IGF 2020 WS #74 Flattening the curve of irresponsible state behaviour online

Thematic Track

Organizer 1: Duncan Hollis, Temple University Law School
Organizer 2: Madeline Carr, University College London
Organizer 3: Louise Marie Hurel, Igarapé Institute
Organizer 4: PABLO HINOJOSA, APNIC

Speaker 1: Farzaneh Badii, Civil Society, Asia-Pacific Group
Speaker 2: Heather Leson, Intergovernmental Organization, Intergovernmental Organization
Speaker 3: Cristine Hoepers, Technical Community, Latin American and Caribbean Group (GRULAC)

Moderator

Madeline Carr, Civil Society, Western European and Others Group (WEOG)

Online Moderator

Duncan Hollis, Civil Society, Western European and Others Group (WEOG)

Rapporteur

PABLO HINOJOSA, Technical Community, Asia-Pacific Group

Format

Round Table - Circle - 90 Min

Policy Question(s)

What are the lessons learned that can apply both, to health and ICT sectors? What inputs are useful for cyber-diplomats to consider in ongoing international discussions on cybersecurity? Are there additional cybernorms needed that can help to save human life and protect healthcare systems? How can we better address the power imbalance and inequalities? Is healthcare considered a critical infrastructure under the UN cyber norms? Is it enough to say that attacks on hospitals and healthcare systems and research facilities are prohibited? What sort of due diligence or cooperation norms might improve resiliency to State and non-State cyber operations against this sector? Has the COVID-19 crisis and corresponding emergency response measures in both, health and ICT sectors, provide an opportunity to flatten the curve of irresponsible behavior online? How digital divide affect institutional readiness?

The strict health and safety measures put in place around the world to face the COVID-19 pandemic, can bring important lessons about emergency response, also applying to cyberattacks, calling perhaps, for more CERT/CSIRTs specializing in the health sector. During lockdown, Internet infrastructure resilience was stress-tested, in terms of change of users habits, increased Internet traffic and also infrastructures subject to cyberattacks, some affecting the healthcare sector. There is an opportunity to promote a symbiosis between health and technical sectors to find public policy lessons and learn from multi-sectoral collaboration. The biggest challenge we have faced in the last 5 workshops is the difficulty to produce a common understanding which is useful to both, the technical and the policymaking sides of the discussion. This requires translation and interpretation of concepts and mindsets which we will attempt to happen during the workshop.

SDGs

GOAL 8: Decent Work and Economic Growth
GOAL 9: Industry, Innovation and Infrastructure
GOAL 11: Sustainable Cities and Communities
GOAL 16: Peace, Justice and Strong Institutions

Description:

If successful, this workshop proposal will mark the 5th iteration of a multidisciplinary collaboration that started during IGF in 2016. Since then, we have been among the first workshop organizers to bring UN 1st Committee discussions to the IGF (2016). Since then, the establishment of new UNGGE and OEWG, has provided us with a fruitful opportunity to explore different dimensions of the intersections and divides between policymakers and the technical community. Within the IGF community, we have also been closely exploring synergies with the work being done by the BPF Cybersecurity In the years that followed, we have brought policymakers to understand useful elements of diplomacy in CERT/CSIRT operations (2017); we have brought a CERT perspective to "Whois" privacy discussions (2018); we also have measured cybernorm effectiveness in different cyberattack scenarios (2019). For IGF 2020, we propose addressing the question of Internet resiliency during the COVID-19 crisis. To do so, we will focus on (i) how State and non-State sponsored behaviors have put healthcare ICT systems to a test and (ii) what protections are needed to reduce the human cost of cyber-operations. As is now our signature approach, we will bridge technical and policy perspectives to these questions, seeking common ground between network operators, CERT/CSIRT specialists, healthcare professionals/experts, cyberdiplomats and ICT policymakers to identify lessons learned, define best practices and propose solutions moving forward the cybernorms debate. We will do this in a carefully moderated setting, with open and interactive participation from a diverse array of disciplines and stakeholders.

Expected Outcomes

We are particularly interested in producing fresh multidisciplinary perspectives that can inform the development of inputs to processes such as UNGGE and UNOEWG, other cybernorm development processes and discussions within the technical community, where matters of responsible behavior online are being discussed. If the workshop agrees on lessons learned from emergency response during COVID-19 crisis, then these lessons can inform policy or be included in operational plans by technical organizations.

The format of our workshops traditionally consists of a core group that have had previous discussions on the matter at hand. During the workshop, they share their "practiced" views with others and open the discussion to all participants around the table. Moderators guide the core group to catalyze discussions with participants in a fast-paced interactive manner. Moderators, together with the core group, synthesize views at the end and extract agreements and lessons learned.

Relevance to Internet Governance: Cybersecurity discussions involving policy measures to increase State and not-state responsible behavior online have an important Internet governance dimension on two fronts: First, the processes of developing norms and best practices. These processes, we argue, need to be inclusive and benefit from a multistakeholder approach in the agreement of outcomes, particularly when discussed in inter-governmental settings. Secondly, there is an Internet governance dimension in the implementation of these norms, as they can affect, purposefully or inadvertently, the way Internet networks operate.

Relevance to Theme: Multidisciplinary approaches to emergency humanitarian response and norm development are the right conduit for maintaining and strengthening trust between the policy and the technical communities. Also, solutions emanated with this approach, are more inclusive and better informed, so again, they should translate to improvements in security and resiliency of networks.

Online Participation

 

Usage of IGF Official Tool. Additional Tools proposed: We have successfully brought remote speakers and participants to our workshops.