Statement by ICT4Peace at UN OEWG on ICT meeting with Stakeholders, December 6, 2022
Thank you Chair.
I will speak briefly to the ICT4Peace submission for this meeting which has been posted to the webpage and to which I refer colleagues for further detail. The submission emphasizes that confidence is only built over time. In the context of cyber security and our normative framework, confidence will emerge as a function of compliance by participating states with these norms.
Regrettably, the current situation regarding offensive cyber operations does not inspire confidence as to the implementation of agreed norms. Unrestrained cyber operations are degrading human security, notably through attacks against critical infrastructure in violation of the norm protecting such civilian infrastructure from cyber assault.
In our view, confidence in the conduct of other parties to our normative framework is built when national implementation is regularly demonstrated. Thus, acts of transparency such as completing a National Survey of Implementation or exchanges of information about planned cyber activity or inviting observers to cyber exercises can all contribute to raising levels of confidence. To maximize effectiveness however, transparency should go hand in hand with accountability. States and stakeholders should be able to seek clarification of international cyber activity that seems at variance with the normative framework. A fuller degree of accountability would come about via a peer review mechanism. ICT4Peace has already presented one model of such a mechanism.
Regarding the Points of Contact Directory, several useful papers have already been submitted with practical suggestions for establishing such a directory. On the issue of access to the directory, we would like to see stakeholders as well as states be able to access the directory. We see no national security concern that would warrant not making the basic contact information available to registered stakeholders.
We endorse the suggestions contained in our own and several other papers that the directory should draw upon existing regional directories, that it should complement the technical community’s network operated by FIRST, that states should agree to promptly update their listings and that the whole system be regularly tested. In our view either ODA or UNIDIR could be tasked with management of the directory.
Thank you for your attention.
Paul Meyer
Senior Advisor
ICT4Peace
Pro Memoria kindly see Compilation of ICT4Peace Inputs to the First UN OEWG on International Cybersecurity (2019 – 2021)