IGF 2021 – Day 4 – Lightning Talk #86 What is a confidence-building tool? The case for Cyber Policy Portal

The following are the outputs of the captioning taken during an IGF virtual intervention. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid, but should not be treated as an authoritative record.



>> A KASTELIC: Thank you, that's my cue.  Thank you for joining.  I am working on cyber issues.  Welcome to today's sort of interactive workshop on confidence‑building tools, confidence‑building measures and in the context of international ICT peace and security.  We're going to be presenting one of the tools that has been developed by our own, very own UNIDIR, and with that, I'll share the screen with you and after that, we'll have a little demo. 

I don't think I see anyone in the room in Katowice, but whoever is here, Manuel, and I think Annett, if you wish to turn on the cameras, by all means, do so.  I really would like this to be a very interactive discussion, if possible.  Obviously, there's going to be plenty of space, plenty of time for your questions as well.  But with that, I'll just start sharing my presentation. 

Okay, I guess you can see the presentation? 

>> LENKA FILIPOVA: Yes, we can.

>> A KASTELIC: Okay, so let's dive into it.  This is a website with quite a lot of aspects to it.  Essentially, it's an interactive, what we call at‑a‑glance tool for cyberspace, for cyber policies.  Excuse me.  For cyber policies, covering all 193 UN Member States.  It essentially maps cybersecurity policy, as well as legislation of States, intergovernmental organizations, as well as other instruments and frameworks that may not be only of states or internal governmental organizations.  The purpose of it is to facilitate transparency and information exchange among states.  And our target audience is diplomats, policymakers and security policy experts, including research community and academia. 

The portal itself was compiled ‑‑ well, the data set was compiled in 2018 and launched in 2019, very early.  I think it was January '19.  It's been developed and is maintained by UNIDIR's Security Technology Program.  UNIDIR stands for United Nations Institute for Disarmament Research, and we focus on researching disarmament issues.  One of the angles we are looking at are also the so‑called emerging new technologies on the international peace and security.  UNIDIR is an autonomous entity within the UN, so we largely rely on voluntary funding and other interested parties. 

So, back to the portal itself.  The portal itself was mentioned or recognized by 2021 consensus reports of both the UN processes dedicated to international ICT peace and security, so namely being the UN GGE and UN OEWG, so Open‑Ended Working Group and Group of Government Experts, respectively.  And we are very happy to have been able to participate in 2019 and 2021 Paris Peace Forum.  It's a fascinating show, trade show, fair of peace‑dedicated projects by different organizations. 

So, now to the concept of confidence‑building and confidence‑building measures, confidence‑building tool, and the way the Cyber Policy Portal fits into this category.  So, confidence‑building measures, or CBMs, so apologies if I refer to them as CBMs, are essentially an old concept that dates back to the Cold War.  And the intention of the confidence‑building measures is to strengthen international peace and security by increasing, amongst other things, transparency/predictability of state behavior. 

So, the rationale behind these tools and measures, depends on how you frame it, is that the more states know of each other, the more the states know of the intentions of themselves, of each other, the more they know of policy frameworks or positions on particular issues within the context of international peace and security, the less strenuous their relationships are going to be. 

The Cyber Policy Portal helps to build trust and understanding in this way between states.  We hope that it helps decrease and mitigate potential tensions between the states as well in this regard. 

So, CBMs, or confidence‑building measures, have become an important part of the UN negotiation processes on the international peace and security when it comes to the ICTs.  And as I mentioned already, so, Cyber Policy Portal, by far not the only CBM, has been mentioned by OEWG and GGE and pays specific attention to these in general, and by that ascribing significant importance to the CBMs in this particular field.  You're more than welcome to visit the websites of the UNODA and read through these reports, and specifically on the confidence‑building tools and measures. 

So, confidence‑building is not the only aim of the Cyber Policy Portal, but it also promotes capacity‑building assistance as well as serves the research community, as I mentioned at the beginning.  I'll touch upon that in the next slide, but allow me just a couple of seconds about how it promotes capacity‑building.  So, by providing an overview of current ‑‑ I wouldn't, perhaps, say best practices, but good practices in cyber policy‑making of all the countries, policymakers as one of the targeted audience has the possibility to visit the Cyber Policy Portal and review what these good practices, perhaps, are and think of how this could be transposed into the different national context, if possible.  It's not always possible.  And as such, CPP ‑‑ Cyber Policy Portal ‑‑ supports these policy, cyber policy teams or cyber policy experts, national experts, with our analytical tools that we have on the websites.  Again, bear with me.  I'll be able to show you at the end a bit what I mean by these analytical tools. 

So, I think through that, UNIDIR showcases certain efforts of states that have new policies or existing policies.  Some date back to the early 2010s.  And hopefully, through that, we indirectly motivate other states to check and update their national policies and sort of follow the emerging trends in policy‑making especially.  Lost my mouse for a second.  Sorry. 

As I mentioned, or as I teased, we consider the Cyber Policy Portal to be a research tool as well.  It allows for comparative analysis, which enables the users to compare up to three states or organizations of their respective cyber policy landscapes and legislations.  Cyber Policy Portal also has advanced features, advanced filters, enabling quick sorting of the states based on the content of their profiles. 

So, this is the landing page of the Cyber Policy Portal, and the QR code on the right‑hand side, if you want to scan it to visit the Cyber Policy Portal, or just simply type in www.cyberpolicyportal.com and you'll land on the UNIDIR page devoted to the Cyber Policy Portal.  And then you can just select whichever country you want and visit their policies and legislation. 

So, if you're with me and clicking through the website, but if not, again, I'll show it again at the end.  But briefly, each of the state profiles also goes for the international, intergovernmental organizations, but nonetheless, let's focus for a second on the state.  So, all the state profiles include four categories of the policy in the landscapes.  First is the cybersecurity strategy document and various implementation frameworks, so implementing these particular strategies. 

The second one is cybersecurity legislation, which as I mentioned, allows to go through the national legislation that is dedicated to cybersecurity.  It features also ‑‑ every profile features key dedicated structures and positions that are in charge domestically, so nationally, for cybersecurity policy, as well as various international cooperation declarations, initiatives, activities.  Sometimes in this category, we are very granular and list pretty much all the efforts that states are undertaking when it comes to international cooperation in the field of cybersecurity. 

I'm very happy to be reporting also of the extended filter feature that we very recently implemented.  So, unfortunately, we don't have yet ‑‑ I'll talk about that later as well ‑‑ we don't have yet the search function on our website.  As I said at the beginning, it's meant to be an at‑a‑glance tool, so by providing this map as a landing page, I think it provides sort of ease of use for the users to just click on a country they're interested in and go through their respective profile.  But if one is interested, perhaps that is very apt for the research community, more so than anyone else, the users can quickly go through the dedicated categories as well as subcategories, and through that filter the countries that do have that particular capacity. 

And over here, we have an example.  So, clicked on the implementation framework, so that's within the category of policies.  And the map colored is clearly indicating the countries that do have certain implementation frameworks in place. 

Another feature that I teased to a degree already and I mentioned before is the comparative function or the function that allows comparing up to three profiles.  Here we see states.  And it sort of provides an overview of these policies, national policies that they have, and allows for a quick overview, I suppose, of the current state, of the current state of affairs, in comparative way as well.  One can even export this as a PDF, and I'll show that again in a bit. 

We heavily rely on information that is provided by states, but also by our respective users.  And because of that, I need to emphasize the feedback mechanism or feedback tool that we have on our website as well.  It allows the users to provide any data, official sort of data that pertains to the cybersecurity policy or legislation, but also allows to give any sort of feedback that pertains to our user interface or functionality we have and so on and so forth. 

Besides the fact that this feedback form is available on the website, we also have the dedicated email address, so [email protected].  I don't think these phone numbers are relevant anymore, nor is the fax number.  So, that's it for now.  But before I give the floor to any possible questions that may have arisen during my quick presentation, I'll go through the website and quickly show you how all these features that I just sort of talked about.  So, I'll share.  There we go. 

So, I suppose you can see the Cyber Policy Portal right now, the landing page that I mentioned at the beginning.  Let me reframe that, one second, thank you.  This is the landing page that we have, and all the country profiles are available by just clicking on a simple country.  So, if I wish to click on Chad, for example, this is the country profile.  As you can see up here, it was last updated in November of 2020, so this one didn't have a lot of changes.  I can quickly expand by clicking on Expand All.  And this is the cybersecurity policy, which seems non‑existent.  Perhaps I'd be better off if I click on a different country.  So, I know the Russian Federation is something we updated recently. 

So, this is the strategy documents.  These are the strategy documents that are available in Russia.  If one clicks on Read More, we provide a short, brief overview of the particular policy that we list up here, but we always link to the primary sources, which are found on the website of the Russian Federation, the site of the Russian Federation.  The website of the Cyber Policy Portal includes structure, as I mentioned, as well as legal frameworks, user international law, which is a new category that seems to be getting a lot of attention, and their involvement in UN processes as well as multilateral cooperation.  So, there is a lot of information available here. 

Instead of going through the Contact Us feedback form that I mentioned before, one can suggest updates also directly from the profile of interest by clicking on this particular button that takes one directly on the feedback form.  We have share function as well, as well as the export to PDF, which is probably quite, quite useful. 

I wanted to show the compare function, and I see I've played around with this function just before, and you'll see this website.  Save this preferred comparison that I have.  And again, as was shown in a PowerPoint presentation, we can quickly compare different categories by doing this function.  And at the end, as I mentioned, one can PDF ‑‑ oh, we have an issue here.  One can export quickly to the PDF.  We'll work on this error that we got here now. 

So, this is for just a beginning.  I welcome any questions, any remarks.  I see there are three questions already.  So, the questions are what is the biggest challenge of running the portal?  And can you share with us about future plans for the portal as well?  Thank you.  That would be Ms. Filipova.  Thank you very much for your questions. 

Yes, I'll start with the bottom one, if you don't mind.  I usually go backwards.  So, we have big plans for this year ‑‑ well, for next ‑‑ sorry.  We have big plans for next year.  A lot of updates will happen in the background.  We are preparing, as I mentioned ‑‑ so, when one clicks on the particular policy or a particular document pertaining to the policy, it takes the user directly to the website of the pertaining country.  Now, this will likely change in the future.  We're building a database whereby we will be seeing all of the documents on our servers.  There's an important function behind that, so there's a reason for it, one being that we will allow users to search for all the documents, all the policies and legislation.  That will hopefully increase the utility of the portal, mostly for, not only for the policymakers, but also for the researchers.  That is a function that we've gotten quite a lot of requests for, so I think this will come in the second part of the next year. 

And the biggest challenges.  Well, we want to do a lot of things, obviously, but, unfortunately, we need to sort of balance our capacities.  There are not a lot of us on the team.  And right now, this is going to be the biggest improvement, so the biggest chunk of our work in the next year.  But on top of that, we will be also soon providing the translations of the user interface in all the official UN languages.  So, that is quite exciting as well. 

And then the challenges more broadly.  Well, one of the challenges that the landscape constantly changes, and very frequently changes.  And I think we need to invest quite a lot of hours in desk research also to persuade the governments to submit their information.  So, I think that probably takes most of our time. 

Another question.  A couple of other questions.  One is that I have ten minutes left to the presentation.  Thank you to the moderator.  Could you please tell us about feedbacks received outside the UN processes?  Ha!  So, the question, I guess everybody can read it, nonetheless.  So, the question is referring to the outside processes.  So, the feedback that we've received from academia.  So, I'll just talk briefly, generally, about the research community that is, I think, quite apt using of the CPP. 

So, one frequent request that we received ‑‑ and you'll see how this ties into the future plans ‑‑ is the ability to research the views on international law.  Right now, if one is interested in using international law, the only way to go through, to display all the available document related to that on the CPP is to go through filters of subcategories.  So, I showed you the ones on the left side. 

Now, in the future, we know that, for example, that views on international law are not always concentrated or part or featured in the dedicated documents that are titled "Views on International Law," but sometimes the nuggets of state practice when it comes to international law, or even opinion juris, is hidden in various other documents that are published by the document, so it be national cybersecurity strategies or even, sometimes, legislation that is dedicated to cybersecurity. 

Now, this tool that we are developing right now that will allow searching through the documents or a text itself will allow the researchers to go through core text of all these documents that are currently linked to external source and find specific keywords, for example, that they are interested, not just generally international law, but specific concepts within international law.  For example, use of force.  And through that, we'll be able to display all of the relevant hits for these particular documents, and I think that will probably facilitate that as well.  So, we're quite happy about that. 

One thing that I forgot to mention is that not only will we be able to translate the user interface in the next year or so, but we'll also provide a short translation of the summaries that we currently provide only in English, unfortunately, but I think that will be an automated translation, so that will be only for information purposes.  But nonetheless, it is a step towards, I suppose, expanding our utility. 

And Emanuel, I'm going to read your question, if you don't mind.  Yeah, that's a good question.  It's about a methodology.  And sorry, I didn't dive into that because I thought it was a bit mundane for now, but thank you.  It's a good question. 

So, I suppose we have two venues of getting the information.  As I mentioned very briefly, we invest a lot of effort in persuading the government to provide the information whenever it's updated.  So, that takes a lot of work and a lot of time.  But when this is unavailable, when we cannot get through, sometimes we just never receive the information from the governments, then we have a dedicated team of one person, sometimes two, that do best research.  But as I said, we always rely strictly on official sources.  This is not ‑‑ we don't really ‑‑ we don't come up with our own policies.  We don't link to policies or to, I don't know, to certain, yeah, to secondary sources.  We always rely on primary sources.  So, I think we're proud of that, that we're really trying to be as authoritative as possible. 

What are opportunities for individuals to contribute to the Cyber Policy Portal?  Oh, you know, as I mentioned, there's a feedback form.  And I don't know, Emmanuel, which country you're coming from, but if you're interested in cyber policies or legislation, I kindly invite you to go through the portal and click on the profiles that you're interested in, or even have some knowledge about.  And if you could go through the policies, the legislation, and other entries, and see if there's anything that you think is outdated and you have information ‑‑ official, again, official information ‑‑ that you think it would be useful, and if you could submit that by either clicking on top of the profile, suggest an update, or going through the Contact Us form, which also allows providing feedback on the content, and submit this new content, that would be highly appreciated. 

As I said, you can also send us an email to [email protected].  Please, when you do so, do include the official links, because that's how we, again, we link to these particular documents and policies, legislation, whatever it is.  But thanks for the question.  Those are very good two questions. 

Anyone else?  Anyone else wants to ask anything?  I think we've been reminded once again that we only have, well, by now, three minutes to go.  So, anything else?  Nope?  Okay.  Well, with that, then I will conclude this presentation.  Thank you, everyone, for joining.  I really appreciate it.  There's not a lot of us, but nonetheless, it was quite interesting.  Thanks for the opportunity and have a good rest of the day.  Bye.