ICT vulnerabilities: Who is responsible for minimising risks?

Thursday, 12th October, 2023 (00:45 UTC) - Thursday, 12th October, 2023 (01:45 UTC)
WS 5 – Room B-2

Vulnerabilities in digital products are still a by-default component of cyberattacks, especially high-impact ones, and thus continue to pose significant risks to cyber stability. Who is responsible for vulnerabilities in digital products and for supply chain security? Who is primarily expected to take action – companies, regulators, the open source community, researchers, users? Can implementing existing cyber norms (e.g. UN GGE and OEWG) help minimise the risks stemming from such vulnerabilities, and how? Which best and failed practices in this regard can be identified and studied?

The Geneva Dialogue on Responsible Behaviour in Cyberspace is an international process established in 2018 to map the roles and responsibilities of actors – private sector, civil society, academia, and the technical community – in implementing specific international norms and principles, starting from the cyber-norms agreed by the UN GGE and OEWG and thus in contributing to greater security and stability in cyberspace. As a process led by the Swiss Federal Department of Foreign Affairs (FDFA) and implemented by DiploFoundation, in partnership with the Center for Digital Trust (C4DT) and UBS, the Geneva Dialogue aims to develop a Geneva Manual, a comprehensive guide for relevant stakeholders on cyber norms implementation. Thus, the Geneva Dialogue facilitates an inclusive global exchange on the roles and responsibilities of non-state actors concerning cyber norms and cyber stability, as well as to assist them in contributing to the implementation of such norms by providing specific guidelines in the form of the proposed Geneva Manual.

The session will discuss open issues identified through several months of expert consultations to map existing challenges by reducing vulnerabilities in digital products and possible steps for implementing voluntary cyber norms, as well as possible roles and responsibilities to enhance cyber stability. Findings from the multistakeholder session will feed directly into the drafting process of the Geneva Manual.

Expected outcome

The session is expected to clarify the roles and responsibilities of different stakeholders in implementing the cyber norms related to reducing vulnerabilities and supply chain security, thus contributing to cyber stability. The session will provide a platform to discuss the challenges these stakeholders face, particularly in reducing vulnerabilities in digital products and securing supply chains. It will identify good practices, and will provide input for the Geneva Manual drafting process.