One Step Forward, Two Steps Back – The OEWG Needs Multistakeholder Inclusion

Source: UN Photo/Cia Pak 

Last December, the second iteration of the United Nations’ (UN) Open Ended Working Group (OEWG) on cybersecurity hosted its first substantive session, based on their mandate “to further develop the rules, norms and principles of responsible behaviour of States and the ways for their implementation…” (A/RES/75/240). Following the first OEWG, which concluded last spring with a consensus report reaffirming international cybersecurity norms and the authority of international law related to state behavior online, there was hope that this next round of dialogues would be poised to take further steps forward and be even more inclusive in its approach. Indeed, the consensus report from the first OEWG expressly recognized the value of multistakeholder contributions to dialogues on peace and security online. Unfortunately, the first session of the OEWG – despite efforts by a number of UN Member States – failed to meaningfully live up to these expectations of inclusion.

Throughout the first session, there were no formal opportunities for multistakeholder participation in the OEWG process. Instead, the OEWG Chair hosted an informal consultation of nongovernmental stakeholders alongside the opening session in a virtual format. While this gesture was appreciated, the engagement did not provide enough time for the many of those attending the consultation to have their voices heard – underscoring just how much of an appetite there is in the multistakeholder community to contribute to these discussions and how much more needs to be done. If the OEWG is going to successfully help establish and strengthen expectations for responsible state behavior online, to bring greater stability and security to cyberspace, it will need to figure out how to more effectively include multistakeholder voices.

Indeed, supporting greater inclusion of nongovernmental stakeholders features prominently in the UN Resolution, which established the new OEWG.

…while States have a primary responsibility for maintaining a secure and peaceful information and communications technology environment, effective international cooperation would benefit from identifying mechanisms for the participation, as appropriate, of the private sector, academia and civil society organizations.

A/RES/75/240 (Dec. 31, 2020)

Ahead of the first OEWG meeting in December, the Cybersecurity Tech Accord joined more than 150 other entities – including 44 national governments – in a letter to the OEWG Chair proposing clear modalities to ensure more effective multistakeholder participation. These modalities include:

  1. Increase multistakeholder participation in the OEWG beyond simply nongovernmental stakeholders with a pre-existing consultative status with the UN.
  2. Ensure transparency related to objections of Member States to the participation of any nongovernmental stakeholders.
  3. Provide a regularized channel through which nongovernmental stakeholders can express their views to benefit the OEWG, regardless of accreditation status.
  4. Allow sufficient time for nongovernmental stakeholders to share their views in both formal and informal settings throughout the OEWG process. 
  5. Leverage a hybrid format for both formal and informal OEWG sessions to allow for increased participation.

Thus far, the OEWG has not embraced these commitments, or any similar ones that would set this process up to be more inclusive, though we understand there are ongoing debates between states as to whether and how to support these or other modalities for multistakeholder inclusion as the process moves forward.

As an organization representing the industry responsible for building, maintaining and securing much of the digital domain, the Cybersecurity Tech Accord feels strongly that Member States would benefit from the structured and intentional inclusion of our perspectives, as well as others from across different sectors. For further guidance on how to do so, we would encourage the OEWG to consult the report we produced last November as part of the Paris Call for Trust and Security in Cyberspace Working Group #3 on multistakeholder inclusion in UN cyber dialogues: Multistakeholder participation at the UN: The need for greater inclusivity in the UN dialogues on cybersecurity.

We appreciate the diplomatic challenges included in navigating a consensus-based setting that brings together all UN Member States. However, with a mandate for the current process to run through 2025, the UN OEWG has an opportunity to set a new precedent and take important steps forward to discourage escalating cyber conflict and to promote an online world that benefits all, but this will require cooperation across stakeholder groups. While ultimate decision-making power on matters of peace and security – online and offline – will always remain with Member States, the meaningful inclusion of nongovernmental stakeholders is essential to support states in making the most informed decisions, especially related to threats in cyberspace.

The Cybersecurity Tech Accord looks forward to future opportunities to support these dialogues.