logo_reaching-critical-will

Cyber Peace & Security Monitor, Vol. 1, No. 4

The value of multi-stakeholderism
02 December 2019


Allison Pytlak

Download the full edition in PDF

As noted in the last edition of this Monitor, “not starting from scratch” was the overarching message from the first session of the Open-ended Working Group (OEWG) on “developments in the field of information and telecommunications technologies in the context of international security.” The phrase was one that states and regional groupings used consistently throughout the September session to acknowledge and re-affirm the value of the past and current work, dialogue, and commitments in the area of international cyber peace and security.

This informal intersessional meeting of the OEWG is a way to support, but also test, that resolve.

The meeting is organised around six substantive sessions that roughly reflect the same topics addressed in formal meetings of the OEWG. Each will begin with “scene-setting remarks” after which participants are invited to provide brief interventions that respond to a set of proposed framing questions. The chair of the meeting, Mr. David Koh of the Cyber Security Agency of Singapore, and Swiss Ambassador Jürg Lauber, the OEWG chair, have both emphasised their hope for an interactive dialogue and exchange throughout. Member states will participate to ask questions and respond but not deliver national statements.

Over 100 organisations have registered for the intersessional meeting and represent an extremely broad diversity of stakeholders. There are non-governmental organisations (NGOs) coming from the areas of advocacy, policy, and awareness-raising with expertise in disarmament, peace, security, human rights, and international law. There are private cyber security and software firms, both large and small. There are independent academic researchers, technologists, lawyers, and policy research institutes. Some approach cyber security with a human-centric and human rights-first approach; and others view this solely as an issue of national defence and international affairs. Multiple global regions will be represented and the possibility to deliver video statements has been made available to those not able to attend in person. The meeting will be webcast.

Such a diversity of participants can support the “not starting from scratch” approach by bringing to the fore and highlighting in detail the breadth of work occurring in the pursuit of peace in cyber space; a basis that can be built on by the OEWG. Through the framing questions, participants have been invited to bring examples of actual capacity- and confidence-building measures, for example, or to provide views on how the malicious use of information and communications technologies (ICTs) negatively affect socio-economic development and pose other threats—all of which could move the conversation from blanket descriptions of harm to evidence-based information sharing. The framing questions also make specific reference to other normative fora like the Cybersecurity Tech Accord and the Paris Call, and ask for views on how to reconcile the overlapping outputs of those processes with the UN’s cyber activities, which is a very real question that has not yet been adequately addressed. Participants are further invited to outline what role we see for ourselves in supporting the implementation of the voluntary non-binding norms of responsible state behaviour contained set out by the UN Group of Governmental Experts (GGE) in 2015, and what we view as the main threats to critical infrastructure and critical information infrastructure. Thoughts on the way forward will also be taken up.

This all should, in theory, provide states with the specialised information and insight to help steer the OEWG toward concrete and technically sound outcomes when it resumes formal discussions in February 2020. Many states emphasised that the OEWG should aim for such concrete and practical outcomes, possibly as one way to distinguish its outputs from those of the GGE that is meeting concurrently within the UN and has its first session next week. Stakeholder input could also serve to provide clarity on some of the thornier or more controversial questions that member states are wrestling with or lift up dimensions of the issue that are under-explored, such as the gendered impacts of cyber operations.

Stakeholder diversity can also be a healthy test, however, as undoubtedly there will be criticisms and concerns raised about state behaviour in cyber space that some countries may prefer to not hear—but that need to be accounted for if we are indeed not starting from scratch and want to have a dialogue that is rooted in reality. It’s evident that the pace and severity of malicious operations in cyber space have increased noticeably. The use of cyber technologies as tools of or targets for aggression is becoming more regular and, as a result, normalised by a larger number of states. The last year has seen a spike in data breaches, malware attacks, disinformation campaigns, and continued use of proxies by states. Governments use digital technologies and spaces to restrict human rights, such as through surveillance, hacking, censorship, and intentional disruption of internet services and access.

It was presumably a desire to avoid criticism about just these kinds of activities that prompted some member states to block access to the September OEWG session for any organisation that does not hold ECOSOC status at the UN; a very rare occurrence in UN disarmament and arms control fora and one that sets a dangerous precedent. Ironically, some of the same member states who may have played in role in that blockage are also those who spoke at length during the 2019 First Committee about the importance of having a cyber security body at the United Nations that is open and accessible to all. That is why the high turn-out and participation for this consultative meeting is so significant and can stand to demonstrate what non-governmental stakeholders collectively offer to this work and integral role in implementing state-agreed norms, but it shouldn’t come at a cost of critical and honest discussion.

Shutting out critical discussion does a disservice to both the concept of multi-stakeholderism and the spirit of multilateralism and equality that the United Nations is meant to embody. The same concerns that civil society may rightfully raise about the abuse of human rights online or flouting of agreed norms when states attack critical infrastructure should also be the concerns of the entire international community, including governments, because they threaten our collective peace and security, and undermine the rules-based international order.

“This is the first time in the history of UN ICT discussions in the context of international security that such an inclusive and global multi-stakeholder meeting is held to discuss cyber threats and challenges and how to address them,” notes a joint letter from the two chairpersons. What will be important going forward is how the expertise and information provided at this meeting is used by states in the formal work of the OEWG. This convening of a meeting like this was mandated in the same UN General Assembly resolution that created the OEWG, but it does have an informal status and is being independently and voluntarily resourced and chaired. A report of this meeting will be presented from the chair during the OEWG’s next formal session in February 2020, at which non-governmental participation could again be restricted. This publication will produce a final report at the end of the intersessional to capture the diversity of expertise, views, and concerns presented. The hope is that this is the start, and not the end, of a more robustly inclusive UN dialogue on cyber security writ large. The ubiquity of ICTs in each of our lives, and our shared vulnerability, makes us all stakeholders in their protection and in the preservation of a peaceful cyber space.

[PDF] ()