IGF 2021 WS #222
Cybernorms - do they hold up IRL (in real-life)? Take 2

Organizer 1: Basu Arindrajit , Centre for Internet & Society, India
Organizer 2: Paula Martins, Association for Progressive Communications - APC

Speaker 1: Mallory Knodel, Civil Society, Western European and Others Group (WEOG)
Speaker 2: Enrico Calandro, Civil Society, African Group
Speaker 3: Paula Martins, Civil Society, Intergovernmental Organization
Speaker 4: Sheetal Kumar, Civil Society, Western European and Others Group (WEOG)


Paula Martins, Civil Society, Intergovernmental Organization

Online Moderator

Basu Arindrajit , Civil Society, Asia-Pacific Group


Sheetal Kumar, Civil Society, Western European and Others Group (WEOG)


Break-out Group Discussions - Round Tables - 90 Min

Policy Question(s)

Cybersecurity practices and mechanisms: What are the good cybersecurity practices and international mechanisms that already exist? Where do those mechanisms fall short and what can be done to strengthen the security and to reinforce the trust?
International rules and state accountability: How should international rules be strengthened to protect national sovereignty and citizens against attack by malicious state and non-state actors? What can be done to better hold nation-states accountable for cyber-attacks?

The session will address both these policy questions since it plans to explore how already existing international cyber norms could apply to different cyber attacks such as attacks to electoral systems, to critical global infrastructure, and cyber espionage; what could be the policy responses to these incidents, and if additional or different norms could have prevented these incidents.


9. Industry, Innovation and Infrastructure
16. Peace, Justice and Strong Institutions

Targets: A safe and secure internet is integral to the realisation of the SDGs. Unfortunately, despite the development of cybernorms by the global community, including the UN, these are not being implemented - with impacts on the SDGs including on infrastructure and on democracies (e.g electoral processes). It is time for these norms to be fully implemented, in accordance with inclusive principles. This workshop will identify gaps in cybernorm implementation, reasons for those gaps and develop recommendations to address those, with the ultimate aim of supporting the implementation of the SDGs and a more peaceful and secure cyberspace and world.


The use of cyberspace by States to conduct large-scale and damaging attacks is becoming more of a norm. But the opposite should be true. Cybernorms aren’t working unless States call out violations of norms, actively observe and implement them, or hold each other accountable. Or perhaps, norms aren’t being devised, driven and complied with well enough. Building on the discussions during the RightsCon 2021 session “Cybernorms - do they hold up IRL (in real-life)?”, this follow up workshop seeks to delve more ii to what extent existing agreed cyber norms mitigate real life cyber incidents and how norms can do more. We will build on/feed into the BPF’s on cybersecurity’s research on the same topic, integrating their findings into this session.

Expected Outcomes

Building on past discussions on the practical application of cyber norms to three concrete cases of cyber incidents, this session seeks to delve more and identify gaps and recommendations that could help support the application of norms. This session will seek to:
Better inform participants about the challenges on cyber norms implementation in real life and their effectiveness preventing or ameliorating cyber attacks.
Increase and create new dialogue between the different stakeholders involved in cybersecurity around the application of cyber norms in real life.
Increase common understanding about how norms can do more and if additional or different cybernorms are needed.

After a general introduction, participants will be divided into small groups to discuss a brief scenario that is relevant to agreed cybernorms. Through guiding questions and lead discussants, participants coming from governments, civil society, the technical community and the private will be encouraged to discuss the application of norms in real life cyber incidents, to identify any gaps and to brainstorm recommendations that could help support application of norms. The session will also be an opportunity for the different sectors involved to have a conversation on what the different actors involved can do to strengthen norms in a manner likely to improve their effectiveness.

Online Participation

Usage of IGF Official Tool.