Cyber Peace and Security Meetings - Open-ended Working Group (I)

Cyber Peace & Security Monitor, Vol. 1, No. 4

The value of multi-stakeholderism
02 December 2019 Allison Pytlak
Cyber Peace & Security Monitor, Vol. 1, No. 4

 

As noted in the last edition of this Monitor, “not starting from scratch” was the overarching message from the first session of the Open-ended Working Group (OEWG) on “developments in the field of information and telecommunications technologies in the context of international security.” The phrase was one that states and regional groupings used consistently throughout the September session to acknowledge and re-affirm the value of the past and current work, dialogue, and commitments in the area of international cyber peace and security.

This informal intersessional meeting of the OEWG is a way to support, but also test, that resolve.

The meeting is organised around six substantive sessions that roughly reflect the same topics addressed in formal meetings of the OEWG. Each will begin with “scene-setting remarks” after which participants are invited to provide brief interventions that respond to a set of proposed framing questions. The chair of the meeting, Mr. David Koh of the Cyber Security Agency of Singapore, and Swiss Ambassador Jürg Lauber, the OEWG chair, have both emphasised their hope for an interactive dialogue and exchange throughout. Member states will participate to ask questions and respond but not deliver national statements.

Over 100 organisations have registered for the intersessional meeting and represent an extremely broad diversity of stakeholders. There are non-governmental organisations (NGOs) coming from the areas of advocacy, policy, and awareness-raising with expertise in disarmament, peace, security, human rights, and international law. There are private cyber security and software firms, both large and small. There are independent academic researchers, technologists, lawyers, and policy research institutes. Some approach cyber security with a human-centric and human rights-first approach; and others view this solely as an issue of national defence and international affairs. Multiple global regions will be represented and the possibility to deliver video statements has been made available to those not able to attend in person. The meeting will be webcast.

Such a diversity of participants can support the “not starting from scratch” approach by bringing to the fore and highlighting in detail the breadth of work occurring in the pursuit of peace in cyber space; a basis that can be built on by the OEWG. Through the framing questions, participants have been invited to bring examples of actual capacity- and confidence-building measures, for example, or to provide views on how the malicious use of information and communications technologies (ICTs) negatively affect socio-economic development and pose other threats—all of which could move the conversation from blanket descriptions of harm to evidence-based information sharing. The framing questions also make specific reference to other normative fora like the Cybersecurity Tech Accord and the Paris Call, and ask for views on how to reconcile the overlapping outputs of those processes with the UN’s cyber activities, which is a very real question that has not yet been adequately addressed. Participants are further invited to outline what role we see for ourselves in supporting the implementation of the voluntary non-binding norms of responsible state behaviour contained set out by the UN Group of Governmental Experts (GGE) in 2015, and what we view as the main threats to critical infrastructure and critical information infrastructure. Thoughts on the way forward will also be taken up.

This all should, in theory, provide states with the specialised information and insight to help steer the OEWG toward concrete and technically sound outcomes when it resumes formal discussions in February 2020. Many states emphasised that the OEWG should aim for such concrete and practical outcomes, possibly as one way to distinguish its outputs from those of the GGE that is meeting concurrently within the UN and has its first session next week. Stakeholder input could also serve to provide clarity on some of the thornier or more controversial questions that member states are wrestling with or lift up dimensions of the issue that are under-explored, such as the gendered impacts of cyber operations.

Stakeholder diversity can also be a healthy test, however, as undoubtedly there will be criticisms and concerns raised about state behaviour in cyber space that some countries may prefer to not hear—but that need to be accounted for if we are indeed not starting from scratch and want to have a dialogue that is rooted in reality. It’s evident that the pace and severity of malicious operations in cyber space have increased noticeably. The use of cyber technologies as tools of or targets for aggression is becoming more regular and, as a result, normalised by a larger number of states. The last year has seen a spike in data breaches, malware attacks, disinformation campaigns, and continued use of proxies by states. Governments use digital technologies and spaces to restrict human rights, such as through surveillance, hacking, censorship, and intentional disruption of internet services and access.

It was presumably a desire to avoid criticism about just these kinds of activities that prompted some member states to block access to the September OEWG session for any organisation that does not hold ECOSOC status at the UN; a very rare occurrence in UN disarmament and arms control fora and one that sets a dangerous precedent. Ironically, some of the same member states who may have played in role in that blockage are also those who spoke at length during the 2019 First Committee about the importance of having a cyber security body at the United Nations that is open and accessible to all. That is why the high turn-out and participation for this consultative meeting is so significant and can stand to demonstrate what non-governmental stakeholders collectively offer to this work and integral role in implementing state-agreed norms, but it shouldn’t come at a cost of critical and honest discussion.

Shutting out critical discussion does a disservice to both the concept of multi-stakeholderism and the spirit of multilateralism and equality that the United Nations is meant to embody. The same concerns that civil society may rightfully raise about the abuse of human rights online or flouting of agreed norms when states attack critical infrastructure should also be the concerns of the entire international community, including governments, because they threaten our collective peace and security, and undermine the rules-based international order.

“This is the first time in the history of UN ICT discussions in the context of international security that such an inclusive and global multi-stakeholder meeting is held to discuss cyber threats and challenges and how to address them,” notes a joint letter from the two chairpersons. What will be important going forward is how the expertise and information provided at this meeting is used by states in the formal work of the OEWG. This convening of a meeting like this was mandated in the same UN General Assembly resolution that created the OEWG, but it does have an informal status and is being independently and voluntarily resourced and chaired. A report of this meeting will be presented from the chair during the OEWG’s next formal session in February 2020, at which non-governmental participation could again be restricted. This publication will produce a final report at the end of the intersessional to capture the diversity of expertise, views, and concerns presented. The hope is that this is the start, and not the end, of a more robustly inclusive UN dialogue on cyber security writ large. The ubiquity of ICTs in each of our lives, and our shared vulnerability, makes us all stakeholders in their protection and in the preservation of a peaceful cyber space.

More in this category: « Cyber Peace & Security Monitor, Vol. 1, No. 3 Cyber Peace & Security Monitor, Vol. 1, No. 5 »
back to top

In November 2020, the General Assembly voted to establish, through resolution A/RES/75/240 a second OEWG, that will commence work in 2021. This second OEWG will report back to the General Assembly in 2025. An organisational session will take place from 1-2 June 2021 to determine future meeting dates, structures, and other modalities.

Click here to subscribe to RCW's Cyber Peace & Security Monitor, providing coverage and analysis from the OEWG.

Click here to visit the (first) OEWG webpage managed by the United Nations.

CONFERENCE RESOURCES (2019-2021 OEWG)

SCHEDULE (2019-2021 OEWG)

1. Organisational meeting - New York, 3-4 June 2019
2. First substantive session - New York, 9-13 September 2019
3. Intersessional meeting with industry and civil society - New York, 2-4 December 2019
4. Second substantive session - New York, 10-14 February 2020
5. Intersessional informal exchange - New York, 30-31 March 2020 Cancelled due to the COVID-19 pandemic
6. Intersessional informal exchange - New York, 28-29 May 2020 Cancelled due to the COVID-19 pandemic
7. Third (and final) substantive session - New York, 6-10 July 2020 Postponed due to the COVID-19 pandemic to 8-12 March 2021 

Closed informal meetings (held in virtual format during 2020)
1. Norms, rules, and principles: 15, 17, 19 June 2020 (07:00-10:00 EDT)
2. International law: 29-30 September, 1 October 2020 (08:00-11:00 EDT)
3. Confidence-building measures and capacity building: 17-19 November 2020 (08:00-11:00 EDT)
4. Regular institutional dialogue and general comments: 1-3 December 2020 (08:00-11:00 EDT)

NGO PARTICIPATION

Details on how non-governmental stakeholders can participate in the third and final OEWG session from 8-12 March are forthcoming.

On 25 February 2021, civil society shared views on the zero draft of the OEWG final report through an informal online event and consultation. Civil society stakeholders were also invited to share their views on the zero draft in writing for posting on the OEWG website. 

From 4-10 December 2020, non-governmental stakeholders were invited to participate in a series of informal online dialogue sessions. The six sessions mirrored the six agenda items of the OEWG mandate and there was also one side event, on gender and international cyber security. Visit the dialogue series' website (www.letstalkcyber.org) for video recordings and documents from all sessions. Read the summary report here.

Information about the participation of non-governmental stakeholders in future formal meetings of the OEWG will be shared as available. The new informal meetings are not open to civil society participation or observation.

RELATED DOCUMENTS AND RESOURCES

"Open-ended Working Group on Developments in the Field of Information and Telecommunications in the Context of International Security established pursuant to General Assembly resolution 73/27 of 5 December 2018" (A/C.1/75/L.47)

"Developments in the field of information and telecommunications in the context of international security" (A/C.1/75/L.8/Rev.1)

"Developments in the field of information and telecommunications in the context of international security" (A/C.1/74/L.50/Rev.1)

"Developments in the field of information and telecommunications in the context of international security" (A/RES/73/27)

Reaching Critical Will's fact sheet on cyber peace and security

UN Office of Disarmament Affairs fact sheet

UN Office of Disarmament Affairs website

UNIDIR's Cyber Policy Portal