On Friday March 12, 2021, after one and half years of proceedings the UN Open Ended Working Group (OEWG) on Information and Telecommunications (ICT) in the context of international security, adopted a report. Given the varied perspectives of the member states engaged in the OEWG it is not surprising that agreement was only achieved on a final report by dividing the text developed over several months into two parts: a consensus section called Final Substantive Report and a Chairman’s Summary. The latter document was described as containing “diverse perspectives”, “new ideas” and “important proposals” (para 80) which preserved them for future reference even though they lacked universal support. As the consensus text, however, is the only part of the final report that states will accept as binding (in a political sense), this will be the focus of the present analysis.
To judge the merits of the report one has to situate it in the context of what has preceded it in the UN’s work on international cyber security policy and what is to follow on in future. Since 1998 the UN General Assembly has had on its agenda an item on “Developments in the field of Information and Telecommunications in the context of International Security”. Since 2003 the UN has created a series of Groups of Governmental Experts (GGEs) to consider this issue and in the years 2010, 2013 and 2015 these groups produced consensus reports on the task of identifying “norms of responsible state behaviour” in cyberspace. The zenith of these efforts came with the 2015 GGE report and its enumeration of eleven voluntary norms for states to observe in their cyber conduct. These norms covered such important elements of restraint as the non-targeting of critical infrastructure on which the public depends, the non-targeting of so- called Computer Emergency Response Teams (CERTS) which act as the “first responders” to cyber incidents and the prohibition on states employing proxies. Significantly, the UN General Assembly in 2015 adopted by consensus a resolution (70/237) which stipulated that states should be guided in their use of ICTs by the agreed norms of the 2015 GGE.
Unfortunately, rising tensions between leading cyber powers resulted in the 2016-17 GGE failing to agree on a report. The next year witnessed a bifurcation of the UN efforts with the establishment of the OEWG (open to all member states) and the authorization of a further GGE (with a restricted membership of 25 representatives).
A primordial question for many was whether the OEWG, despite the deteriorating atmosphere of emerging “great power rivalry” and the growth of “offensive cyber operations”, would be able to build on the 2015 outcome and make real progress. Now that the results are in concerned observers are better placed to render an assessment on this key question. This analysis will be structured along the six themes the report is built around plus considering the fate of two of the most “action-oriented” proposals submitted to the OEWG (namely the National Surveys of Implementation and a Programme of Action) and providing some conclusions on multi- stakeholder involvement and the future course of action.
Please see the full ICT4Peace assessment of the UN OEWG 2021 Final Report here.
************
ICT4Peace Engagement in the UN OEWG:
As an officially accredited NGO to the United Nations, ICT4Peace was an active participant in the UN OEWG process from the start.
The following is a compilation of official submissions by ICT4Peace to the OEWG:
ICT4Peace Submission to the UN Open Ended Working Group (OEWG) on ICT and International Security (4 August 2019)
Critical Infrastructure and Offensive Cyber Operations – A Call to Governments (21 October 2019)
UN OEWG – UN Negotiations on Cybersecurity: First Session of the Open-Ended Working Group at the UN in New York
UN OEWG Intersessional and UN GGE Informal Meetings in New York – ICT4Peace Statements
ICT4Peace proposed “States Cyber Peer Review” Mechanism (1 March 2020)
Statement by ICT4Peace to Second OEWG session, February 10-14, 2020, UN HQ
Letter by ICT4Peace Foundation to Ambassador Lauber, Chair of the OEWG on the pre-draft of the OEWG report (27 March 2020)
Comments by ICT4Peace on the Chair’s Revised Pre-draft Report – OEWG (December 2020)
Comments by ICT4Peace on the “Zero Draft” report of the UN Open Ended Working Group
The following are commentaries on work of the UN OEWG and UN GGE:
UN OEWG & UN GGE – “REGULAR INSTITUTIONAL DIALOGUE” – FROM CONCEPT TO COMMITTEE
An International Response to Offensive Cyber Operations is long overdue
It is more than a question of health – the need to protect critical infrastructure
Disconnects in State Cyber Behaviour: Accountability for Attacks on Critical Infrastructure
UN OEWG: Accountability – The missing ingredient in the comments by states on the Chair’s draft report
UN OEWG and UN GGE – Paul Meyer’s Statement at Australia’s UN CYBER PROCESS PUBLIC CONSULTATIONS
UN OEWG | A New Process for an Old Problem: Governing State Behaviour in Cyberspace
Pro Memoria: The OEWG negotiations often refers to the Norms of responsible State behavior and CBMs agreed in the UN GGE Report 2015 (Report of the Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security) and endorsed by UN General Assembly.
An overview of the ICT4Peace activities since 2011 calling for and supporting the UN GGE and UN OEWG processes you find here.
