Report on the “Capacity Building and UN Processes” Session

Report | GFCE V-Meeting “Capacity Building and UN Processes” | 5 May 2020

The GFCE V-Meeting session on Capacity Building and UN Processes was organized under the GFCE Task Force on CBMs, Norms Implementation and Cyber Diplomacy (part of Working Group A on Strategy and Policy). The aim of the session was to provide an update on the UN OEWG and GGE processes, and to elaborate on the role of capacity building in implementing the outcomes of such discussions. Additionally, questions were prepared for a moderated discussion that focused on how the GFCE can play a facilitating or supporting role in the implementation of norms and other outcomes. The session was chaired and moderated by Mr. Ian Wallace, Senior Fellow in the Digital Innovation and Democracy Initiative at the German Marshall Fund and Chair of the GFCE Working Group A.

To open the session, Mr. Chris Painter, President of the GFCE Foundation Board, highlighted that global dependence on ICTs and malicious activity in cyberspace from the COVID-19 pandemic has underlined the importance of both the UN OEWG and GGE, as well as the need for capacity building globally. Mr. Nikolas Ott, co-Lead of the GFCE Task Force on CBMs, Norms Implementation and Cyber Diplomacy, then took the floor to introduce the Task Force’s work and emphasized its focus on cyber diplomacy, norms and CBMs specifically as they relate to capacity building.              

After the introductory remarks, an update on the two UN-based cyber negotiation processes was delivered by the Chairs of the OEWG and GGE. Ambassador Jürg Lauber, Chair of the OEWG, shared how the group has had to adapt to changes brought about by COVID-19 and that they received written comments from over 40 member states and other stakeholders on the initial pre-draft report. Amb. Lauber also elaborated on the importance of capacity building as recognized during the OEWG sessions and highlighted the GFCE’s bridge-building function as a multi-stakeholder platform enabling valuable exchanges on information, experiences and lessons learned. Ambassador Guilherme Patriota, Chair of the GGE, then gave an overview of the GGE process and explained the value of their regional consultations in providing a greater understanding of regional approaches and needs or concerns. Amb. Patriota said that the Group is on track to achieve an additional layer of consensus, building upon the acquis (consensus results of the 2010, 2013 and 2015 GGE) and consulting experts to inform additional guidance on the 11 agreed-upon norms and further comments on CBMs.

As the GFCE focuses on supporting the implementation of norms and CBMs, the presentations that followed were delivered by members of the GFCE community, expanding on the role of capacity building in implementation efforts. Ms. Johanna Weaver, Director of Cyber Policy at Australia’s Department of Foreign Affairs and Trade (DFAT), shared lessons learned from Australia’s norms implementation efforts, focusing her examples on norms relevant to critical national infrastructure and highlighting the current context of threats and incidents targeting the healthcare sector. Elaborating on capacity building, she mentioned several areas such as looking at whether a country has incident arrangements, connections with national CERT, a framework to guide decisions on attribution (factual vs. legal and public vs. private), making public statements that you will not allow your territory to be used for wrongful acts, developing own national positions, etc. She also emphasized that norms are only one part of the framework for responsible state behaviour, stressing that international law applies in cyber space and is binding upon all member states. Ms. Weaver also raised the joint proposal submitted to the OEWG to include a survey on national implementation of the GGE recommendations which considers feedback from the multi-stakeholder community that greater accountability and understanding of what countries are doing in this space. Ms. Szilvia Toth, Cyber Security Officer at OSCE and GFCE CBMs, Norms Implementation and Cyber Diplomacy Task Force Co-Lead, then took the floor to share OSCE’s efforts as a frontrunner in implementing CBMs; the 57 participating States have made a commitment to adhere to the 16 OSCE CBMs. The OSCE has observed implementation of the CBMs on 3 levels: national, sub-regional cooperation, and OSCE-wide.

Ms. Toth elaborated further on how the OSCE Secretariat supports the implementation of CBMs on these levels such as mapping exercises to link OSCE CBMs to existing cybersecurity structure on a national level, and organizing workshops on the sub-regional level to foster cooperation by introducing national best practices, discussing challenges and building trust and confidence. She also highlighted that one of the most important OSCE CBMs is the directory of points of contact, as knowing your counterpart and having a personal relationship helps to build trust and confidence.

To lead into the moderated discussion, Ms. Kaja Ciglic, co-Lead of the GFCE CBMs, Norms Implementation and Cyber Diplomacy Task Force, gave an overview of the work and priorities of the Task Force in the last year: recruiting government and non-government stakeholders globally, mapping relevant tools and publications (available on Cybil Portal), identifying and sharing relevant events, developing an introduction to CBMs paper, and matching needs and existing programs that GFCE members have by producing an overview of initiatives leaflet. Ms. Ciglic elaborated that in the next year, the Task Force will also focus some of its efforts on demystifying norms, and she highlighted the importance to get everyone’s ideas and input on the discussion questions to better inform the work of the Task Force.  The discussion questions are:

1. How can the GFCE help to implement the outcomes of the OEWG / GGE? What is the role it can play to have the biggest impact?
2. To implement agreed upon norms/CBMs, capacity building on a global level is necessary. What are the relevant areas or norms that the GFCE community would benefit from GFCE-supported capacity building efforts?
3. What initiatives/projects should the GFCE develop to do this? Are there other stakeholders/foras that the GFCE can engage to do this? 

Responding to the first question, Ms. Carmen Gonsalves, GFCE Co-Chair and Head of International Cyber Policy at the Netherlands MFA, stressed that fostering capacity globally is needed in order to implement and adhere to norms. She said that the recipe for successful capacity building is a cross-sectoral, multidisciplinary, and holistic approach, highlighting the value of the GFCE as a community-driven and multi-stakeholder platform. Ms. Gonsalves suggested that the GFCE can also help play a role in supporting and promoting accountability and can help countries achieve the proper attribution capabilities to stop malicious activity. She also commended the GFCE on playing a role in linking cyber capacity building and the sustainable development goals, underlining that capacity building is a pre-condition for social and economic development and to bridge the digital divide. Lastly, Ms. Gonsalves mentioned the added value of the capacity building principles that the GFCE developed in 2017 with the Delhi Communique as the principles provide a valuable basis to build trust, which is a necessity for successful capacity building.

As the session was running close to the end of the allocated time, Mr. Wallace asked participants to provide their response to the discussion questions in writing to the GFCE Secretariat so that the conversation can be taken forward in the Task Force. Amb. Patriota gave his final remarks that he sees the great potential of the GFCE as a platform for capacity building and emphasized the need to enhance understanding of why the measures agreed through the UN processes are worthwhile to implement and the impact it can have to improve cybersecurity globally. Mr. Painter wrapped up the discussion emphasizing that there’s certainly a big role for the GFCE going forward.

We invite you to please provide your ideas and input to the discussion questions in writing through this online form. Please email the GFCE Secretariat at contact@thegfce.org if you have any questions or if would like to join the Task Force on CBMs, Norms Implementation and Cyber Diplomacy.