Preparing for the next UN GGE: ICT4Peace at Cybersecurity Workshop in Beijing

shutterstock_165303932

Preparing for the next UN GGE: ICT4Peace at Cybersecurity Workshop in Beijing

ICT4Peace’s Daniel Stauffacher was invited by the Ministry of Foreign Affairs of the People’s Republic of China and the United Nations Office for Disarmament Affairs (UNODA), to moderate a panel at an International Workshop on Cyber Security, in Beijing, China, on 11-12 July 2016. The theme of the two-day long workshop was “ Building norms, rules or principles for cyberspace: promoting an open, secure, stable, accessible and peaceful ICT environment”. The workshop included presentations by countries, UN agencies, NGOs and academics on various topics, and presented an opportunity for senior-level officials and experts to exchange views on matters of pressing concern related to the issue of cyber security. Senior Government officials from Australia, Brazil, Canada, Cuba, Egypt, Estonia, Finland, France, Germany, India, Indonesia, Japan, Malaysia, Netherlands, Pakistan, Korea, Russia, Serbia, South Africa, Switzerland, UK, U.S participated in the meeting.

The topic of Daniel Stauffacher’s panel was “ International cooperation” and included senior officials from the Governments of Japan and China and representatives of the ITU, ICANN and UN DESA. Daniel Stauffacher’s introductory statement can be found here.

The UN General Assembly resolution (70/237) on Developments in the Field of Information and Telecommunications in the Context of International Security, called upon Member States to promote further, at multilateral level, the consideration of existing and potential threats in the field of information security, as well as possible strategies to address the threats emerging in this field, consistent with the need to preserve the free flow of information. A new United Nations Group of Governmental
Experts (GGE) is to be established in August 2016 to continue to study, among other things, norms, rules and principles of responsible behaviour of States in the use of ICTs.

The 2015 UN GGE agreed on a substantive consensus report on norms, rules or principles of the responsible behaviour of States in the cyber-sphere as well as confidence building measures, international cooperation and capacity building which could have wider application to all States. It also addresses how International Law applies to the use of information and communications technologies and also makes recommendations for future work. The 2015 UN GGE Report (A/70/174) can be found here.

Its findings include:

  • In their use of ICTs, States must observe, among other principles of
    international law, State sovereignty, the settlement of disputes by peaceful means, and non-intervention in the internal affairs of other States.
  • Existing obligations under international law are applicable to State use of ICTs and States must comply with their obligations to respect and
    protect human rights and fundamental freedoms.
    States must not use proxies to commit internationally wrongful acts using ICTs, and should seek to ensure that their territory is not used by non-State actors to commit such acts.
  • The UN should play a leading role in promoting dialogue on the security of ICTs in their use by States, and in developing common understandings on the application of international law and norms, rules and principles for responsible State behaviour.

The Beijing workshop considered how the international community could build upon recent developments and generate momentum for a successful new GGE 2016-2017, making contribution towards building an open and cooperative cyberspace for all countries in the world.

Further Information on the work of ICT4Peace in the field of Rights and Security in the Cyberspace can be found here.

ICT4Peace cybersecurity activities in June

CyberSecurity

During the month of June ICT4Peace participated in a number of events related to its global project on ICT and international peace and security.

These included UNIDIR’s Annual Cyber Stability Conference where a presentation was made by ICT4Peace Senior Advisor, Dr. Camino Kavanagh on norms and international security, with a specific focus on the work of the Group of Governmental Experts and the UN GA’s First Committee on Disarmament and International Security.

Earlier that same week, Dr. Kavanagh participated in the Geneva International Security Forum, where she was invited to speak on a panel chaired by DCAF entitled Global Cyber Governance.
Sponsored by Zurich’s ETH, Dr. Kavanagh’s presentation focused on the topic of emerging norms in responding to terrorist use of ICT and cyberspace – from content-related issues to potential terrorist attacks against critical infrastructure – with a specific focus on the private sector and public-private partnerships.

On 27-29 June, she and ICT4Peace researcher Adam Hadley, made a similar presentation at a NATO Advanced Research Workshop hosted by the University of Swansea and Dublin City University entitled ‘Terrorist Use of ICT: Assessment and Response’.

More information on the work of ICT4Peace in the field of ICT and Peace and Security can be found here.

ICT4Peace at Lions Club Zurich Metropole on Cybersecurity as an international challenge for States and Companies

Lions

ICT4Peace’s Daniel Stauffacher was invited by the Lions Club Zurich Metropole to give a presentation on 7 June 2016 on the mission of the ICT4Peace Foundation as a policy and action-oriented think tank, to promote cybersecurity and a peaceful cyberspace through international negotiations with governments, companies and non-state actors, and to champion the use of ICTs and media for Crisis management, humanitarian aid and peace building.

In particular he mentioned its work since 2004 on improving crisis information management systems of the United Nations at Headquarters and in the field by using modern ICTs and new media.

The Cyber-war-threat as an international challenge for states and companies was the main point of his presentation. Based on examples of cyber-incidents reported by the media Daniel Stauffacher described the international security challenge for states and the ongoing global, regional and bilateral diplomatic processes. He invited the global business community and civil society to engage in these processes. He also presented the policy research, that ICT4Peace experts are carrying out since 2007 and mentioned the Cybersecurity training courses, that ICT4Peace was co-hosting in cooperation with the Organisation of American States, ASEAN, African Union, GCSP Geneva and OESCE in Vienna.

His presentation can be found here.

ICT4Peace on G7 Principles and Actions on Cyber: “Give Peace a Chance”

manufacturing-and-cyber-security-e1454364704443

The G7 summit meeting hosted by Japan May 26-27 2016 issued a document entitled “G7 Principles and Actions on Cyber”. The text contains strong commitments in the field of human rights, but it also highlights the challenge of achieving international cooperation on cyber security against a backdrop of deteriorating geopolitical relations between leading cyber and military powers. In this crucial realm of international cyber security, which acts as an enabler for much of the socio-economic benefits to be derived from the Internet, the pronouncements from the G7 summit are not all that reassuring.

In the first instance, the goal of a peaceful cyberspace is conspicuous by its absence from the statement. The G7 will promote security and stability in cyberspace, but there is no apparent aspiration to keep cyberspace a realm of peace rather than war. The statement speaks of taking “decisive and robust measures in close cooperation against malicious use of cyberspace both by states and non-state actors”, but these measures are not elaborated on and there is something in the language tone here that suggests they will not be of a diplomatic nature.

The G7 appear to be laying the ground for undertaking military responses to cyber operations they deem hostile by affirming that “cyber activities could amount to the use of force or an armed attack within the meaning of the UN Charter”. It is indeed suffering “an armed attack” that entitles a state under Article 51 of the UN Charter to exercise the right of self-defence, thus the framing of such an eventuality in this fashion is fraught with serious politico-military consequences. How and by whom such a determination as to the severity of a cyber attack is made is left unaddressed in the G7 statement and there is clearly wide scope for unilateral (and potentially dangerous) interpretation and action in this regard.

The G7 offer up the goal of developing a “strategic framework of international cyber stability”. Active cooperation for conflict prevention does not figure in this schema. This framework is to consist of the applicability of international law to state behavior in cyberspace, the promotion of voluntary norms of responsible state behavior during peacetime and the development and implementation of practical cyber confidence building measures (CBM) between states. On the surface these steps seem constructive, but a closer examination reveals some areas of concern.

The 2015 report of the UN Group of Governmental Experts (GGE) on international cyber security that the G7 statement welcomes, recommended some specific CBMs of a restraining nature that would be an important contribution to maintaining a benign operating environment in cyberspace. These recommended measures included a prohibition on targeting via cyber operations critical infrastructure for public use and a similar ban on targeting (or implicating in cyber attacks abroad) the cyber security incident response teams that states have established to help ensure domestic cyber security.

The GGE recommendations did not however carry the caveat “during peacetime” that the G7 statement introduces. Shouldn’t states be trying to establish enduring protection for at least a part of the civilian sector? Has the international community resigned itself to a cyber space that will be purely a “target rich environment” once some state decides to go on the war path, however that is to be understood in the digital era? No one has assigned to the G7 the right to make such decisions on behalf of the wider world. Rather it underlines the necessity for the G7 and others to engage in the hard work of diplomacy to help develop a set of rules for responsible state action that is not skewered in favor of worse case scenarios and holds forth a prospect for international cyber security cooperation. Working towards a goal of cyber peace instead of cyber war would certainly be the first option of the vast majority of the world’s “netizens” if they were given the chance to vote.

In conclusion, it is worth bearing in mind some remarks that one of the G7 participants, US President Barack Obama made during a brief visit to another Japanese city after the summit ended. In his speech at Hiroshima’s Peace Memorial Park, President Obama recalled that the Second World War which ended in such tragedy for the inhabitants of that city “…grew out of the same base instinct for domination or conquest that had caused conflicts among the simplest tribes, an old pattern amplified by new capabilities and without new constraints.” Cyberspace represents potent new capabilities; it is time to develop some constraints to counter the base instincts for domination and preserve the peace.

The full text of the ICT4Peace Foundation commentary is here.

The full text of “G7 Principles and Actions on Cyber” you can find here.

An overview of the ICT4Peace Activities in the field of Rights and Security in the Cyberspace you find here.

Study on countering violent extremism and terrorism online, freedom of expression and the right to privacy

notafraid_0

The ICT4Peace Foundation was invited to participate in a validation meeting around a study, led by UN Office of the High Commissioner on Human Rights (OHCHR) and the Geneva Academy on countering violent extremism and terrorism online, freedom of expression and the right to privacy. The full day meeting was held on 25th May 2016 at the Geneva Academy of International Humanitarian Law and Human Rights, Villa Moynier, Geneva.

Sanjana Hattotuwa represented the Foundation at the meeting. His work in Asia, notably in Sri Lanka and Myanmar, has over many years addressed through rigorous monitoring, research and counter-speech, the rise of violent extremism and religious fundamentalism. The Foundation’s work around P/CVE (Prevention and Countering Violent Extremism) is well documented and involves pioneering initiatives with the United Nations system and the private sector (including companies like Facebook and Microsoft).

The agenda of the meeting, held under the Chatham House Rule, can be accessed here.

The Foundation made several substantive points to the draft report tabled at the meeting around, inter alia, the rule of law, strong encryption and the impact of a democratic deficit towards the freedom of expression. The Foundation also flagged the significant risks of supporting CVE or simplistically engaging in P/CVE initiatives, for example, around the dangerous co-option of local civil society, leading to the worst of outcomes despite the best of intentions. We also made several points about intermediary liabilities and the role of telcos and Internet Service Providers (ISPs) in the arch of surveillance and P/CVE initiatives.

In addition, after the workshop and supporting points made during it, Sanjana emailed the lead authors a comprehensive list of links around news articles, research and updates that had an impact on the substantive content of the report – strengthening key points and flagging new ones that needed to be included.

In February this year, the Foundation was invited to write to the Office of the High Commissioner for Human Rights regarding best practices and lessons learned on how protecting and promoting human rights contribute to preventing and countering violent extremism. A substantive note was submitted and will be incorporated in the production of material around this topic by the OHCHR in the future.

Course on social and new media for crisis management

From 11 to 15 April 2016, the ICT4Peace Foundation conducted an ENTRi certified training programme on a variety of new media tools and platforms used in the collection, presentation, verification, and dissemination of information. 22 participants, from as far afield as Sudan and Iraq, as well as from Europe and Asia, attended the intensive programme, held at SWISSINT in Stans-Oberdorf, Switzerland. As noted in the course description,

This course was designed to introduce its participants to a variety of digital media tools and platforms used in crisis contexts. During the training programme, participants are guided through the various phases of crisis information management, spanning from the collection, validation, analysis, visualization to the dissemination of information. In addition, they have the chance to practice using these tools through interactive activities and group work, while learning also about cyber-security to protect information and sources.

Each day started at 8am and ended at around 5pm, with participants learning from lectures as well as hands on exercises and practical lessons. A movie screening (‘Our Brand is Crisis’) alerted participants to the dangers of misinformation and disinformation campaigns. A simulation around Haiti, involved over 50 different humanitarian, geographic, donor and in-country websites, confronted them with the complexity of information gathering and verification. Hands on exercises around social media verification, designed to be difficult, were undertaken and completed with aplomb – and through it, lessons around techniques, tips and tricks for verification learnt. Participants were introduced to foundational concepts around Open Source Intelligence, Big Data, Social Media and situational awareness.

A highlight of this year’s course was to get the participants to fly a DJI Phantom IV drone – allowing them to understand first hand the complexities of flight control, the capabilities of UAVs today, and take into class some of the concerns around privacy and security. Flying the drone, and seeing it fly, also brought a fresh perspective into discussions around how UAVs are today centre and forward in humanitarian and peacekeeping theatres.

The course ended with a discussion around digital security and cyber-security, with a number of participants noting that this session alone could well be a standalone course, or even extended in future training programmes, given the importance of the topic.

Class feedback was very positive. As per ENTRi requirements, anonymised web-based input was required before and after the training programme.

Screen Shot 2016-04-20 at 11.57.21 AM

Participants also rated the quality of lectures very highly.

Screen Shot 2016-04-20 at 11.57.41 AM

Unsurprisingly, 2016’s class is divided on the length of the training programme, and this is something that has endured from the first class a few years ago. We read the feedback around the need for a longer training programme as an affirmation that this knowledge is increasingly indispensable when working around information management during, leading up to or dealing with the aftereffects of a crises. The Foundation will use this feedback to ascertain how best to offer this training programme again in the future.

Screen Shot 2016-04-20 at 11.57.49 AM

Participants also rated very highly the venue of the workshop and the organisational/admin aspects of it, handled by the ICT4Peace Foundation.

Screen Shot 2016-04-22 at 7.17.21 AM

Screen Shot 2016-04-22 at 7.20.22 AM

 

UN and ICT4Peace engage with private sector on responding to terrorist use of ICT

ICT4Peace is pleased to announce the formal launch of its joint project with the UN Counter Terrorism Executive Directorate (CTED) on tech. sector engagement in responding to terrorist use of ICT.

Through the project, ICT4Peace and UNCTED will work with the tech. sector and civil society to deepen understanding of current industry responses to terrorist use of their products and services, particularly with regard to content and-operational related issues and identify practices and experiences.

The ultimate objective of the project is to establish a forum through which these same practices and experiences can be discussed and shared with a greater number of actors. To reach that objective, over the next twelve months a series of workshops will be held in Europe, Asia, the Americas, Africa and the Middle East with the aim of engaging industry and civil society actors from across regions. Initial progress will be presented to the UN Counter Terrorism Committee in November.

The kick-off meeting took place in Geneva within the margins of the broader Conference on Preventing Violent Extremism (PVE) hosted by the government of Switzerland and the UN in Geneva on 7 and 8 April 2016. Moreover, it enjoyed the active participation of a number of industry representatives including Microsoft, Facebook, Google, Kaspersky Labs, Weibo and ASKfm, as well as representatives from UN CT and UN human rights entities, EU Home Affairs, EUROPOL’s Internet Referral Unit. Other participants included representatives from existing multi-stakeholder initiatives and think-tanks such as the Global Network Initiative, the Global Cyber Security Capacity Centre at Oxford’s Martin School, SECDEV Canada and the Institute for Strategic and International Studies in Malaysia.

Following the kick-off meeting, the project was presented to a number of governments over a working lunch. Members of the project Advisory Group also participated in an additional meeting on public-private collaboration in response to terrorist use of ICT organised by the government of Switzerland, also within the margins of the PVE conference. For further information on the project, contact Daniel Stauffacher <danielstauffacher@ict4peace.org>.

Welcoming HXL Version 1.0: A breakthrough in humanitarian information exchange

IMG_4695

The ICT4Peace Foundation congratulates OCHA on releasing the first version of the Humanitarian Exchange Language (HXL). The Foundation worked closely with CJ Hendrix and Andrej Verity, both visionaries who were able to see how HXL could change the information exchange landscape in humanitarian contexts, and far beyond.

In fact, the ICT4Peace Foundation’s enduring critique of the terminology is that it anchors the technology to the humanitarian domain, when in fact it can also, as easily, be used in peacebuilding and development contexts.

Andrej Verity’s informative blog post has details on the standards, and how it got to Version 1.

The photo above shows CJ Hendrix in deep conversation with Tala Hussein, from UNDP at the UN Crisis Information Management Advisory Group meeting in 2013, held in New York. The report of the meeting clearly highlights just how important the Foundation considered HXL, at a time when the idea and work around the development of the standard had few champions within and outside the UN. Over 2013 and 2014, this included facilitating meetings between the ETH in Zurich and OCHA, to help strengthen the technical development of HXL.

The Foundation’s support of HXL goes as far back as 2012, when it supported the development of what was then a seed idea.

HXL is inextricably entwined with OCHA’s Humanitarian Data Exchange (HDX) framework. ICT4Peace Foundation has championed the concept behind HDX from the time of the Haiti earthquake in 2010, when we recommended the use of APIs to connect both the UN family as well as the V&TC community around disaster response. The Foundation has, as part of the United Nations CiM process, also worked closely with OCHA for years to support the development of HXL, and importantly, raise awareness around possible use cases within and outside the UN. Information featured in HDX will also come from OCHA’s COD/FOD datasets, which the ICT4Peace Foundation helped support and develop.

We hope HXL, in which we have believed and invested in for so many years, delivers on the promise of more efficient and effective information exchange where and when it is needed most.

 

ETH Professor (em.) Kurt R. Spillmann joins ICT4Peace International Advisory Board

The ICT4Peace Foundation is deeply honoured, that former ETH Professor Kurt R. Spillmann has kindly agreed to join its International Advisory Board. Professor Spillmann is a world renowned and eminent scholar and internationally solicited political commentator on world affairs, in particular on peace and security.

Kurt R. Spillmann was Professor of Security Studies and Conflict Research at the ETH Zurich and Professor of Modern History, especially American History, at the University of Zurich.

After studies in Zurich, Rome, New Haven (Yale University). He has worked in different functions at Yale University, at the Woodrow Wilson International Center for Scholars (Washington D.C.), at the School of Advanced International Studies (SAIS) at Johns Hopkins University (Washington D.C.), at the Wissenschaftskolleg zu Berlin and at Harvard University (Department of Psychology).

He has published and edited numerous books and articles in the areas of American History, American Foreign- and Security Policy, Swiss Security Policy, and Conflict Research. He was co-editor of the series Zürcher Beiträge zur Sicherheitspolitik und Konfliktforschung, organizer of the lecture-series Zeitgeschichtliche Hintergründe aktueller Konflikte, editor of the Bulletin zur schweizerischen Sicherheitspolitik and editor of Studies in Contemporary History and Security Policy. He was the founding Director of the ETH Center for Security Studies and Conflict Research (CIS).