Informal multistakeholder consultations
7 Jun 2024 09:00h - 09:30h
Table of contents
Disclaimer: This is not an official record of the session. The DiploAI system automatically generates these resources from the audiovisual recording. Resources are presented in their original format, as provided by the AI (e.g. including any spelling mistakes). The accuracy of these resources cannot be guaranteed.
Knowledge Graph of Debate
Session report
Full session report
International conference chair navigates stakeholder engagement in cybersecurity discussions
The plenary session of an international conference resumed with the Chair announcing a temporary suspension of formal proceedings to circulate a draft proposal based on the previous day’s discussions. Emphasising the importance of input from various stakeholders, the Chair initiated an informal session to hear from civil society, academia, the private sector, and other non-state actors.
A representative from Team Yellow greeted the Chair and requested the inclusion of two agenda items, one of which was deemed particularly important and required immediate attention. The Chair acknowledged the request and suggested a brief pause in formal proceedings to reflect on the concerns raised by Team Yellow.
During the informal session, a Civil Society representative from the ICT Action Network stressed the necessity of multi-stakeholder engagement in cybersecurity initiatives at national and regional levels. The speaker highlighted the importance of collaboration between governments, experts, civil society, the private sector, and academia to address cyber threats and ensure a human-centric approach in cybersecurity policies. The representative also called for the application of international humanitarian and human rights law in cyberspace, and for capacity building to support the adoption of national positions on cybersecurity.
The private sector, represented by a speaker, outlined their significant role in cybersecurity, owning most of the infrastructure and expertise. They introduced the acronym POETRY (Principles, Ownership, Expertise, Teamwork, Risk, Yardstick) to encapsulate their presentation. The speaker requested that principles be explained to the private sector for practical implementation, highlighted the importance of teamwork, and noted the private sector’s substantial risk exposure. They also proposed the promotion of the customary law of reparations to cover critical infrastructure protection and suggested national consultations with the private sector prior to international forums.
A local delegate representing youth and women pointed out the absence of these groups in the cybersecurity discussions, urging the state parties to consider their critical roles.
The Chair expressed appreciation for the inputs from non-state actors, acknowledging the business sector’s grounding in reality and the need for public services to be more aligned with this perspective. The Chair also agreed with the local delegate’s observation on the need to better involve youth and women in cybersecurity.
Concluding the informal session, the Chair proposed a brief recess to address the issues raised and prepare the draft document for circulation. Delegates were asked to remain in the room for the resumption of formal proceedings shortly.
Session transcript
Chair:
We now resume the plenary session where we left off yesterday, but before that, we will temporarily suspend the formal part. The Chair will, in a short period of time, with the help of the Secretary, circulate a draft that is proposed based on the interpretations of delegations from yesterday. But before that, it is important that we hear the voices of other stakeholders, the delegations that are here, outstanding actors, both civil society and academia, the private sector. It is important that we have these inputs to our discussions. So for that reason, I allow the Chair to suspend the plenary, the formal part, and go into an informal section of our deliberations. If there are no objections, it is decided, we will suspend the session.
Team Yellow:
Good morning, Mr. Chair, good morning, colleagues, we have really gone far, we thank God for the success so far. My delegation was to place two agenda items, but one for consideration, hoping that this housekeeping is supposed to be an issue, but because of the importance of it, it requires that the delegates have to say a few things, give their responses to it, and we wanted to place it as a topic and consider it this morning. Taking note that the agenda as it stands is very important, the items on it, but since we require this, if the Chair could kindly open up the floor for us to make that presentation as part of the agenda, since we are continuing with yesterday’s agenda. Mr. Chair, thank you. Two items, if you allow, we can quickly read out and then we can react before we go to the main items this morning. Thank you.
Chair:
Could you approach the Chair at the moment, please? Mr. Chair, thanks to the delegation of Yellow for clarifying the issues ahead. And please allow the Chair some time to reflect on that and try to find a suitable range for the concerns raised by the delegation of Yale. With that, the Chair proposes right now for us to exit the formal part that is suspended for the plenary session for a moment. We will go into an informal session where we will allow for, as the Chair said, the participation of other stakeholders. If there are no objections, the meeting is suspended. Dear delegates, right now we are in informal mode. I have called for this so that we can have a more informal discussion amongst us. And obviously, this will not be a part of the record, just an opportunity for us to express our views in an informal manner, see where perhaps some disagreements exist, but also very important to be able to hear the voices of, as I said, other stakeholders. With that in mind, let me start the meeting with calling on those voices. We have some non-state actors who are there in this meeting. I will start by calling first Civil Society to read out statements that they have prepared. So, Civil Society representatives, please go ahead.
Civil Society:
Mr. Chair, thank you for the opportunity to address the Open-Ended Working Group delegates. I speak here on behalf of the ICT Action Network. Distinguished delegates, ladies and gentlemen, cyber security is everyone’s responsibility. We all have a role to play, even our various skills and responsibilities in cyber ecosystem. Consequently, the meaningful participation of all stakeholders in the design, development and implementation of various cyber initiatives cannot be overemphasized. We believe that multi-stakeholder engagement between governments and all relevant stakeholders such as experts, civil society, private sector and academia at the national and regional levels is critical. Moreover, regular focus and constructive engagement can be instrumental in the identification of gaps, building of synergies and in the design and development of innovative approaches, including context-specific responses to emerging issues in the cyber domain. They also facilitate sharing of information and building a common understanding of the issues, challenges and opportunities. Thank you, Mr. Chair. We call upon delegates from member states, especially those from Africa, to cascade these multi-stakeholder conversations at the national and regional levels to ensure all are brought on board. In particular, to encourage them to utilize the African Union and the regional economic blocs in this continent to prioritize cyber diplomacy, including facilitating greater multi-stakeholder engagement at the national and regional levels on the topics and discussions at the Open Advertising Group. In addition, continued investment by state and non-state actors in evidence-based research and the work of civil society is useful in informing cyber policy-making processes and promoting common understanding of cyber issues, including on how to ensure human-centric approaches in the field of ICPs. Mr. Chair, due to lowering of the threshold of conducts, cyber attack and operations, the threat landscape now consists of nation-state affiliated actors, collectives and activists, and criminal groups, in addition to nation-states as traditional actors. We call on states to be guided by a human-centric approach when assessing the impact of cyber attacks to explain the societal harm of these incidents on people, including groups with specific needs and vulnerabilities. Mr. Chair, regarding international law, while cyberspace is often referred to as a domain, it does not in fact constitute a new legal area or domain, and thus international law applies in its entirety. This does not mean that there are not unique features relating to the use of ICPs which require additional attention, and we welcome the proposal for a dedicated intersectional discussion to further discuss these areas. This should reflect areas of additional convergence, such as the application of international humanitarian and human rights law, and should focus on what is needed to ensure their protected value. We also support various recommendations to build capacity on international law to enable states to provide their own views. The task of developing positions is a challenging endeavor, requiring coordination from multiple agencies, significant financial resources and expert knowledge, and inputs from other stakeholders. Capacity building should thus aim to mitigate these challenges and to support the adoption of national positions which are instrumental to arriving at common understanding. It is also a team effort and should involve the participation of different stakeholders. Thank you, Mr. Chair.
Chair:
Thank you very much, Vlada. Thank you very much to all representatives of society for providing your valuable input into our deliberations. Am I to understand right now that Nene is also here, or if she’s not, then perhaps we will wait to hear the voice of private.
Private sector:
Chair, Vice Chair, distinguished delegates, we are honored as the private sector to have been given an opportunity to address you we have listened with respect and gladness to the deliberations of the delegates on this important topic and we are one with you as we present our own viewpoints, which we hope will continue to enrich this discussion. I will make my presentation along six lines. Firstly, principles. The framework of action gives us the norms, the CBMs, international law, and capacity building as important areas. And there are principles that have been developed through the UNGG and the Open-Ended Working Group. And we would plead with the delegates to continue to explain these principles to the private sector and to help us to unpack them into practical action for the reasons that I will present. One, we are the owners of most of the infrastructure, the critical infrastructure, the cables, the masks, the data centers, the systems, security, networks, operation centers, and even many of the services. We own the intellectual property that underpins this technology. We own and run the systems and applications which are used in this technology. And we own a lot of the data or store it for others, the brands and the businesses that make this technology come alive. Secondly, we have the expertise. Even now at times of conflict, we have seen the private sector being requested by governments to help them to defend themselves because the greatest expertise to design, operate, and even to solve the problems of this technology lie in the private sector. Thirdly, without teamwork between the private sector, governments, academia, and civil society, we will be unable to manage the complexities and threats in this landscape. Fourthly, we bear a huge part of the risk that we have. As early as 2018, six years ago, data breaches alone lost the world more than $5 billion. An amount which can provide 5 million households with electricity, which can build 125,000 kilometers of optical fiber, or 2,500 kilometers of roads. These losses were borne largely by the private sector, but we are the taxpayers. We also support the public sector. So this loss was also felt by governments. Finally, the implementation success of the policies you are making will largely be measured by reduction of the losses in the private sector and actions which are taken to protect this sector from harm. I believe you have realized that the six issues I have talked about have created the acronym POETRY. Principles, Ownership, Expertise, Teamwork, Risk, and the Yardstick. The great Senegalese statesman and poet, Leopold Senghor, wrote in his poem, African Woman, that in your shadow I have grown up. The gentleness of your hands was laid over my eyes. This technology has developed in the shadow of the private sector. And our hands are laid over this technology, as the great statesman, I borrow from his poem. So we would make requests in three areas. In the area of principles, we would urge the African continent to emphasize the issue of critical infrastructure management and protection, because this critical infrastructure is the one that supports the private sector to provide services. And also issues of supply chain integrity and responsible handling of vulnerabilities would be important to support the private sector to help us to continue to provide services on the African continent and in the rest of the world. In the area of CDMs, I believe that we can follow the example of Ghana’s cybersecurity agency in enshrining private sector points of contact in law in our various nations. I would also propose that we have an annual knowledge building seminar on this topic that involves the leaders of your country and the CEOs of critical infrastructure sector companies in the private sector. In the area of international law, I would propose that the customary law of reparations be promoted by the African continent to cover the issue of critical infrastructure protection. In African countries, we have invested a lot and we have seen the disruption created by the fibre cuts, the submarine fibre cuts in West Africa and East Africa. Surely those who commit these acts should have the international customary law of reparations applied to them so that they will fund the repair and restoration of critical infrastructure on the African continent and across the world. This will also deter these kinds of acts and protect the private sector from huge losses. Finally, in the area of teamwork, I would really ask that each delegation first have national consultations with the private sector as they approach processes like the open-ended working group, so that they are fully appraised of the needs of their private sectors as they come to these forums and they defend the private sector who, as I have said, they own and provide the services. We would also like to have private sector experts included in some of your delegations in a supportive role, and we would continue to wish to attend as observers with African delegations. Finally, I would propose that the framework of key performance indicators be developed as a yardstick in this area, so that the impact of these policies, positive impact of the policies that you create on the private sector is measured. And the money I mentioned, which is only a small fraction, because I measure only data breaches, there are many other costs which are coming about as a result of the risks. So we propose that the framework should measure those key performance indicators, so that we can see how these policies are impacting positive change in the area of critical infrastructure protection, among others. Please, remember the acronym POETRI, principles, ownership, expertise, teamwork, risk and yardstick. I thank you all.
Chair:
Thank you very much. I must admit that I don’t usually associate the business sector with POETRI, but you made a good point in this regard. In my language, the business sector is often referred to as the real sector, and I like that analogy, that it really is the real sector. Very often in public service, sometimes we get unreal in how we view the world, but the business sector certainly has to be real, otherwise they fail. So that’s quite understandable. Thank you very much for those inputs, they’re very valuable. Are there any other voices from non-state actors to which to dig for right now? Yes, please.
Local delegate:
Mr. Chair, excellency, I’m a local delegate. In this capacity, I do represent the youth and women. In some of the deliberations that have gone so far in the last two days, I noticed that state parties have not made any attempt to involve the youth and take critical importance of the role of women in cyber security. So on behalf of the youth and women, I put those considerations on the table. Thank you, Mr. Chair.
Chair:
Thank you very much. Those are very pointed and objective observations. It’s true, and we all need to make a better stand. Thank you very much for highlighting that. We are still in an informal session. If delegations want to take this opportunity perhaps to communicate with each other or with representatives from civil society, from the private sector, from youth and women’s organizations, from any of the organizations that are there, they may do so. Alternatively, we can finalize this informal part, and what I will do is take a few minutes to try to resolve some issues that have been raised and as well prepare a job for circulation. So what I would ask you, if there are no questions on the floor at this point, is for a very short break, so please stay at the very least in the room, where in a few minutes we will resume the formal part and the draft for our consideration will be also released. So with that then, let’s pause for a minute and be back in a few minutes.
Speakers
C
Chair
Speech speed
123 words per minute
Speech length
733 words
Speech time
357 secs
Arguments
Recognition of the importance of the private sector in cyber infrastructure
Supporting facts:
- The private sector owns most cyber infrastructure and expertise.
- Private sector plays a critical role in managing technology and bears significant risk.
Topics: Cybersecurity, Private Sector Engagement
Public sector’s detachment from practical realities
Supporting facts:
- Business sector needs to be realistic to survive.
- Public service sometimes loses touch with the on-the-ground realities that businesses face.
Report
The review has showcased the critical importance of private sector participation in fortifying cybersecurity infrastructure, with an understanding that most cyber expertise and infrastructure are owned privately. This sector’s role is perceived as pivotal, managing technology and carrying considerable risks, a viewpoint met with positive reactions.
Highlighting this, private sector engagement in cybersecurity is strongly encouraged, especially given its realistic approach to dealing with operational hurdles—a contrast to public sector policies that may sometimes miss the mark on real-world applicability. To better synergise public and private initiatives, suggestions have been made for national consultations, drawing in private sector input, and integrating experts into international cybersecurity delegations, actions which are seen in a positive light.
Such steps aim to harness the innovative and communicative strengths of the private sector, like their creative deployment of the acronym POETRY to articulate its position, highlighting a disconnect between actual business dynamics and public policy. The interplay between the proposed collaboration and the Sustainable Development Goals (SDGs) is notable, specifically SDG 9, which underscores industry, innovation, and infrastructure, alongside SDG 17, which calls for effective partnership building.
Linking these aspects, the analysis identifies the need for a collaborative relationship between the public and private sectors to advance cybersecurity significantly. The prevailing sentiment throughout these discussions is mainly positive, with a neutral stance maintained in areas such as the need for businesses to stay realistic to survive.
The overall assessment supports the proactive and innovative capabilities of the private sector, crucial for establishing robust cyber defences. The analysis is free from grammatical errors and adheres to UK spelling and grammar conventions. It effectively reflects the content’s detailed insights, embedding long-tail keywords relevant to cybersecurity, private sector partnerships, strategic engagement, and public policy interconnection without compromising the summary’s quality.
This provides a clear and accurate representation of the original analysis, emphasising the indispensability of the private sector in developing resilient cybersecurity frameworks and fostering international cooperation to safeguard our digital ecosystem.
CS
Civil Society
Speech speed
147 words per minute
Speech length
580 words
Speech time
237 secs
Report
The ICT Action ONetwork’s elaborative address to the Open-Ended Working Group focused on the quintessential need for collaborative efforts in tackling cyber security challenges, recognising it as a shared commitment. It was argued that diverse skills across the cyber ecosystem are imperative in securing the digital landscape.
They advocated for multi-stakeholder partnerships involving government, civil society, the private sector, and academic bodies, which are deemed essential at national and regional levels to mitigate security gaps, exchange ideas, and develop appropriate responses to the evolving cyber threats. Attention was drawn specifically to African member states, with a call to action for enhancing multi-stakeholder engagement utilising existing frameworks like the African Union and regional economic blocs, with an aim to coordinate cyber diplomacy efforts and extend the conversation to a wider audience.
Data-driven research investment by state and non-state players was highlighted as a means of guiding policy formation with a human-centric paradigm in cyber security. Such an approach would lend insight into vulnerabilities and the societal fallout of cyber incidents, thus paving the way for more robust cyber policy-making.
The address also delineated the landscape of threats from various entities like nation-states, state-affiliated actors, collectives, activists, and criminal groups, urging states to consider how cyber attacks impact society, particularly individuals with specific needs or vulnerabilities. On the matter of international law in cyberspace, its comprehensive applicability was acknowledged, notwithstanding the unique aspects of the digital domain.
Calls for in-depth discussions were made to further assimilate cyberspace’s peculiarities into established legal precedents, including international humanitarian and human rights law. The complexities states encounter in defining cyber legalities were underlined, with an urge for enhanced capacity building to support this process.
In their conclusion, the ICT Action Network representative reinforced the theme of collective, multifaceted engagement as the fulcrum for states and stakeholders to devise strategies, build capabilities, and come to a consensus on cyber space governance and cyber security. This multifaceted response underscores the call for a collective, knowledge-driven, and structured action plan to bolster cyber security initiatives globally.
LD
Local delegate
Speech speed
130 words per minute
Speech length
80 words
Speech time
37 secs
Report
In addressing the chair and dignitaries at the conference, a local delegate, representing the interests of youth and women, voiced concerns about the current representation in cybersecurity discussions over the past two days. The delegate observed that the participating state parties had failed to take proactive steps to include the insights and expertise of young people and had not recognised the crucial role of women in cybersecurity.
The delegate’s central argument was that the involvement of younger generations is essential for the future of cybersecurity. They bring novel insights and innovative solutions to the industry. Furthermore, the importance of gender diversity in establishing a robust and resilient cybersecurity framework was emphasised, highlighting the need to integrate women into the discourse.
Throughout their address, the delegate pointed out the lost opportunities where state parties could have bridged the generational gap and enhanced the policy-making process through greater gender inclusivity. The evolving nature of cyber threats and the necessity for diverse problem-solving strategies — fostered by a more varied demographic in the cybersecurity field — backed the call for the inclusion of youth and women.
The conclusion of the delegate’s address did not just present a strong appeal for heightened representation of youth and women but also emphasised the critical roles these groups play in advancing a sound cybersecurity agenda. The speech was a rallying cry for state parties to acknowledge and remedy the oversight in their current strategy by ensuring that future consultations actively involve and leverage the talent within these key sectors of society.
This summary captures the delegate’s key points from the assembly, but a more extensive review of the event’s discussions and outcomes would provide a more thorough understanding of the overarching themes related to cybersecurity. This includes the effective participation of youth and women, which is fundamental for driving innovation and addressing contemporary cyber challenges.
The importance of a more inclusive approach to cybersecurity is paramount and should be recognised by all stakeholders involved.
PS
Private sector
Speech speed
121 words per minute
Speech length
1011 words
Speech time
502 secs
Report
The summary accurately outlines the address given by the private sector representative, emphasising their approval for being included in the cybersecurity conversation. The presentation centred on the acronym POETCI – detailing critical aspects necessary for effective cyber defence and collaboration. The ‘Principles’ highlighted by the UNGG (United Nations Group of Governmental Experts) and the Open-Ended Working Group were acknowledged as the foundation for cyber action, with a call for these to be made more tangible and actionable for those in private enterprises.
The significance of ‘Ownership’ was raised, drawing attention to the private sector’s dominion over critical communication networks, intellectual property, systems, and data, evidencing the dependency of technological advances on private sector capacities. The role of ‘Expertise’ was acknowledged as governments often rely on private sector proficiency for cyber defence strategies, pointing to the sector’s sophisticated knowledge and capabilities.
‘Teamwork’ was presented as indispensable, advocating for a united front involving government bodies, private companies, civil society, and academic institutions to effectively address and mitigate complex cyber threats. The address mentioned the ‘Risks’ associated with cyber breaches, citing an enormous financial impact with the $5 billion lost in 2018 used to underline the economic consequences that affect both private and public sectors.
The concept of a ‘Yardstick’ was introduced, suggesting the establishment of measurable standards to evaluate the success of cybersecurity initiatives on the basis of loss mitigation and defence strengthening for the private sector. The speaker proposed substantial measures to boost the cyber resilience of the private sector.
These included improving critical infrastructure management and protection, ensuring supply chain integrity, promoting responsible vulnerability management, incorporating provisions in national laws for direct engagement with private entities (as exemplified by Ghana), and encouraging the evolution of customary international law pertaining to infrastructure damage reparation as a deterrent against cyberattacks.
Additionally, the importance of domestic consultations before international negotiations was emphasised, along with the recommendation to include private sector experts in delegations to mirror the practical requirements and safeguard the interests of businesses. The conclusion called for the development of Key Performance Indicators to assess the influence of cybersecurity policies, presenting POETCI as a blueprint for unified, fortified, and adaptive digital ecosystem defence strategies.
Throughout the discourse, the speaker employed a metaphor likening the private sector’s role to the nurturing influence depicted in Leopold Senghor’s poetry, crystallising the aim for inclusive, pragmatic, and quantifiable cybersecurity methodologies. The overview maintains the critical elements proposed by the speaker, aligning with a shared vision of a collaborative, secure digital landscape fostered by effective partnerships and mutual responsibility.
The text appears to follow UK spelling and grammar conventions accurately. The summary remains comprehensive and reflective of the original address, intertwining the essential details and intended message without compromise to quality or accuracy.
TY
Team Yellow
Speech speed
124 words per minute
Speech length
169 words
Speech time
82 secs
Report
Good morning, Mr. Chair and esteemed colleagues. We are grateful for the progress we have achieved in our deliberations. Drawing from this sense of accomplishment, my delegation proposes two new agenda items, with a particular emphasis on one that warrants our close attention.
This crucial item, though linked to routine housekeeping, demands a thorough discussion due to its overarching significance. Its importance necessitates an engagement level that goes beyond a cursory acknowledgment; it requires an exhaustive analysis to achieve a comprehensive understanding and to formulate an appropriate collective response.
We are therefore requesting the honourable Chair to permit the addition of this item to our current agenda. Our intent is to ensure that the matter is treated with the diligence it deserves, seamlessly integrating it into the sequence of our scheduled discussions.
We are ready to provide a concise brief on the two proposed agenda items and to encourage a robust exchange of views among the delegates. Such an exchange is vital for enhancing our debate and addressing any issues proactively, thus facilitating smoother progress through our principal agenda items for today.
If accepted by the Chair, we assure the assembly that this process will be executed with efficiency, allowing for a quick progression to other important topics of the day. Incorporating this item into our agenda is emblematic of our diligent and decisive conduct within this assembly.
It shows our commitment to thoroughness and highlights the care we take in ensuring even perceived routine matters are given full consideration, mirroring the rigour with which we undertake our collective duties. My sincerest thanks to the Chair for entertaining our proposal, and we greatly appreciate the support of all members in this endeavour.