the need for more robust and inclusive cyber diplomacy, Towards effective cyber diplomacy: A guide to best practices and capacity building (download the full paper below).

Since its inception in 2018, the Cybersecurity Tech Accord has used Cybersecurity Awareness Month as an opportunity to draw attention to priority cybersecurity challenges – launching new initiatives, sharing best practices, and offering industry guidance. Last year, we showcased essential cyber hygiene practices for individuals and organizations in a series of blog posts published together in the Compendium on Cyber Hygiene in alignment with principle #8 of the Paris Call for Trust and Security in Cyberspace. In 2019,we released the first edition of our white paper on national cybersecurity awareness campaigns with the UK’s Foreign Commonwealth and Development Office.

2021 is already a landmark year for cybersecurity challenges, both in the scale and sophistication of major attacks, which illustrates the need for greater engagement from nations worldwide to set and observe expectations for responsible behavior to promote security and stability online. International cybersecurity cannot move forward based on dialogues among a limited number of advanced cyber powers alone. In a connected world, all nations have a responsibility to help establish, uphold and abide by international commitments to improve security for everyone.

The white paper we are releasing today, Towards effective cyber diplomacy: A guide to best practices and capacity building, is intended to help demystify this new area of diplomacy and provide a roadmap for countries developing their own cyber diplomacy capacities. When it comes to this new domain of human activity and conflict – cyberspace – knowing how to structure diplomatic responsibilities and which forums to engage in with limited resources can be daunting. Indeed, this is a new diplomatic field that all nations are still learning to navigate, and there is no one-size-fits-all approach. However, while there may be no silver bullet, a wealth of best practices and models have emerged in recent years that governments can and should learn from and adopt.

Since the launch of the Cybersecurity Tech Accord in 2018, we have engaged in and observed a range of both multilateral and multistakeholder cyber diplomacy forums – including at the United Nations (UN), the Organization for Economic Co-operation and Development (OECD), the Global Forum on Cyber Expertise (GFCE), the Internet Governance Forum (IGF), and many others. We have also been privileged to engage directly with many in this first generation of cyber diplomats from nations around the world. Based on these engagements and experiences, we have compiled resources and recommendations in this new whitepaper that we hope will serve as a valuable and easy-to-use guide for countries seeking to build or mature their own cyber diplomacy capacities.

In particular, the report intends to support governments working to engage in the global cyber dialogue with limited resources and those that have yet to develop a cyber diplomacy apparatus, including emerging and developing economies. Just as closing the so-called “digital divide” is essential to building an inclusive global economy, so too is the inclusion of all countries in cyber diplomacy negotiations essential for building a secure, equitable and rights-respecting online world that reflects a diversity of interests and needs. States without requisite diplomatic muscles on these topics risk being left out of important agreements or receiving them as a fait accompli. Moreover, many international agreements on cybersecurity require respective nations to take action and implement commitments that require coordination.

This new report examines existing practices and sets out the following seven recommendations for effective engagement in cyber diplomacy:

  1. Effective cyber diplomacy begins with a government’s awareness that these issues have a profound impact not only on international cyber stability but the economy, trade and other international engagements. Foreign policy agendas should clearly articulate the government’s focus areas while indicating long-term objectives for international cooperation, including which stakeholders would be engaged.  
  2. Cyber diplomacy is complex, and states must identify a focus for their efforts. This strategy should parallel the country’s domestic and foreign-policy agendas by harmonizing national legal framework and policies with international commitments while aligning its internal cybersecurity approach with its international efforts.
  3. While it can be challenging for states to prioritize cyber diplomacy among the multitude of other open diplomatic engagements, countries may want to focus their efforts on influencing regional bodies or prioritize certain initiatives rather than engaging in all relevant fora.
  4. Governments must develop additional competencies and skills focused on cybersecurity issues to supplement traditional methods and processes of diplomacy and trade. This may include creating organizational structures whose primary focus is cybersecurity issues relating to trade, diplomacy and international law.
  5. States should develop processes that consider input from the ICT industry and civil society in determining positions and approaches that touch on their areas of interest and help the government leverage prominent industry and non-state actors.
  6. Small states and emerging economies face challenges given the technical expertise and resources required for effective diplomacy on large and complex problems of global governance. Nonetheless, countries have effectively pooled resources by creating communities of interest, which could be applied to cybersecurity.
  7. Given the plethora of bilateral, regional, multilateral, multistakeholder, and private networks where cyber diplomacy occurs, states should think strategically about which fora will advance their foreign policy goal and adjust the depth and breadth of their cyber diplomacy capacity accordingly. Further, states should commit to the application of international law to cyberspace and may want to join or implement existing instruments to combat cybercrime and other threats.  

The Cybersecurity Tech Accord is firmly committed to supporting inclusive and transparent dialogues that promote an open, free and secure online world. We know that protecting our online environment is in everyone’s interest and believe strongly in fostering greater cyber diplomacy to further safety and security online. We hope this white paper will encourage you to join us in celebrating Cybersecurity Awareness Month and continue working to engage in these important dialogues.