UNIDIR conference discusses building trust in cyberspace
“Building trust is a long journey. He has ups and downs. It is being deviated by different factors, so a solid foundation on which to base our discussion is crucial to keep moving forward, ”Kathryn Jones, Head of International e-Governance, UK, told the conference. Cyberstability Conference 2021 organized by the United Nations Institute for Disarmament Research (UNIDIR).
The roundtable, moderated by Samuele Dominioni, researcher, UNIDIR, was convened to discuss the importance of Confidence Building Measures (CBMs) in reducing tensions between countries. The panel was composed of Gerardo Isaac Morales Tenorio, Coordinator for Multidimensional Security, Multilateral Affairs, Ministry of Foreign Affairs of Mexico; Yutaka Arima, Cyber Policy Ambassador, Ministry of Foreign Affairs of Japan, and Kaja Ciglic, Senior Director, Digital Diplomacy, Microsoft.
There are more and more States developing ICT (information and communication technologies) as an instrument of war, which means that it is crucial to develop confidence-building measures to reduce the risk of misperceptions and avoid conflicts.
Countries need to clarify the role of ICT agencies, notes Kathryn Jones
Role of regional collaboration: “The United Nations has an important role to play in global confidence-building measures, but we have seen regional organizations actually adopt these confidence-building measures and progress has tended to be faster at the regional level. It is obviously easier to develop trust in an established relationship. Regional forums such as the OSCE have resource pools that reduce the cost for individual states of having to build bilateral CBMs individually, ”Jones said at the meeting.
Leveraging the United Nations: “… Fills a gap by sharing experience and providing a space in which pathways for collaboration and mutual learning can be established. Members of the UN are a diverse group of states and all of them will never take the same approach with everything and we don’t need to, but we have to understand how other states see it and, most importantly, how they could act in cyberspace in order to avoid this misunderstanding and this inadvertent escalation, ”she explained.
Transparency: “OEWG supports transparency at the most basic level and ensuring the adoption by consensus of the last resolution. The annex of the national position papers to the GGE report from 2021 was a tangible example of transparent confidence-building measures in which states have committed to sharing their views for the benefit of stability and predictability in cyberspace, ”Jones said.
Define the scope of ICT agencies: “I would like to underline the call in the GGE 2021 report that states should clarify their positions on the mission and functions of the ICT security agency as well as their national and organizational level ICT strategy and legal regimes. and control under which these agencies operate. because whether we like what the state does or not, if we understand these broader behaviors, we can easily mitigate the risks to international peace and stability, ”she added.
Terminology: “It’s a very difficult point. We have to understand each other and be able to understand where each other is coming from, because we all conceptualize things differently. It’s quite difficult to align different conceptual frameworks into a clear set of terminology that we could all agree on except to negotiate legally binding agreements. Building understanding is our main challenge here, ”Jones said.
Mutual understanding between different governments is important in cyberspace, says Yutaka Arima
Arima revealed that Japan regularly conducts an e-dialogue with various countries to exchange views on e-policies and activities and considers it important to engage in the regional framework.
Regional influence: “Japan has co-chaired cybersecurity meetings with Malaysia and Singapore in the ASEAN Regional Forum. It was a good opportunity to share the respective cyber policies of each country as well as to exchange views on cyber activities at the regional level, ”he said.
Placing hopes in the OEWG: “… Plays an important role as a measure of confidence. Member States can share their cyber policies and views on relevant issues within the OEWG. The OEWG could then possibly have an annex to the annual progress report that compiles the national policies of participating countries or have links on its official website, ”Arima advised.
- Multi-stakeholder approach: “… Had the participation of civil society, academia and business. The multi-stakeholder approach will promote mutual understanding between different actors, such as governments, the private sector and academia, which is also important for the development of cyberspace, ”he added.
- What would Japan like? “A level of understanding of cyberspace among a substantial number of member states that will make it easier for them to understand what other countries are doing and to measure it in concrete terms,” Arima explained.
Common exercises: “We hope that there will be joint exercises as a result of these discussions or cooperation measures resulting from the regular discussions. I hope there will be cooperation activities in which Member States will participate to build trust among themselves in cyberspace, ”he said.
Responsible Behavior Standards Agreement: “This is a very difficult question. We have to agree on standards of responsible state behavior that we sort of have through the UN forums. Trust exists, but how can it be verified? A country will need extremely skilled and capable people to verify whether there is malicious activity coming from a country that claims to comply with all standards or whether it is coming from someone who is not making any claims, ”concluded Arima.
CBMs are a forerunner of political will, says Isaac Morales
Relevance of CBMs: “It is important to reiterate that confidence-building measures are part of the tools and measures to prevent conflicts, of course, promote peaceful settlement of disputes and prevent any escalation of disputes and conflicts. They can also be used to promote peaceful uses and encourage member states to use cyberspace for collaboration, ”said Morales.
- Use CBMs to strengthen cooperation: “Confidence-building measures are about identifying and managing threats and challenges. It is necessary to encourage concrete programs of cooperation and capacity building, ”he explained.
Clear expression: “CBMs are a clear expression of the tools that push states into action. These tools encourage us internationally, nationally, regionally, to practice and take action, ”said Morales.
Using the Organization of American States (OAS): “Confidence-building measures could be seen as a precursor of political will and commitment to the collective endorsement and implementation of voluntary standards of responsible state behavior in cyberspace. For example, a more formal and continuous dialogue on cyberspace has been consolidated by the OAS, increasing the relevance of discussions related to cybersecurity, the applicability of international law and the governance of cyberspace, ”he said. points out.
Importance of stakeholders: “The role of other stakeholders and service providers, the private sector, civil society, academia, is essential not only to encourage Member States to put into practice (CBM) but also to help them with the elements that are needed. more operational linked to CBMs, ”said Morales. .
Develop a universal understanding of CBMs: “Building trust is not universally understood in exactly the same way, but we need to increase trust, then we need more measures and we commit to implementing them. It is important to move forward on the objectives and commitments we have from these (OEWG and GGE) reports and standardization of interactions in cyberspace within the framework. It will be important to avoid any detailed discussion on concrete terms, ”he detailed.
- Gradual process: “We need to work on a gradual process to identify, as clearly as possible, the factors that could undermine mutual trust in any given situation,” Morales concluded.
CBMs are an iterative process, comments Kaja Siglic
Continuous concentration: “It’s important to have regular conversations, including with groups that aren’t necessarily close to you. It is also important that the conversations do not stay at a theoretical level but that they are complemented by exercises that simulate real-life situations where you would need to cooperate with your counterparts from different countries and different sectors ”, Siglic underlined in his answer.
Including non-state perspectives: “The private sector and technical communities specifically have an important role to play in escalation response and prevention. They are often called at the national level, and when something is happening. We need to work together to ensure that there is a cross-sector conversation and a pan-Canadian conversation around the incidents in particular. I would consider confidence-building measures that do not only concern the diplomatic community or the political community, but also the technical community, ”she suggested.
Bank’s clearing-house and analysis center on information sharing: “Businesses can build trust through various information sharing organizations in which businesses exchange information and share threat intelligence with each other, including with governments and others. There are formal structures and then there are informal relationships. For example, the case of Solar winds‘hack after another company alerts us and we issue protections, ”Siglic said.
Appeal to States Acting in Bad Faith: “This space must challenge States which are bad actors when they are not responsible. It should not be: ‘you are a bad person’, but also indicate which particular standard has been broken or which particular law or international agreement, ”she concluded.
Read also :
Do you have something to add ? Post your comment and give someone a MediaNama subscription.