At the invitation of the ICT4Peace Foundation, Paul Meyer, Senior Advisor of the Foundation, prepared his analysis of the most recent developments at the United Nations and elsewhere regarding the development and promotion of norms of responsible state behaviour in Cyberspace. He analyses the recent process at the UN (UN GGE, Open-ended Working Group), new instruments such as the Paris Call, Digital Peace Initiative, Digital Geneva Convention, and the recent norms proposal by the The Global Commission on the Stability of Cyberspace.
He concludes that the international community’s effort to develop norms of responsible state behaviour in cyberspace is currently facing a crisis that may also be an opportunity. The crisis is the breakdown of what had been a consensus at the United Nations as to how work on such norms should proceed. The failure of a UN expert group to agree on a report last year and the adoption of parallel and competing processes at this year’s General Assembly has cast a shadow on and much uncertainty as to the future direction of inter-governmental discussions.
This situation has however also presented an opportunity for other cyber security stakeholders in the private sector and civil society to highlight their own proposals for norms to govern state conduct. While there may be a risk of norms proliferation down the road, the near-term challenge will be for these stakeholders to find a way to engage states in a process to adopt and implement such norms of responsible state behaviour which they alone can realize.
*****
Not so long ago an analyst of international cyber security policy could write an article entitled “The End of Cyber Norms” suggesting that the failure in June 2017 of a UN expert group to come to agreement meant that “a nearly seven-year process to write the rules that should guide state activity in cyberspace came to a halt”. It was perhaps a bit premature to signal the demise of the pursuit of cyber security norms for responsible state behaviour in cyberspace, as the failure of one international process seems to have prompted both an expansion in such processes and the increased role in them of non-governmental entities. We are now facing something of a proliferation of recommended sets of norms which may make it more difficult to gain support from states for implementing any of them. To appreciate what this recent spurt of activity on cyber security norms portend for the future, we must first briefly consider the inter-governmental process that preceded it and for which in part it is a response to.
The full text of Paul Meyer’s article can be found here.