By Abagail Lawson, Anneleen Roggeman, Michael Depp and Bruce McConnell at the Cyberspace Cooperation Initiative, Observer Research Foundation, America

Executive Summary
The Cyberspace Cooperation Initiative at ORF America provided comments on the draft report of the U.N. Open-ended working group on developments in the field of information and telecommunications in the context of international security (OEWG). These comments integrate insights gathered from virtual Global Cyber Policy Dialogues in Southeast Asia and Southern Africa, and are intended to bring perspectives from countries in those regions to the global platform at OEWG. The ORF America perspective was originally published on the OEWG website, the full text is available below.

Cyberspace Cooperation Initiative

Comments from the Cyberspace Cooperation Initiative at the Observer Research Foundation America on the Zero Draft Report of the U.N. Open-ended Working Group on developments in the field of information and telecommunications in the context of international security

March 3, 2021

The Cyberspace Cooperation Initiative at Observer Research Foundation America (ORF America) commends the chair of the Open-ended Working Group on developments in the field of information and telecommunications in the context of international security (OEWG), for putting together this draft report, and for inviting comments from civil society. As the OEWG has demonstrated through its actions, while governments have unique responsibilities with regard to issues of national security, the unique features of the cyber domain mean that the private sector, technical community, civil society, and individuals play critical roles in the protection and stability of cyberspace, and as such, any meaningful process to deal with the threats to the security and stability of the digital space must allow for multi-stakeholder participation.

That ethos is reflected in this set of comments, which bring observations collected at multi- stakeholder meetings hosted in the Global South. We believe those voices are critical to the ultimate success of the OEWG’s work.

These observations reflect a year of activities by the Cyberspace Cooperation Initiative at ORF America (previously housed at the EastWest Institute). The initiative has conducted two multi-stakeholder policy dialogues on a regional basis—in Southeast Asia and Southern Africa. These dialogues are designed to build trust and capacity in order to amplify voices from developing countries and emerging economies in international discussions on ICTs. As Member States prepare for the final substantial session of this OEWG and continue to negotiate the report, we would like to highlight four themes discussed in our regional dialogues that have relevance to the OEWG’s report and future work.

There is a pressing need to improve trust among countries in the ICT environment. The lack of trust, suspicion, and potential for miscalculations with grave consequences were raised by participants from government, civil society, and the private sector alike. In this context of tension and mistrust, the UN offers opportunities for international collaboration to solve some of the problems and threats associated with cyberspace—some participants characterized the UN as a “center of gravity” for building global consensus around these issues. The expectations are high for processes like the OEWG. As the first OEWG to deal with the set of challenges associated with ICTs in the context of peace and security, we strongly encourage Member States to find agreement on a report that contains concrete recommendations, and identifies areas of agreement and disagreement, so as to help chart a path forward at the international level and in regional and local efforts involving all stakeholders.

Many of the participants in our dialogues cited the international and regional processes as ways to build trust, promote cooperation and confidence—echoing the statements of Member States and the language in the Zero Draft that the OEWG itself is a confidence-building measure (CBM), as it stimulates exchange of views and the development and implementation of a framework for responsible state behavior in cyberspace. We support the inclusion in the Zero Draft Report of the specific suggestions identified throughout the OEWG deliberations for Member States to undertake as confidence-building measures. The inclusion of these voluntary suggestions can help guide and coordinate efforts in the immediate term, while also leaving more difficult elements open for further deliberation.

A rules-based international order can help address threats from malicious actors and ICT vulnerabilities. A rules-based international order is widely seen as a way for States to mitigate threats from malicious ICT use, and this was stressed by participants from all sectors in our regional dialogues. It is thus imperative that the UN OEWG and GGE processes produce actionable outputs that advance the development of a common framework for responsible state behavior in cyberspace. In this context we support the recommendations contained in the section of the Zero Draft Report on Rules, Norms and Principles for Responsible State Behavior. We hope that our regional meetings can help further cooperation and exchange of best practices on norm implementation, in the spirit of paragraphs 53 and 56 on supporting regional efforts and other multi-stakeholder partnerships to ensure sustainable capacity building efforts to further norm implementation. In addition to allowing discussion among countries in the two regions, the dialogues we convened in 2020 allowed for cross-regional exchange between countries in Southeast Asia and Southern Africa in order to share good practices and new ideas. We received enthusiastic support from participants for the opportunity to share insights between the two regions, and are pleased to see this idea reflected in paragraph 77 of the report. We encourage regional organizations and other forums to enable such exchange. We would also support the inclusion of the non-paper with concrete guidance on norm implementation and additional proposed norms as an annex or in the final OEWG report itself.

Sustainable development is inextricably linked to peace and security in the ICT context. It is crucial to acknowledge the links between development and ICT security, and to pursue future discussions and actions in ways that are mindful of these linkages. In this regard, we welcome the acknowledgement in the report’s Introduction of the impact that ICTs have on all pillars of the UN’s work, including sustainable development and human rights. We believe that providing such contextualization of the conversations around ICTs and peace and security is crucial to ensure that the OEWG’s work is seen as relevant and reflects an awareness of the ongoing efforts elsewhere in the UN system and more broadly. We also welcome inclusion of language tying cyber capacity building to achievement of the 2030 Sustainable Development Agenda, and would encourage States to make this linkage clearer in the articulation of the principles to guide capacity building.

Capacity building efforts need to be better coordinated, more inclusive, and demand-driven. The principles for capacity building articulated in the report are an important contribution to this space, as many States and non-state stakeholders are looking to capacity building initiatives as a starting place for building relationships and trust. We support the articulation of the three principles to guide capacity building efforts in paragraph 86 of the Zero Draft Report. In particular the inclusion of language in the“People Principle” which states that capacity building efforts should be “inclusive and universal” reflects what we have heard from regional stakeholders that capacity building is needed at all levels. Efforts that engage at the grassroots level, bring in marginalized populations and partner with local civil society will help ensure that initiatives are sustainable and actually aligned with local needs and priorities.

Organizations like the Global Forum on Cyber Expertise (GFCE) can be important to bring together needs, resources, and expertise globally to build capacity, and can help address some of the obstacles to effective capacity building that Member States identified throughout their discussions (and that we have heard from regional stakeholders as well), such as insufficient coordination of initiatives, and matching potential partners based on needs and available resources. We also welcome the multiple references throughout the report encouraging public-private partnership and cooperation to address ICT threats and build capacity. The private sector is a resource for innovation, and can help accelerate gains in capacity.

We would also encourage Member States to be mindful of the link between capacity and regular institutional dialogue. It is important that UN processes on ICTs in the context of peace and security be based on an inclusive approach, and duplicative processes and proliferation of different forums create barriers to meaningful participation by all Member States as well as non-state stakeholders. In this context we would support thorough consideration of proposals such as the “Programme of Action” that can help streamline the discussions and develop a concrete agenda for moving forward.