Rapporteur: Allison Pytlak
Since the first instances of malicious cyber operations between states, there has been a growing acceptance of cyber space as a militarized domain. This is a dangerous path to continue down, given the civilian and dual-use nature of cyberspace and digital networks. Such militarization is evidenced in the increasingly formalized role of digital operations in military doctrine and strategy, as well as in the language used to depict activity in this arena, such as through terminologies like “cyber weapon,” “cyber war,” or “cyber bomb”. By treating this primarily as a military and security issue, states and other actors risk institutionalizing and taking for granted the broad idea of cyber conflict. In the on-going discussions at the United Nations (UN), and elsewhere, about norms of responsible behaviour in cyberspace, it’s essential that such norms are viewed as obligatory commitments and that space is also given to articulating a vision of cyber peace.
A) Existing multilateral fora
UN Groups of Governmental Experts
The United Nations has been considering “developments in the field of information and telecommunications in the context of international security” since 1998. The centre of discussion has largely been within Groups of Governmental Experts (GGEs) on information and communications technologies (ICTs) established by the UN General Assembly (UNGA) as of 2004. GGEs are entities created within the UN system to enable thematic and expert discussion and exploration of a given topic, sometimes as a precursor to a political process. Their rules of participation and access will vary depending on the fora in which a GGE is created.
Russia introduced the first draft resolution on the subject of in the context of international security in 1998 at the UNGA First Committee.1) It had four operative paragraphs, including a call to member states to inform the United Nations Secretary-General (UNSG) of their views and assessments on four key questions relating to information security. These formed the basis of the annual reports that UN Secretary-Generals have published since 1999.
The 2002 resolution called for the establishment of the first GGE on ICTs, prompted in part by reluctance from some countries to fully engage in this subject in First Committee.2) Five GGEs have since been convened, each meeting either in Geneva or New York four times over a two-year cycle.3) Their sizes have ranged from 15-25 states.4)
Each Group sought to agree by consensus a report of its proceedings, that may include conclusions and recommendations, and which are returned to the wider UN membership for adoption. This has had varying levels of success as since their inception, the GGEs have suffered from an inherent sense of mistrust among their memberships and divergent views on definitions and basic approaches to information security.
Over time, the outputs of the GGE have generally improved and expanded, in line with their mandates and progress in discussions.
The report of the 2012-2013 Group was welcomed for its breakthrough statement that international law is applicable to cyberspace, although it was simultaneously tempered by a reaffirmation of state sovereignty in the conduct of ICT-related activities, and protection of infrastructure.5)
The 2015 report was lauded for setting out eleven recommendations for voluntary and non-binding norms, rules, or principles for state behaviour, confidence-building measures, international cooperation and capacity building, and positive recommendations.6)
Progress broke down in the 2016-2017 Group, reportedly over the issue of the applicability of international law, including international humanitarian law (IHL) and international human rights law (IHRL).
In 2017, it was not possible for states to agree to establishing a new GGE. Instead, debate at the UNGA First Committee explored other possible entities and forums that could better take forward the subject, as well as providing views on the validity of past outputs from the Groups.
In 2018, Russia—traditional sponsor of the UNGA First Committee resolution on ICTs— introduced new and controversial elements into the annual resolution. The first draft included various points from the Shanghai Cooperation Organization’s International Code of Conduct on Information Security as among a list of norms for discussion in a new GGE. The Code is seen by other states as a way to undermine human rights protections to online activity and so was immediately problematic for many countries. The Russian Federation recanted and redrafted its resolution without that language but with variously selected references from former GGE reports, and a new proposal to create an open-ended working group (OEWG), in place of a GGE, using the argument that such a forum would be more conducive for democratic participation and inclusivity.7) The United States, frustrated with Russian actions, tabled for the first time its own competing resolution, written in the style of traditional First Committee ICT resolutions and calling for a new GGE but with a limited possibility of input from non-GGE members, through regional consultations. The United States and its allies heavily criticized the Russian proposal, arguing that it mischaracterized and cherry-picked language from previous GGE reports without consistency or logic, and accused Russia of being divisive.
In connection with wider politicization that complicated multiple disarmament topics at the UNGA First Committee in 2018, it was not possible for a compromise to be reached and the end result is that there will be both a GGE and an OEWG meeting throughout 2019 and 2020.8)
The two entities have similar, yet not identical, mandates and varying modalities to receive inputs from either non-governmental stakeholders or, in the case of the GGE, non-Group members. For example, the GGE is likely to have a series of regional consultations throughout 2019 and 2020, and the OEWG will have a session in December for input from non-governmental actors. The chairpersonship of either entity and the composition of the GGE have not been made publicly available as of late May 2019.
UN Secretary-General reports and Agenda
The UN Secretary-General has issued multiple annual reports on the subject of ICTs since 1998. These consist of a compilation of national reports submitted voluntarily by member states.
The current UNSG António Guterres has made the promotion of a peaceful ICT-environment a key priority. In his Agenda for Disarmament, launched in May 2018, Guterres has included two action points on cyber security as part of the Agenda’s implementation plan. The UNSG notes in his report that “global interconnectivity means that the frequency and impact of cyberattacks could be increasingly widespread, affecting an exponential number of systems or networks at the same time.” He further states that “in this context, malicious acts in cyberspace are contributing to diminishing trust among States.”