As part of the ICT4Peace delegation to the UN Open-Ended Working Group on Cybersecurity, Dr. Elaine Korzak, along with Dr. Daniel Stauffacher, attended the week-long session in New York from 9 to 13 September 2019. 

Through resolution 73/27, the General Assembly established an Open-Ended Working Group (OEWG), in which all UN Member States are invited to participate. The Group will convene for the first time in 2019 and report back to the General Assembly in 2020. The OEWG process also provides the possibility of holding intersessional consultative meetings with industry, non-governmental organizations and academia.

Dr. Elaine Korzak serves as a Senior Advisor to ICT4Peace and is a Visiting Assistant Professor at the Middlebury Institute of International Studies at Monterey and an Affiliate at the Center for International Security and Cooperation, Stanford University. Her research focuses on the application of international law and norms in cyberspace, international cyber diplomacy, export controls, and cyber capacity-building. Please find below Elaine Korzak’s blog post.

“We’re not starting from scratch” – this was the mantra of the first meeting of the newly created Open-Ended Working Group on information and communication technologies (ICTs) in the context of international security. The first substantive session of the Group was characterized by prepared statements that served to establish a baseline of states’ positions. The somewhat timid beginnings of the Group’s work promise to be overtaken by the negotiations needed to arrive at a consensus report by the summer of 2020 which would need to reconcile a number of controversies that are already becoming apparent.

Origins
The Open-Ended Working Group (OEWG) on ICTs in the context of International security was established by General Assembly Resolution 73/27. Submitted by the Russian Federation, the resolution mandated the creation of a forum open to all interested member states of the United Nations. This was in contrast to a competing resolution sponsored by the United States, and supported by like-minded states, that essentially called for the continuation of the more exclusive GGE process. In the end, the UN General Assembly adopted both resolutions by majority vote at its session in December 2018.

Within the context of UN discussions on cybersecurity, this development had no precedent. Traditionally the Russian Federation had submitted the annual resolution on the topic, which was passed unanimously and without a vote by the membership of the General Assembly. The historic developments of 2018 resulted in two competing resolutions that had to be adopted by majority vote (video of First Committee meeting available here). More importantly, the discussions created two parallel processes for the coming years: The OEWG, which just began its work, is due to deliver its final report by the summer of 2020 whereas the GGE will hold their first session later this year to submit a report to the General Assembly in the summer of 2021.

Mandate
The historic character of the OEWG was widely acknowledged by participants during its first week of discussions that touched on a variety of cybersecurity topics. The debate followed a number of items that were set out in the Group’s mandate. In particular, Resolution 73/27 tasked the Group to:

  • further develop the rules, norms and principles of responsible behaviour of states, if necessary, to introduce changes to them or elaborate additional rules of behaviour;
  • study the possibility of establishing regular institutional dialogue with broad participation under the auspices of the UN;
  • continue to study existing and potential threats in the sphere of information security;
  • continue to study how international law applies to the use of information and communications technologies by States
  • continue to study confidence-building measures; and
  • continue to study capacity-building.

Floor Debate – Commonalities and Controversies
In addition to acknowledging the historic opportunity, as well as responsibility, that the OEWG presents, participating states were quick to stress that the Group does not operate in a vacuum. Previous work in the field, most notably the reports produced by previous GGEs (2010, 2013, and 2015), serves as the basis for the Group’s deliberations.
However, the ambition of the Group’s work also encapsulates its most delicate or tricky tasking: How can it meaningfully add to the findings of previous GGEs? Can it find enough room for consensus that would add value to, rather than rehash, previous conversations? And how does its work relate to, and differentiate itself from, the upcoming parallel process in the GGE?

These questions, in one way or another, permeated the discussions on all the substantive areas of debate, particularly the topic of institutional dialogue and the way forward following the conclusion of the OEWG (and the GGE).

Overall, the floor debate reflected consensus or convergence in several areas. During the discussion of existing and potential threats, delegations highlighted the growing sophistication of cyber threats and the risk of militarization in cyberspace, stressing the need for norms and confidence-building measures. With regard to the application of international law, existing international law and key principles contained in the United Nations Charter were widely recognized.

The norms articulated in the 2015 GGE report were referenced and there was considerable interest in exchanging states´ experiences in their implementation to make the GGE norms more practical. Both confidence-building and capacity-building measures were highlighted as essential international measures in building a stable ICT environment. In the area of confidence-building, experiences and good practices that have evolved on a regional level should be elevated to the global level. Similarly, a range of ongoing capacity-building efforts, including technical, legal and policy support, needed to be aligned internationally.

However, important differences are also becoming apparent. According to the Chair´s summary at the end of the first week, areas of consensus make up roughly 80% whereas areas of controversy constitute 20% of the discussions. These include, among others, differences in opinion on the need to develop the existing body of international law and how urgently to do so; the need to develop new or additional international norms to guide state behavior; and lastly, the appropriate institutional basis or forum to continue international cybersecurity discussions and whether that forum should be permanent. Detailed analyses of these issues will be covered in upcoming posts.

So, What Does it all Mean?

The course of the Open-Ended Working Group in the coming months will in large part be determined by the identified differences and how the Group will be able to reflect and reconcile them. At the very least, the substantive discussions served as a forcing function for states to begin formulating national positions and viewpoints in a number of different cybersecurity areas. The OEWG has been branded as a “more democratic, inclusive, and transparent” discussion forum for international cybersecurity topics. Indeed, thus far, it has opened the debate to a larger group of interested UN member states that have come to the table with prepared national statements during the first week of discussions.

However, as far as involvement of industry, non-governmental organizations and academia is concerned, the very limited access of organizations during the first week has led to a questioning of the willingness to engage with the important developments and initiatives that have taken place in these spaces.

As one of the participating institutions, ICT4Peace delivered a statement in New York, along with a written submission of its views.

Ultimately, the Open-Ended Working Group’s upcoming sessions, as well as a planned consultative meeting with non-governmental actors, will determine its legacy, as well as its relationship with the work of the upcoming GGE. While the first week of meetings was interactive, the awareness of upcoming challenges was palpable.