Amb. Paul Meyer, Senior Advisor of ICT4Peace on 29 April 2020 gave a statement at Australia’s Department of Foreign Affairs and Trade public UN Cyber Consultation Meeting (see the Agenda of the Meeting here).
ICT4Peace has been actively involved in and supporting the two UN processes on Cybersecurity: UN OEWG:The UN Open Ended Working Group in Developments in the field of ICTs in the context of international Securit, and the UN GGE: Group of Governmental Experts on Advancing responsible State behaviour in cyberspace in the context of international security.
In particular, ICT4Peace submitted two proposal to these Government negotiations:
Critical Infrastructure and Offensive Cyber Operations: An ICT4Peace Call to Governments
ICT4Peace Proposed “States Cyber Peer Review Mechanism” for state-conducted foreign cyber operations
“Thank you Johanna Weaver for this opportunity to speak on behalf of ICT4Peace to our earlier submissions which have been posted to your consultation website. I will pick up on six points:
- We need to keep the stress on securing a “peaceful ICT environment” which is the express goal of the GGE process as well as Australia’s own cyber foreign policy. Cyberspace needn’t be turned into a battleground and the international community should push to retain cyberspace for peaceful purposes.
- States should be proactive in demonstrating their commitment to the existing norms. We see a special status for the norm of non-targeting critical infrastructure – a prohibition that must be respected at all times.
- Attribution and Accountability go together – we can’t achieve the latter without the former. On the basis of their comments to the OEWG, states seem to be neglecting these concepts. It is understandable that sovereign states wish to retain attribution as a national prerogative, but given the inherent possibility of bias, a purely national approach lacks credibility. We need to devise an independent mechanism to generate evidence-based attribution findings. There is great scope in utilizing private sector capabilities in this regard.ICT4Peace and the Cyber Peace Institute have submitted papers to the OEWG sketching out possible approaches.
- While one assumes that states will respect in practice the norms which they have agreed to, this is not always the case. There needs to be a process to hold states to account for their conduct. We commend the Australian-Mexican joint proposal for a survey of national implementation. If widely completed this will certainly strengthen transparency. It is however a necessary, but insufficient step. Self-reporting by states on their own actions has to be supplemented by inputs from other stakeholders and some form of peer review that allows for states to be questioned on their record. ICT4Peace has submitted to the OEWG a proposal for such a peer review mechanism, one that was inspired by the Universal Periodic Review mechanism employed by the Human Rights Council.
- It is now some 22 years since the UN first addressed the subject of ICT developments in the context of international security. It is time for the UN to put in place some form of enduring inter-governmental forum for considering these issues. The UN’s cyber focus should be consolidating rather than fragmenting as it has with both the OEWG and GGE processes. These are dissipating the UN’s energy and resources. Simply kicking the can down the road by renewing existing mandates of these groups is an inadequate response. It is not out of flattering our hosts that I suggest that Australia would be well placed to host a future UN organization devoted to cyber – to my knowledge you have no other UN entity headquartered in your country.
- To conclude, we need to recognize the urgency of taking more purposeful action to ensure responsible state behaviour in cyberspace. We are witnessing a disturbing rise in malicious cyber activity – including attacks against the medical sector. Unless we move quickly to reinforce key norms such as the protection of critical infrastructure, we and the OEWG risks being marginalized. Thank you again for this opportunity to speak at your consultation.
Thank you very much.”