IGF 2021 WS #233 Not Espionage as Usual

Wednesday, 8th December, 2021 (08:30 UTC) - Wednesday, 8th December, 2021 (10:00 UTC)
Ballroom A

Organizer 1: John Hering, Microsoft
Organizer 2: Marietje Schaake, European Parliament

Speaker 1: Serge Droz, Technical Community, Western European and Others Group (WEOG)
Speaker 2: Kaja Ciglic, Private Sector, Eastern European Group
Speaker 3: Talita de Souza Dias, Civil Society, Western European and Others Group (WEOG)


Stéphane Duguin, Intergovernmental Organization, Intergovernmental Organization

Online Moderator

John Hering, Private Sector, Western European and Others Group (WEOG)


John Hering, Private Sector, Western European and Others Group (WEOG)


Debate - Auditorium - 90 Min

Policy Question(s)

Roles and responsibilities in protecting against cyber-attacks: Which stakeholders hold responsibility for protecting national governments, businesses and citizens against cyber-attacks?
International rules and state accountability: How should international rules be strengthened to protect national sovereignty and citizens against attack by malicious state and non-state actors? What can be done to better hold nation-states accountable for cyber-attacks?

While espionage has long been a tolerated state practice, the rise of cyberspace as a domain of human activity and conflict has changed the nature and scale of government espionage activities. Cyber-enabled espionage attacks today can be much larger in scope, especially when they target the ICT supply chain, and put many more at risk of victimization in the process. In addition, espionage can be economically motivated as well as political, and increasingly targets non-governmental actors online. This session will present the topic as a debate between experts to explore what should be the boundaries for government spying in cyberspace.



Targets: The consequences of escalating cyber conflict, including operations which target the ICT supply chain, jeopardize nearly all of the UN's Sustainable Development Goals (SDGs) – especially those involving safe access to essential services and infrastructure. The focus of this workshop will be on how such risks can be mitigated by reinforcing international expectations and strengthening international institutions to uphold peace and justice.



Revelations surrounding the SolarWinds hack have raised important questions about what the limits should be of nation-state cyber operations. On the one hand, the incident appears to have been a strictly espionage-focused operation – the kind of government spying that has traditionally been considered acceptable behavior. However, the operation involved an attack on the ICT supply chain, specifically the software update process, that put tens of thousands more at risk of being exploited and required significant time and resources to fix. During this session, experts will debate both sides of whether or not these kinds of activities should be tolerated, similar to other espionage actions, or whether they should be considered meaningfully different depending on the scale of an operation and its targets. In addition to hearing from the speakers, the workshop will seek to include the perspectives of those in attendance and explore whether or not the issue should be a priority for cybersecurity dialogues at the UN or in other international forums.

Expected Outcomes

The structured debate will allow expert speakers to present their views on both sides of the issue, as well as to consider the questions and contributions of those joining the session, before conducting a survey of those participating in the workshop on what position appeared to prevail in the debate. In addition to raising awareness and capturing the perspectives of those in the IGF community joining the session, the workshop will seek to advance a dialogue around whether additional norms or rules are needed – including at the UN – to protect against espionage attacks which target the ICT supply chain in particular.

The moderator for the workshop will set the stage and terms for the debate among the participants at the outset by clearly outlining the issue at hand – balancing government interests in espionage against the stability and security of the digital environment. The speakers, each representing a distinct perspective on the topic on a spectrum from less permissive to more permissive of espionage activity, will then each give an opening statement defending their point of view. Speakers will then be permitted to challenge one another’s positions before opening up the floor to questions and contributions from those in attendance. At the end of the workshop, participants will be asked which of the discrete positions presented they most agreed with. Workshop timing: 00:00 – 00:10 Moderator presents the topic for debate and introduces the speakers and their respective positions for the discussion. 00:10 – 00:35 Each speaker gives an opening statement presenting and defending their position on the boundaries of espionage activity. 00:35 – 01:00 Moderator and speakers ask probing questions challenging the positions taken by respective speakers. 01:00 – 01:20 IGF participants are invited to ask questions and make contributions to the debate, either defending or challenging the perspectives of the speakers. 01:20 – 01:30 IGF participants make final determination of who had the most compelling argument and speakers provide closing remarks.

Online Participation


Usage of IGF Official Tool.


Key Takeaways (* deadline 2 hours after session)

While espionage activities by governments are often tolerated in other domains of human activity and conflict, such activities which corrupt the ICT supply chain put too many at undue risk to be considered permissible under international expectations. The widespread impact of the attacks themselves and the costs associated responding to them call into question whether the proportionality can ever be justified.

The rise of cyber mercenaries developing technology to conduct espionage online is compounding the challenge and proliferating digital spying capabilities. This creates a two-fold challenge of both very sophisticated persistent government actors, as well as those who can simply buy such capabilities in an open market.

Call to Action (* deadline 2 hours after session)

Various international forums exist, at the UN and beyond, to clarify what are international expectations for responsible behavior online, including as it relates to attacks which undermine the ICT supply chain.

The emerging market of cyber mercenaries/private sector offensive actors, has little to no social utility as they proliferate malicious capabilities that often target the most vulnerable. They should be banned.