UN OEWG on ICT – ICT4Peace Statement at meeting with Stakeholders, December 6, 2022

Statement by Paul Meyer on behalf of ICT4Peace of 6 December 2022 and Submission by ICT4Peace to the Informal, inter-sessional meetings of the OEWG from 5-9 December 2022

Activities, ICT4Peace Support to UN OEWG and UN GGE, including Programme of Action PoA, Norms of Responsible Behaviour and Confidence Building Measures (CBMs) for the Cyberspace

10. December 2022

Statement by ICT4Peace at UN OEWG on ICT meeting with Stakeholders, December 6, 2022

Thank you Chair.

I will speak briefly to the ICT4Peace submission for this meeting which has been posted to the webpage and to which I refer colleagues for further detail. The submission emphasizes that confidence is only built over time. In the context of cyber security and our normative framework, confidence will emerge as a function of compliance by participating states with these norms.

Regrettably, the current situation regarding offensive cyber operations does not inspire confidence as to the implementation of agreed norms. Unrestrained cyber operations are degrading human security, notably through attacks against critical infrastructure in violation of the norm protecting such civilian infrastructure from cyber assault.

In our view, confidence in the conduct of other parties to our normative framework is built when national implementation is regularly demonstrated. Thus, acts of transparency such as completing a National Survey of Implementation or exchanges of information about planned cyber activity or inviting observers to cyber exercises can all contribute to raising levels of confidence. To maximize effectiveness however, transparency should go hand in hand with accountability. States and stakeholders should be able to seek clarification of international cyber activity that seems at variance with the normative framework. A fuller degree of accountability would come about via a peer review mechanism. ICT4Peace has already presented one model of such a mechanism.

Regarding the Points of Contact Directory, several useful papers have already been submitted with practical suggestions for establishing such a directory. On the issue of access to the directory, we would like to see stakeholders as well as states be able to access the directory. We see no national security concern that would warrant not making the basic contact information available to registered stakeholders.

We endorse the suggestions contained in our own and several other papers that the directory should draw upon existing regional directories, that it should complement the technical community’s network operated by FIRST, that states should agree to promptly update their listings and that the whole system be regularly tested. In our view either ODA or UNIDIR could be tasked with management of the directory.

Thank you for your attention.

Paul Meyer

Senior Advisor

ICT4Peace

Pro Memoria kindly see Compilation of ICT4Peace Inputs to the First UN OEWG on International Cybersecurity (2019 – 2021)