8. March 2021

The call for a regular institutional dialogue to continue consideration, under UN auspices, of the subject of information and tele-communication technologies (ICTs) in the context of international security has been a refrain in all three reports adopted by the UN’s Groups of Governmental Experts (GGEs) on responsible state behaviour in cyberspace.

That said, this common recommendation of successive GGEs
has not progressed much beyond a slogan in the work of the Open-ended Working Group (OEWG) on ICTs. There has been surprisingly little input from states as to the specific form this dialogue should take and how in particular it should be “institutionalised”.

The zero-draft of the final report before the OEWG at its final March session does not provide much in the way of actionable guidance on how this “regular institutional dialogue” is to be manifested in future. The draft report suggests in paragraph 109 that it should be “inclusive, transparent, consensus driven and results based” – all desirable qualities, but ones divorced from any specific institutional form.

After five years of GGE consensus reports and over two years of OEWG discussions, it is time for the UN to establish an on-going inter-governmental body to work on international cyber security issues.

At a time when the magnitude of malicious cyber activity, including state sponsored offensive cyber operations is increasing exponentially, with concomitant damage to the interests of “netizens” everywhere, it is imperative that the “institutional deficit” in the UN’s work on cyber security issues is remedied. Certainly, non-governmental stakeholders have voiced this concern during
the OEWG proceedings, and it was a noticeable theme in the dedicated informal consultations with stakeholders that were held on the topic in December 2020.

The tabling of a proposal for a Program of Action in the OEWG by a group of 47 states has finally contributed a substantial answer to the question of what form should the institutional home for future UN work take. The proposal envisages the establishment of a permanent forum open to all member states that would provide for biennial meetings and periodic review conferences as well as working level thematic sessions. It would be allotted secretarial support via the UN Office for Disarmament Affairs (ODA) and/or the UN Institute for Disarmament Research (UNIDIR). The proposal suggests that by creating this permanent forum the UN could consolidate the twin processes of the OEWG and the GGE into a single venue and focus for the UN’s cyber security work.

The Programme of Action proposal is a welcome initiative in imparting institutional content to the more nebulous ideas of a regular dialogue,
but it too could be rendered more precise in its prescription.

In submissions to the OEWG by ICT4Peace it has been suggested that the time has come for the UN to embrace the reality of major on-going work on international cyber security policy by creating a “Cyber Security Committee” of the UN General Assembly (along the lines of the Committee on the Peaceful Uses of Outer Space).

It would also be appropriate to provide such a committee with a dedicated secretariat in the form of an “Office of Cyber Affairs”. One could argue that the cyberspace realm is of equal or even greater importance than outer space for global security and prosperity and will continue to be of major significance for advancing UN goals for the foreseeable future.

Whatever emerges as the final report of the OEWG, one can only hope that it will go beyond the reiteration of the need for a “regular institutional dialogue” and actually provide an institutional blueprint to make this happen.

This article has been published in CYBER PEACE & SECURITY MONITOR VOL.01 NO.8