ICT4Peace’s Daniel Stauffacher has been invited to address the Plenary Session of the Russian National Association for International Information Security on the topic: «Partnership of State, Business and Civil Society by ensuring International Information Security» on 7 December 2020 in St. Petersburg.
His statement can be found here.
Daniel Stauffacher reiterated ICT4Peace’s Call to Governments to pro-actively and publicly confirm their commitment to respect the UN GGE norm of non-targeting of critical infrastructure.
To install some form of accountability for states’ foreign cyber operations he recalled the ICT4Peace proposal of a states led “Cyber Peer Review Mechanism” with business and civil society input.
He welcomed that several states participating in the UN Open Ended Working Group (UN OEWG) have proposed a “Programme of Action” (PoA) on cyber security. The negotiation of such a PoA should begin sooner rather than later. The ICT4Peace peer review mechanism proposal alongside other elements reinforcing or supplementing the original set of norms could be introduced into this process.
Further refinements of confidence-building measures (CBMs) to impart transparency and predictability could also figure in an eventual PoA. Confidence-building measures have long contributed to the reduction of mistrust amongst states in an adversarial relationship. See Paper by ICT4Peace. The UN GGE process has already yielded a number of CBMs and regional organizations such as the OSCE, the OAS and ASEAN have also generated several cyber security CBMs.
Tangible support for cyber security capacity building would also merit inclusion in any eventual PoA. In this regard, ICT4Peace has advocated for the OECD Development Assistance Committee (DAC) to make expenditure on capacity building eligible for Official Development Aid (ODA) credit.
Accountability and Attribution of cyber-attacks go together – the former cannot be achieved without the latter. It is understandable that sovereign states wish to retain attribution as a national prerogative, but given inherent bias, a purely national approach will lack credibility. We need to devise an independent mechanism to generate evidence-based attribution findings. ICT4Peace has made a proposal in this regard.
Daniel Stauffacher concluded: “When we look upon the contemporary cyber landscape, deformed as it is by ever increasing cyber enabled abuses of human security and violations of agreed norms, it is clear that global society has more than enough “current problems” to contend with. At the same time, there is an expanding group of actors in and outside of governments that are developing creative solutions for these problems. If we are to reclaim cyberspace for peace and sustainable development we will require a concerted effort by all stakeholders.”