IGF 2018 WS #366 Proliferation, Cyber Stability and State Responsibility

Room
Salle II
Issue(s)

Organizer 1: Douzet Douzet, University Paris 8
Organizer 2: Stéphane Taillat, Ecoles de St Cyr Coëtquidan
Organizer 3: Alix Desforges, University Paris 8

Speaker 1: Marina Kaljurand, Government, Eastern European Group
Speaker 2: Saran Samir, Civil Society, Asia-Pacific Group
Speaker 3: Kulesza Joanna, Civil Society, Eastern European Group
Speaker 4: Bill Woodcock, Technical Community, Western European and Others Group (WEOG)
Speaker 5: David Sanger, Civil Society, Western European and Others Group (WEOG)

Moderator

Frederick Douzet

Online Moderator

Stephane Taillat

Rapporteur

Alix Desforges

Format

Panel - 90 Min

Interventions

The panel will include speakers from the Global Commission on the Stability of Cyberspace and outside experts from academia and civil society, including major media. Among the commissionners : Marina Kaljurand is a diplomat and the Chair of the Global Commission. She served as Estonia Foreign Minister and participated in UNGGE discussions. Samir Saran is the President of the Observer Research Foundation (ORF), one of Asia’s most influential think tanks, a member of the Global Commission and the chair of CyFy. Bill Woodcock is executive director of Packet Clearing House and has led a working group on defining the Public Core of the Internet within the Global Commission. These three Commissioners have been active in promoting cyber stability and writing the Call to Protect the Public Core of the Internet. Joanna Kulesza is Professor of international law and Internet governance at the University of Lodz, Poland. She specializes in state responsibility and international liability. David Sanger is journalist at the New York Times and is publishing a new book on state offensive actions in cyberspace, “The Perfect Weapon.War Sabotage and Fear in the Cyber Age” (2018). He has excellent insights on states contribution to proliferation and cyber instability. All speakers have been contacted and have confirmed their participation.

Diversity

Speakers in this session will reflect both geographical, gender, stakeholder and disciplinary diversity. They include representatives from government, technical community, media, think-tanks and academia coming from Estonia, India, Poland, the United States and France.

1) Framing The stability of cyberspace is at risk. There are many flaws and vulnerabilities in the technology that underpins the global Internet. But there are also malicious actors and many other actors - none the least states - developing offensive capabilities that create conditions of instability. This puts the benefits of cyberspace and the future of the digital economy in jeopardy. The attack against Dyn in 2016 was a telling moment. So were WannaCry and NotPetya. The rapid and dramatic propagation of the malware emphasized the systemic risk to which our companies and societies are exposed. The NotPetya attack was designed to look like ransomware but it turned out to be a wiper (a malware designed to wipe the hard drive of the computer it infects) designed for sabotage. The uncontrollable propagation of the attack randomly affected a wide range of companies, including telecommunication and hospitals. And it hurt many companies that were not even initially a target. These attacks reveal the cybersecurity dilemma we are caught in when dealing with offensive actions in cyberspace. On the one hand we recognize cyber threats as new security challenge creating a systemic risk. These threats are highly complex and transfrontier. They can spread fast, they can have a massive impact and they are hard to stop. It is therefore in everybody's interest to stop the contagion that could be disastrous. And that pulls us into the direction of greater international cooperation, information sharing, greater international regulation. The basis for such trust-building efforts is shared interests; the ultimate goal is stability. But on the other hand, cyber capabilities are also used as a tool by nations and non state actors to maintain or increase their power and influence. They can be used for intelligence, espionage, deterrence, and warfare. So we also view cyberthreats as a geopolitical threat emanating from rival powers and economic competitors. And that pulls us in the opposite direction: limited cooperation and information sharing, arms race leading to proliferation. More than 30 nations have now acknowledged their development of offensive tools and military organizations to utilize them. This second perception of risks tends to prevail today. It creates distrust between states and limits their ability to reach agreement on international norms of responsible behavior to ensure the security and stability of cyberspace. And this, in turn, increases the systemic risk for the general availability and integrity of the Internet. This is the reason why the Global Commission on the Stability of Cyberspace (GCSC) was established. The Commission comprises 26 prominent Commissioners representing a wide range of geographic regions as well as government, industry, technical and civil society stakeholders. Its mission is to enhance international peace, security, and stability by proposing norms and initiatives to guide responsible state and non-state behavior in cyberspace. In November 2017, in New Delhi, the Global Commission issued a Call to Protect the Public Core of the Internet (https://cyberstability.org/wp-content/uploads/2017/11/call-to-protect-t…). 2) Agenda and policy questions First Step: Assess the risk of cyber instability in the wake of state - and non state - sponsored offensive activities and address the role and responsibility of States in ensuring cyber stability Second Step: Exposing and discussing the Global Commission on the Stability of Cyberspace Call to Protect the Public Core of the Internet Third Step: Exploring further ideas and norms proposals to protect the general availability and integrity of the Internet

The discussion will include 3 steps. Each speaker will present a key research finding to open the discussion between speakers, then speakers will engage with onsite and online audience participants. The moderators will facilitate the discussion and closely manage time.

This panel will assess the impact of cyber arms proliferation on cyber stability and examine the ethical and legal responsibilities of states in ensuring cyber stability. It will point to policy solutions to promote cyber stability and discuss the Call to Protect the Public Core of the Internet recently proposed by the Global Commission on the Stability of Cyberspace (cyberstability.org).

Online Participation

The moderators will actively seek online participation for each of the 3 steps of the discussion, along with participation from the onsite audience. Online and onsite moderators will coordinate to ensure full participation of the audience through comments and questions addressed to the panelists.

Session Time
Session Report (* deadline 26 October) - click on the ? symbol for instructions

IGF 2018 Pre-Session Synthesis & Short Report Template
Pre-Session Synthesis Due: 2 November 2018
Short Report Due: Within 12 hours of when session is held

[sample report here]

- Session Type (Workshop, Open Forum, etc.): Panel – 90min

- Title: Proliferation, Cyber Stability and State Responsibility

- Date & Time: Monday, 12 November, 2018 - 09:00 to 10:30

- Organizer(s): Organizer 1: Frederick Douzet, University Paris 8
Organizer 2: Stéphane Taillat, Ecoles de St Cyr Coëtquidan
Organizer 3: Alix Desforges, University Paris 8

- Chair/Moderator: Frederick Douzet, University Paris 8

- Rapporteur/Notetaker: François Delerue

- List of speakers and their institutional affiliations (Indicate male/female/ transgender male/ transgender female/gender variant/prefer not to answer):
Speaker 1: Chris Painter, Government, Western European and Others Group (WEOG) (male)
Speaker 2: Anriette Esterhuysen, Civil Society, African Regional Group (female)
Speaker 3: Kulesza Joanna, Civil Society, Eastern European Group (female)
Speaker 4: Bill Woodcock, Technical Community, Western European and Others Group (WEOG) (male)
Speaker 5: Bruce McConnell, Civil Society, Western European and Others Group (WEOG) (male)

- Theme (as listed here): Cybersecurity, Trust & Privacy

- Subtheme (as listed here): Cyber diplomacy

- Please state no more than three (3) key messages of the discussion. [150 words or less]
1. First Key Message : Cyber stability is at risk. Assess the risk of cyber instability in the wake of state - and non state - sponsored offensive activities and address the role and responsibility of States in ensuring cyber stability
2. Second Key Message: The Public Core of the Internet ought to be protected in order to ensure cyber stability. Exposing and discussing the Global Commission on the Stability of Cyberspace Call to Protect the Public Core of the Internet
3. Third Key Message: Further action needs to be taken to protect cyber stability. Exploring further ideas and norms proposals to protect the general availability and integrity of the Internet

- Please elaborate on the discussion held, specifically on areas of agreement and divergence. [150 words] Examples: There was broad support for the view that…; Many [or some] indicated that…; Some supported XX, while others noted YY…; No agreement…

The successive panelists presented the work and norms of the Global Commission on the Stability of Cyberspace (GCSC), focusing mainly on the first norm on the protection of the public core and showing how it relates to the further adopted norms.

Part of the discussion dealt with the status of the norms and State practice. It was underlined that there are 6 States that are not abiding by the norms, but the 190 other States have actually no problem with them and it will incentivize the formers to abide. The panel also emphasized the central role of non-state, notably companies and civil society, and the necessity to have an inclusive approach

A debate developed on the two projects of resolution (A/C.1/73/L.37 and A/C.1/73/L.27/Rev.1) adopted by the first committee of the UN General Assembly last week and how the work of the GCSC will articulate with them in the future

- Please describe any policy recommendations or suggestions regarding the way forward/potential next steps. [100 words]

- focusing on users’ security rather than States’ security, when dealing with cybersecurity. This includes, notably, the necessity to integrate the human rights perspective.
- thinking about the articulation of the to-be-created open-ended working group (UN doc. A/C.1/73/L.27/Rev.1) and UNGGE (UN Doc. A/C.1/73/L.37), as well as the role and collaboration of the GCSC in this perspective.
- Working on the enforcement of the norms, notably on the accountability dimension.

- What ideas surfaced in the discussion with respect to how the IGF ecosystem might make progress on this issue? [75 words]

- Please estimate the total number of participants.
Circa 110

- Please estimate the total number of women and gender-variant individuals present.
Circa 50

- To what extent did the session discuss gender issues, and if to any extent, what was the discussion? [100 words]

The discussion did not address gender issues.