Ms. Anne-Marie Buzatu Vice-President and COO, ICT4Peace Foundation, has been invited to address the Plenary Session of the Russian National Association for International Information Security on the topic: “Cooperation in the field of prevention of military conflict and the peaceful settlement of disputes in the ICT environment” on 27 September 2021 in Moscow.
Her statement can be found here.
Anne-Marie reiterated ICT4Peace’s Call to Governments to pro-actively and publicly confirm their commitment to respect the UN GGE norm of non-targeting of critical infrastructure.
To install some form of accountability for states’ foreign cyber operations he recalled the ICT4Peace proposal of a states led “Cyber Peer Review Mechanism” with business and civil society input.
He welcomed that several states participating in the UN Open Ended Working Group (UN OEWG) have proposed a “Programme of Action” (PoA) on cyber security. The negotiation of such a PoA should begin sooner rather than later. The ICT4Peace peer review mechanism proposal alongside other elements reinforcing or supplementing the original set of norms could be introduced into this process.
Further refinements of confidence-building measures (CBMs) to impart transparency and predictability could also figure in an eventual PoA. Confidence-building measures have long contributed to the reduction of mistrust amongst states in an adversarial relationship. See Paper by ICT4Peace. The UN GGE process has already yielded a number of CBMs and regional organizations such as the OSCE, the OAS and ASEAN have also generated several cyber security CBMs.
Tangible support for cyber security capacity building would also merit inclusion in any eventual PoA. In this regard, ICT4Peace has advocated for the OECD Development Assistance Committee (DAC) to make expenditure on capacity building eligible for Official Development Aid (ODA) credit.
Accountability and Attribution of cyber-attacks go together – the former cannot be achieved without the latter. It is understandable that sovereign states wish to retain attribution as a national prerogative, but given inherent bias, a purely national approach will lack credibility. We need to devise an independent mechanism to generate evidence-based attribution findings. ICT4Peace has made a proposal in this regard.
Anne-Marie Buzatu concluded her Statement with the following words:
“When we look upon the contemporary cyber landscape, deformed as it is by ever increasing cyber enabled abuses of human security and violations of agreed norms, it is clear that global society has many problems to contend with. At the same time, there is an expanding group of actors in and outside of governments that are developing creative solutions for these problems. If we are to reclaim cyberspace for peace and sustainable development we will require a concerted effort by all stakeholders.”