Cyber Peace & Security Monitor, Vol. 1, No. 2
Capacity, confidence-building, and consultation—the work of the OEWG begins
11 September 2019
Around 70 delegations participated in the general exchange that occurred over the first two days of the Open-ended Working Group’s September session. Statements covered wide ground, setting expectations and priorities on substantive and procedural issues, and sharing of national and regional experience. It is evident that there is appetite and support for this process and a collective sense of concern about the implications of a deteriorating global security environment in a digital and highly networked and interconnected world.
A strong message reinforced by virtually all is that the OEWG is not “starting from scratch” and that outcomes from the prior Groups of Governmental Experts (GGEs) on ICTs are the basis for further work and cannot be discounted or replaced. In fact, several statements urged better examination of how the behavioural norms recommended by the GGEs and endorsed by the UN General Assembly are—or are not—being implemented. For some, this means exchanging in greater detail about policies and practice. Others, like Nigeria, the Philippines, Malaysia, and ICT4Peace emphasised the need to develop better attribution mechanisms as a way to foster accountability and compliance. A few states spoke frankly about their concern about aggressive cyber policies or actions; Luxembourg, for example, stated that it is not optional for “digital heavyweights to not respect international law”. The Netherlands observed that while almost all countries present have said they are against malicious state behaviour, it is still occurring all the time which indicates a need to “practice what we preach.”
There were more overt warnings against the weaponisation of technology and militarisation of cyber space than have been heard in First Committee statements on the subject of cyber to date. Albeit in varying forms, this point was made by the Non-Aligned Movement (NAM), Liechtenstein, Morocco, Peru, the Netherlands, Iran, and China, among others. Switzerland said voiced concern over the growth in power projection within cyber space. Australia acknowledged its own offensive cyber capabilities and argued that this does not contribute to militarisation because they are transparent about their programmes. The Netherlands also spoke out strongly in favour of a human-centric approach to cyber security that puts the safety of citizens first.
WILPF understands the militarisation of cyber space as an expansion of the same patriarchal structures of power that perpetuate violence and repression in the offline world. While this precise gender analysis was not articulated during the general exchange, Sweden, Canada, the Association for Progressive Communications, and WILPF highlighted the unique challenges of online gender-based violence and Australia and New Zealand called for stronger participation of women in ICT-related discussions. This builds on the upsurge of gender awareness occurring in other parts of the disarmament system.
While the majority of delegations welcomed the OEWG’s transparency and openness, it was acknowledged that this is not a perfect process. Governments, civil society organisations, and the High Representative for Disarmament Affairs, regretted specifically that non-ECOSOC organisations were prevented from participating in this session. Many others stressed the importance of a multi-stakeholder process writ large, whether to take advantage of technical knowledge and expertise or to bridge political and conceptual divides. Doing so would be “an essential part of a solution to a deteriorating environment in cyber space,” noted Portugal. As this publication argued in its preview edition, opening up the discussion to more voices and perspectives can help to dilute and diffuse some of the tensions described above but only if the OEWG can escape same power dynamics that have come to characterise so many other UN security bodies lately, in which the voices of a global majority are stifled by a powerful few. In this vein, it was noticeable that not all global regions were equally represented in the opening days of the session.
On Wednesday, the thematic debate will begin with six half-day sessions focusing on threats; international law; rules, norms, and principles; institutional dialogue; confidence-building measures; and capacity-building. Each will open with an expert presentation. In some of these areas we’ve already been given a preview of what to expect through general exchange statements. For example, the applicability of international law to cyber space was widely reinforced and a few states highlighted specific (if at times divergent) views on the necessity of new international law. The applicability of international humanitarian and human rights law was widely supported during statements made in the general exchange, but we know from past discussions that this is a sensitive issue. The importance of proper capacity-building and dialogue were referenced in nearly every statement and quite a lot of countries have indicated already what they see as the biggest threats, which has ranged from attacks on critical infrastructure or the malicious use of ICTs by terrorists. Yet, there is variation in the level of detail being put forward around and sometimes key terms or jargon are being used without precision or in a uniform way. This also speaks to the broader problem of differing understandings and lack of clear definitions in this issue area. Different views are emerging on where to focus the OEWG’s work with some highlighting cyber crime, others cyber terrorism, and yet some others preferring to focus on state-sponsored cyber operations. There are also certainly diverse priorities and baseline understandings of cyber and information security that will need to be resolved in order to get to the practical outcomes and support sought by most member states—but that is also why it has been illustrative and useful to have this kind of a session and hear the views of all, in order to better understand where the gaps and needs really are.
It is often said in the UN that “nothing is agreed until everything is agreed” in reference to the process of adopting resolutions, reports, and other documents. While states do not have to negotiate a report just yet, the phrase does sum up well the interconnectedness of the six areas of work awaiting their attention this week. Threat reduction—or its escalation—is heavily dependent on the strength and success of confidence-building measures and dialogue promotion. Law has a relationship with norms, rules, and principles. These six areas of work are a very good blue print for forward progress. Each requires focused time and study but ultimately cannot be considered in complete isolation from one another. Just as digital networks bind our world together, and have created shared vulnerabilities, the solutions can likewise seem like a tangled web. They require comprehensive approaches that take into consideration the unique contours of cyber space and employ a broader range of tools, tactics, and players than may be the norm in traditional disarmament and arms control. As one delegation noted, any cyber security regime is only as strong as its weakest link.