ICT vulnerabilities: Who is responsible to minimise risks?

WS 5 – Room B-2


Vulnerabilities in digital products remain an almost indispensable component of cyberattacks, especially high-impact ones, and thus continue to pose risks to cyberstability. Who is responsible for vulnerabilities in digital products and for supply chain security? Who is primarily expected to take action - companies, regulators, open source community, researchers, users? Can the implementation of the existing cyber norms (e.g. UN GGE and OEWG) help minimise the risks stemming from such vulnerabilities, and how? Which best and failed practices in this regard can be named?

The Geneva Dialogue on Responsible Behaviour in Cyberspace (GD) is an international process established in 2018 to map the roles and responsibilities of actors – private sector, civil society, academia, and the technical community – in implementing specific international norms and principles, starting from the cyber-norms agreed by the UN GGE and OEWG and thus in contributing to greater security and stability in cyberspace. As a process led by the Swiss Federal Department of Foreign Affairs (FDFA) and implemented by DiploFoundation, in partnership with the Center for Digital Trust (C4DT) and UBS, the Geneva Dialogue aims to develop the Geneva Manual, a comprehensive guidance for relevant stakeholders on cyber norms implementation. Thus, the Dialogue aims to facilitate an inclusive global dialogue on the roles and responsibilities of non-state actors in relation to cyber norms and cyberstability, as well as to assist them in contributing to the implementation of such norms by providing specific guidance in the form of Geneva Manual.

The session will discuss - in a diverse multistakeholder format - open issues identified through several months of expert consultations to map existing challenges with reducing vulnerabilities in digital products and possible steps for implementing voluntary cyber norms, as well as possible roles and responsibilities in this regard to enhance cyber-stability. Findings from the session will directly feed into the drafting process of the Geneva Manual.


Format of the session will be an interactive discussion in a hybrid setting. The stage will be set by a brief presentation of the findings of the expert consultations and the current draft of the Geneva Manual on possible roles and responsibilities of non-state actors to implement norms related to reducing vulnerabilities and supply chain security, as well as on existing challenges and best practices in this regard. 

Moderator will then invite participants to reflect on policy questions, turning to discussants to contribute their own positions, as ice-breakers. Particular voice will be given to youth participants in the audience – and especially to those from the open-source community, civil society, SMEs, academia and especially representatives of the Global South – who are critical contributors to implementing these norms and reducing risks from vulnerabilities in digital products, yet often have limited resources in addressing security in their work. High interaction with the online participants will be stimulated.


Session Time
Thursday, 12th October, 2023 (00:45 UTC) - Thursday, 12th October, 2023 (01:45 UTC)