Shaping a UN Cyber Programme of Action | IGF 2023 Open Forum #84

Report

The participants in the discussion addressed various significant aspects of counterterrorism policies in relation to cyber issues and human rights. One of the main arguments raised was the critical need to broaden the cybersecurity discussion within counterterrorism policies. It was noted that the current mandate of the CTED (Counter-Terrorism Committee Executive Directorate) and the UN Office on Counterterrorism is too narrow when it comes to cybersecurity.

This limitation restricts the discussion on crucial matters like state-sponsored cyber warfare, hindering the development of comprehensive strategies to address cyber threats in counterterrorism efforts.

Another key argument put forward during the discussion was the necessity of incorporating human rights laws in online contexts.

The OHCHR (Office of the High Commissioner for Human Rights) and the Special Rapporteur for Human Rights and Counterterrorism stressed that human rights laws should be applicable online as well as offline. This recognition underscores the importance of protecting fundamental rights in the digital realm.

Including human rights laws in counterterrorism policies is vital to ensure a balanced approach that safeguards both security and individual rights.

The participants also emphasised the need for an advanced counterterrorism approach that effectively intercepts the exploitation of information and communication technology (ICT) for terrorist purposes.

The CTED is currently finalising non-binding guiding principles for member states on ICT and its prevention of terrorist exploitation. This initiative demonstrates the acknowledgement that terrorists are increasingly utilising digital platforms and technologies to advance their objectives. Developing effective strategies to counter this exploitation is essential in addressing the evolving nature of modern threats.

Furthermore, the discussion highlighted the importance of supporting the work of the OEWG (Open-Ended Working Group) and other General Assembly bodies in the development of counterterrorism strategies.

It was suggested that the Security Council should refine its counterterrorism strategies with input from other UN bodies. This collaborative approach can lead to a more comprehensive and inclusive framework for tackling the multifaceted challenges posed by terrorism.

In conclusion, the discussion shed light on various critical aspects of counterterrorism policies concerning cyber issues and human rights.

Expanding the cybersecurity discussion within counterterrorism policies and including human rights laws in online contexts were identified as crucial steps. Intercepting the exploitation of ICT for terrorist purposes and promoting collaboration among UN bodies were also emphasised as important strategies.

However, it was noted that the current mandate of the CTED and the UN Office on Counterterrorism is limiting in its scope. Efforts are currently focused on training law enforcement officers to monitor online content, but there is a need for broader discussions and strategies to effectively address cyber threats in counterterrorism efforts.

Report

The analysis explores different perspectives on cyber policies, focusing on the contributions and approaches of various stakeholders. One key observation is the positive recognition of Canada’s active participation in Global Governance Entities (GGEs) and Open and Working Groups, demonstrating its commitment to shaping global cyber policies.

Canada’s policy development process is highlighted for its co-creation model, which involves engaging multiple stakeholders to ensure inclusivity and a human-centric approach.

Another important argument presented is the significance of a human rights framework as the basis for cyber policies.

The analysis emphasizes that the human rights framework is currently under attack and must be protected. Canada, in line with SDG 16 (Peace, Justice and Strong Institutions), aims to ensure that the transition to a program of action is firmly framed within the context of human rights.

This demonstrates a commitment to protecting individuals’ rights and privacy within the cyberspace ecosystem.

The analysis also introduces the concept of cyberspace as a co-owned space. This perspective emphasizes the need for dialogue and partnerships among member states to collectively address cybersecurity issues.

By recognizing cyberspace as a shared responsibility, countries can work together to create a more secure and equitable online environment. The analysis underscores the importance of dialogue and providing a platform for addressing these issues, promoting collaboration and building partnerships.

The Programme of Action (POA) is highlighted as a valuable tool for institutionalizing dialogue and addressing cyberspace issues.

The POA acts as an aggregator, bringing together diverse stakeholders to work through challenges and bridge gaps. It is seen as an effective means to foster cooperation and find solutions to complex cyber-related problems. This aligns with SDG 16’s goal of promoting peace, justice, and strong institutions.

In conclusion, the analysis commends Canada for advocating multi-stakeholder and human-centric approaches to cyber policies.

Additionally, it stresses the importance of a human rights framework, a co-owned perspective of cyberspace, and the institutionalization of dialogue through the POA. These perspectives and arguments provide a comprehensive understanding of the complexities and challenges associated with cyber policies, offering valuable insights for creating more inclusive and secure digital ecosystems.

Report

Australia has been a long-standing advocate for the establishment of the Plan of Action (POA) as an institutionalised UN mechanism. They were heartened by the broad cross-section, cross-regional support for the UN General Assembly resolution on the POA last year.

Australia believes that the POA should build on the hard, collaborative work of the open-ended working group and provide practical guidance to implement the UN framework on responsible state behavior. This signifies a positive sentiment towards the POA.

From Australia’s perspective, a functioning POA should have clear scope, flexibility both substantive and procedural, functionality in terms of its framework being put into practice, and inclusion of states and non-state actors.

They suggest that the framework of the POA may be further developed by consensus. Australia values the POA as a means to facilitate all countries, irrespective of their size or level of development, to determine their own digital future. This reflects a positive sentiment towards the POA’s role in promoting peace, justice, and strong institutions, aligning with Sustainable Development Goal 16.

Australia’s advocacy extends to the participation of all member states and non-state actors in the POA.

They view this as a key aspect of the POA’s success. In line with this, Australia has included this messaging in their stance, indicating a positive sentiment towards inclusivity in the POA.

Furthermore, Australia sees the POA as a way to implement permanent changes and emphasizes the importance of capacity building.

They strongly support the emphasis on capacity building, considering it a significant component for achieving the objectives of the POA. This highlights their positive stance towards using the POA to bring about long-lasting and actionable measures.

To summarise, Australia has been a staunch supporter of the establishment of the POA as a UN mechanism.

They believe it should be built upon the collaborative work of the open-ended working group and provide practical guidance for responsible state behaviour. Australia emphasises the need for clear scope, flexibility, functionality, and inclusion in the POA. They advocate for the participation of all member states and non-state actors, view it as a way to implement permanent changes, and stress the importance of capacity building.

Their approach is geared towards an actionable, permanent, and inclusive approach to security. The general sentiment expressed by Australia regarding the POA is positive.

Report

Ellie McDonald has presented the concept of a Cyber Programme of Action (POA), which has garnered support from a group of UN member states. The POA aims to address threats in cyberspace and promote engagement and cooperation among stakeholders in a human-centric and rights-respecting way.

It supports the implementation of the Responsible State Behaviour Framework and primarily targets states and actors involved in the UN’s Open-Ended Working Group on Information and Communication Technologies (ICTs).

Supporters argue that the POA has the potential to establish permanent, open, transparent, and inclusive discussions.

It recognizes shared but differentiated responsibilities and encourages the contributions of stakeholders to be heard and acted upon. The POA also emphasizes the importance of capacity-building and operationalization to ensure effective implementation.

Furthermore, the POA must be responsive to real-life events and threats, demonstrating its relevance and effectiveness.

Diversity of views is considered essential to inform the discussions, ensuring inclusivity and representation. Additionally, the POA should be co-created and co-owned, involving various stakeholders in its development.

In summary, the proposal for a Cyber Programme of Action aims to address cyber threats and foster collaboration among stakeholders.

It advocates for open, transparent, and inclusive discussions that respect human rights and international law. The POA should prioritize capacity-building and operationalization, responsiveness to real-life events, and the inclusion of diverse views. Co-creation and co-ownership will contribute to its success as a collective effort in combatting cyber threats.

Report

The UN Program of Action aims to create a more inclusive forum for conversations on cybersecurity, involving civil society and the private sector. It recognizes the importance of these actors in shaping the cyber space and the blurred boundaries between conflicts, belligerence, and civil society.

Implementing international law in cyberspace is challenging due to the unique complexities and lack of infrastructure. Progress has been made in recognizing principles and norms, with ongoing efforts to further develop frameworks. A permanent body is needed to ensure the effective implementation of cybersecurity norms, providing continuity and facilitating knowledge sharing and capacity building.

Building peace and security in the cyber space requires not only norms and laws, but also good organizations and infrastructure. A broader approach is necessary to address the evolving cyber threats, going beyond established frameworks.

Report

States have already agreed on a framework for responsible behaviour in cyberspace, but the challenge lies in successfully implementing it. This framework agreement, known as the Plan of Action (POA), has been achieved three times, in 2015 and twice in 2021. However, failure to implement this framework usually stems from a lack of capacity, resources, and a structured approach.

The POA can help address these challenges by bringing in resources and fostering a sustainable and permanent forum.

Open dialogues and dedicated discussions within the POA are crucial in promoting understanding and progress in cyber capacity building and the application of international law in cyberspace.

By having separate streams for different pillars of the framework, such as confidence-building measures (CBMs), international law, and norms, their entanglement can be avoided. Regular conversations among states foster better understanding and learning in these areas. Furthermore, the inclusion of non-state stakeholders in these discussions can provide valuable expertise and perspective.

However, one key issue that needs attention is the lack of interconnectivity among the United Nations’ (UN) cyber processes.

The UN’s cyber processes should be interconnected in order to address this issue effectively. It is important to understand the sensitivities involved in making these connections.

To address this challenge, multi-stakeholders can play an important role in linking the different issues related to cyber processes.

They can help in understanding where these issues connect and where the links and overlaps are. The hope is that the POA can serve as a vehicle to accomplish this.

Notably, Joyce Hakmeh appreciates the push for multi-stakeholderism and inclusion in the initiative.

The emphasis on including various stakeholders and perspectives is seen as a positive aspect of the initiative. Hakmeh also advocates for enhanced collaboration among multi-stakeholders, recognizing its importance in advancing the conversations beyond just having multi-stakeholders in the room.

In conclusion, while states have already agreed on a framework for responsible behavior in cyberspace, the challenge lies in successfully implementing it.

The POA can help address this challenge by bringing in resources and fostering a sustainable and permanent forum. Open dialogues and dedicated discussions within the POA are pivotal in promoting understanding and progress in cyber capacity building and the application of international law in cyberspace.

Multi-stakeholders have an important role to play in linking these issues and enhancing collaboration among different stakeholders. The push for multi-stakeholderism and inclusion in the initiative is applauded, and the hope is that the UN’s cyber processes can be interconnected to address the challenges effectively.

Report

Raman Jit Singh highlights the need for the Program of Action (POA) on cybersecurity to address real-world threats, particularly those targeting civil society and human rights actors. Singh argues that proactive measures must be taken to protect these vulnerable groups.

Singh expresses concern about the increase in harmful cyber operations against humanitarian and civil rights actors, including human rights defenders who face various forms of cyber intimidation. He emphasizes the urgency of addressing these pressing issues in the POA. Singh’s overall sentiment is one of concern.

Another important concern raised by Singh is the proliferation of spyware and the ‘hack-for-hire’ industry, which he believes significantly undermines global cybersecurity.

Singh urges the POA process to explore, challenge, and take action against these dangerous activities. He maintains a critical stance, emphasizing the importance of confronting these threats head-on.

Singh also stresses the need for more detailed discussions on cybersecurity concerns, state collaboration, and joint action.

He asserts that the POA should delve deeper into current threats and specific topics such as cybersecurity vulnerabilities. Singh advocates for tangible cooperative actions between states to effectively address these challenges. His sentiment is assertive, reflecting a strong call for collaboration and action in the cybersecurity domain.

In terms of protection, Singh advocates for actors at immediate risk, particularly Computer Security Incident Response Teams (CSIRTs), who play a critical role in advancing and maintaining cybersecurity.

He highlights the need to discuss and take actionable steps to protect these first responders in cybersecurity. Singh’s sentiment is supportive, emphasizing the significance of safeguarding these key players.

Furthermore, Singh points out the complexity and lack of clarity in combining the counterterrorism debate with the cyber conversation within the United Nations.

He highlights the sensitive nature of discussions around non-state actors in the existing Open-Ended Working Group (OEWG) process. Singh notes the reliance on previous rulings such as the Delhi Declaration and the outcomes of the Counterterrorism Committee and Security Council.

His sentiment is negative towards the current challenges faced in integrating counterterrorism and cyber issues in UN discussions.

Singh also stresses the need to incorporate human rights and their defense in the cyber conversation. He highlights resistance to discussing human rights defenders (HRDs) and the targeting of HRDs within the OEWG.

Additionally, Singh points out the challenging nature of the conversation for humanitarian actors and international humanitarian law. His sentiment is positive towards the inclusion of human rights in the cyber conversation.

Singh supports a comprehensive approach in the cyber conversation, advocating for not only establishing norms but also implementing security measures.

He emphasizes the importance of balancing both aspects to effectively combat cyber threats. Singh’s sentiment is positive, highlighting the need for a holistic strategy.

Despite acknowledging the contentious nature of topics such as HRDs, counterterrorism, and cyber issues, Singh advocates for addressing them in the POA process.

He encourages open discussions and the pursuit of solutions despite initial reluctance. Singh holds a positive sentiment towards addressing these contested topics.

Additionally, Singh expresses concern that the POA process is primarily anchored in UN headquarters locations, limiting international participation.

He believes that wider participation is crucial to ensuring a comprehensive and inclusive approach to cybersecurity. Singh’s sentiment is negative regarding the current lack of international involvement.

Furthermore, Singh encourages governments and actors to have consultations on the POA process in their respective capitals or locations.

This approach will allow for a broader range of perspectives and ensure the inclusion of diverse voices in shaping the POA. His sentiment is positive towards fostering dialogue and engagement.

In conclusion, Raman Jit Singh highlights several key points related to the POA on cybersecurity.

He emphasizes the need to address real-world threats targeting civil society and human rights actors, while also taking action against the proliferation of spyware and the ‘hack-for-hire’ industry. Singh advocates for detailed discussions on cybersecurity concerns, state collaboration, and joint action.

He supports the protection of key actors at immediate risk, the inclusion of human rights in the cyber conversation, and a comprehensive approach that balances norms and security measures. Singh also calls for addressing contested topics and increasing international participation.

Finally, he emphasizes the importance of fostering frankness and ambition in the POA process.