Working paper puts forth initial proposals for the UN cyber Points of Contact directory
A group of nations has collectively proposed initial recommendations for a UN cyber Points of Contact (PoC) directory, addressing communication checks, information-sharing during cyber incidents, tabletop exercises, and virtual meetings. The Working Paper acknowledges the need for continual evaluation to meet member states’ evolving needs and ensure the directory’s relevance and effectiveness. Capacity-building activities are emphasized to support implementation and utilization of the directory, with ongoing adjustments and improvements necessary for its success.
After the fourth substantive session of the UN Open-Ended Working Group (OEWG) on Developments in the Field of Information and Telecommunications in the Context of International Security, a group of nations consisting of Argentina, Australia, Brazil, Canada, Chile, Czech Republic, Fiji, Germany, Israel, Kenya, Republic of Korea, Mexico, The Netherlands, Singapore, and Uruguay has jointly submitted a Working Paper. This paper outlines proposals for a global, intergovernmental Points of Contact (PoC) directory, as agreed upon in the 2022 Annual Progress Report (APR).
In December 2022, during the intersessional meetings, states expressed general agreement on the significance of establishing a PoC directory. A majority of States reiterated the need to leverage existing PoC infrastructures from regional organizations to avoid duplicating efforts and information. However, questions regarding the activities that PoCs should undertake and the directory’s purpose, whether it should serve technical or diplomatic functions, remained unresolved.
The Working Paper incorporates the recommendations put forward by numerous states during both the fourth substantive session and intersessional meetings held in December 2022 and March 2023. For a detailed overview of these proposals, check out Diplo’s recaps of the December 2022 and March 2023 sessions.
As a starting point, the group of states propose for the OEWG to agree on an initial set of basic and thematically focused CBMs in the Annual Progress Report 2023, including, among others, the ones listed below:
- Communication checks in the form of ‘Ping1’-tests: Regular communication checks should ensure that PoCs are available and ready to receive information through the indicated communication channels (such as email or telephone numbers) in adequate time. To test if the PoC directory’s database is up to date, so-called Ping-tests should be held twice a year by UNODA as the administrator and manager of the PoC Network.
- Information-sharing, particularly in the event of cyber incidents: The PoC directory should facilitate voluntary and confidential information-sharing between member states, particularly in the event of cyber incidents. The exchange of information should complement and strengthen existing CERT-to-CERT PoC communication channels on operational and technical levels. Existing PoC directories at the regional level can provide valuable best-practice examples for sharing information in the event of an incident. Mutual consent of involved PoCs will be a requirement to share information with third parties. The proposed communication check CBM could start as a simple and easy-to-use tool, with more advanced features added gradually based on the experience gained during its implementation.
- Tabletop exercises: The PoC directory can be used as a platform for joint tabletop exercises, which will enhance trust and predictability and improve cyber resilience at national, regional and global levels. These exercises can involve different groups of participants; for example, a first exercise could be held for diplomatic points of contact, and a second tabletop exercise could be expanded to include technical points of contact. They can be held regularly on a voluntary basis. They can be designed to train PoCs in how to react to information-sharing during major cyber incidents. Experiences from regional exercises and training can be used as a starting point. A first tabletop exercise for interested PoCs can be held towards the end of 2023 or early 2024.
- Informal virtual meetings: Regular informal virtual meetings could be held by UNODA to share practical information regarding the UN (PoC) Directory, such as agenda, activities, and exercises, among others. A first informal meeting could be held for diplomatic points of contact. A second informal meeting could be expanded to include diplomatic and technical points of contact. These informal virtual meetings could be held before the Ping-tests and the Tabletop Exercise.
The working paper puts forth initial proposals for the PoC directory but acknowledges that the OEWG must consistently evaluate the evolving needs of member states to ensure the directory remains relevant and effective. As regional and national contexts, circumstances, and technological developments vary, the directory must be adaptable to accommodate diverse requirements. Additionally, capacity-building activities must be designed and refined to support the implementation and use of the directory. Therefore, ongoing adjustments and improvements should be made as states make use of the PoC directory to ensure its success.