Below are excerpts from the paper by Eneken Tikk and Mika Kerttunen “ICTs and International Security: The Third Way”
In December 2018, the United Nations General Assembly adopted Resolution 73/27, proposed by a group of economies led by Russia, to convene an Open-Ended Working Group (OEWG).
This OEWG is open to all United Nation (UN) Member States, to further develop rules, norms and principles of responsible state behaviour in cyberspace; work that has been ongoing in the UN since 2004 in a smaller Group of Governmental Experts (UNGGE).
The first ‘substantive’ session of the OEWG took place in June 2019, to kickstart the proceedings of this new group. In December 2019, there was an ‘intersessional’ meeting where informal consultations occurred, including industry, NGO’s and academia, but only those organizations accredited by the UN.
The second ‘substantive’ session of the OEWG will meet in February 2020 to continue discussions about international security implications associated with ongoing developments in ICT.
OEWG vs UNGGE
The OEWG differs from the UNGGE in several important ways.
First, the GGE has been unwilling and unable to meet the expectations of transparency and inclusiveness, and explicitly focuses on strategic cybersecurity concerns of only a few states — primarily Russia and the USA. This makes the OEWG the only venue with the potential of hearing and accommodating voices from all interested UN Member States.
Notwithstanding the potentially accommodating role the OEWG is expected to undertake, it will still be jealously guarded by the USA and Russia. Their positions are built on the shared goal of preventing an unwanted [nuclear] confrontation between them. Around these two poles gather groups of states anchored in one or the other’s positions. It, therefore, falls upon other governments to seize the full potential of the OEWG by carving out a shared path.
Building on previous work
Over the past two decades, UN Member States have shared hundreds of pages of cybersecurity-related concerns with the Secretary-General. Many of their thoughts have never been addressed in the GGE.
The quest for change is also apparent in the statements and contributions that industry and the civil society have made during the last intersessional meeting of the OEWG.
This Third Way is characterized by calls for:
- Less securitized and more human-centric dialogue
- Shared conviction that the actions of states in cyberspace [as in any other domain] must be guided and governed by international law
- A genuinely open mind to possible gaps in international law and ways to overcome them
- Demands for transparency and inclusiveness of the process
- A sense of shared responsibility, exercise of restraint, and due focus on the benefits of digitalization
- The role of ICTs in sustainable development and peace
Although the OEWG derives from, and must acknowledge, the achievements of the GGE, renewing international cybersecurity talks requires critical assessment of its premises and conclusions. Not all states consider the work of the GGE as cumulative. The very resolution underpinning the OEWG has set the precedent of rewording GGE’s earlier texts.
Building its discussions on the structure and language of the work of previous expert groups risks making the OEWG hostage to the boundaries dictated and accepted by the GGE. Simply inviting additional views on threats, applicable international law, possible non-binding norms for responsible state behaviour, confidence and capacity building could impose on OEWG discussions the many hidden assumptions and faulty logic of the earlier outcomes and no-outcomes of the GGEs, thereby preventing an alternative approach to issues of ICTs and international security.
To effectively tackle issues of international cybersecurity, the OEWG must independently identify and link problems and solutions. This requires asking questions so far not asked or answered.
- What actual concerns does the international community have about state uses of ICTs?
- What causes and enables irresponsible behaviour?
- What role do gaps in national capacity play in the threat picture?
- Which of these issues, if any, constitute a threat to international peace and security?
- Which of these should the OEWG prioritize?
- What experience can economies exchange in overcoming identified and shared concerns?
- Where should cybersecurity rank among other security and stability problems the world is facing?
The OEWG presents the international community with an unprecedented opportunity to conduct a transparent, inclusive and effective international cybersecurity discussion. Basing the work of the OEWG on the premises and logic of the GGEs risks subjecting this new process to the entrenched expert dialogue’s limitations and [no-]outcomes. Free from these limitations, the work of the OEWG has the potential of confirming or counterbalancing the currently established views.
Contributor: Mika Kerttunen
Eneken Tikk and Mika Kerttunen are independent experts who have participated in numerous global, regional and national cybersecurity discussions including advising the Estonian and Finish GGE experts.
The views expressed by the authors of this blog are their own and do not necessarily reflect the views of APNIC. Please note a Code of Conduct applies to this blog.