IGF 2023 WS #397 ICT Vulnerabilities: Who Is Responsible To Minimize Risks?


Cybersecurity, Cybercrime & Online Safety
Cyberattacks, Cyberconflicts and International Security

Organizer 1: Anastasiya Kazakova, DiploFoundation
Organizer 2: Vladimir Radunovic, 🔒DiploFoundation
Organizer 4: Ashnah Kalemera, Collaboration on International ICT Policy for East and Southern Africa (CIPESA)
Organizer 5: Melanie Kolbe-Guyot, C4DT/EPFL
Organizer 6: Droz Serge, Swiss Federal Department of Forgein Affairs

Speaker 1: PABLO HINOJOSA, Technical Community, Asia-Pacific Group
Speaker 2: Ashnah Kalemera, Civil Society, African Group
Speaker 3: Christoph Plutte, Private Sector, Western European and Others Group (WEOG)


Vladimir Radunovic, Civil Society, Eastern European Group

Online Moderator

Melanie Kolbe-Guyot, Technical Community, Western European and Others Group (WEOG)


Anastasiya Kazakova, Civil Society, Eastern European Group


Round Table - 90 Min

Policy Question(s)

1. What are the roles of stakeholders in responsible behaviour and implementation of the UN cyber norms (esp. related to reducing vulnerabilities in digital products (UN GGE norm 13j), and ensuring the integrity of the supply chains (UN GGE norm 13i))?
2. What are the challenges with implementing these cyber norms, and how can cross-stakeholder cooperation and dialogue mitigate them?
3. How can comprehensive guidance and collection of good practices, such as the Geneva Manual, assist stakeholders in contributing to responsible behaviour and implementation of cyber norms?

What will participants gain from attending this session? The participants from the unique multistakeholder Internet Governance Forum (IGF) community will have the opportunity to actively contribute to the final version of the Geneva Manual. They will be encouraged to share their perspectives, including from the Global South, on vulnerability reporting, supply chain security, and the implementation of relevant cyber norms. Participants will be invited to discuss and share views on the existing obstacles related to reducing vulnerabilities in digital products and securing supply chains with the key goal - to reduce risks stemming from vulnerabilities in digital products for users.

In addition, participants will gain valuable insights into both successful and unsuccessful practices in implementing relevant cyber norms based on the presentation of the initial findings of the Geneva Dialogue.


Vulnerabilities in digital products remain an almost indispensable component of cyberattacks, especially high-impact ones, and thus continue to pose risks to cyberstability. Who is responsible for vulnerabilities in digital products and for supply chain security? Who is primarily expected to take action? Can the implementation of the existing cyber norms help minimize the risks stemming from such vulnerabilities, and how? Which best and failed practices in this regard can be named?

The session will explore these questions in a diverse multistakeholder format and based on initial findings of the Geneva Dialogue on Responsible Behaviour in Cyberspace (GD). The GD is an international process aimed at mapping the roles and responsibilities of various actors - the private sector, civil society, academia, and the technical community – in implementing specific international cyber norms and principles, as agreed by the UN GGE and OEWG. The session will engage stakeholders from different backgrounds and regions to gather inputs, best practices, and diverse perspectives to address the questions above and, thus, collect further knowledge on implementing related cyber norms. These valuable contributions will be incorporated into the Geneva Manual, a comprehensive guidance for relevant stakeholders on cyber norms implementation.

During the session, the organizers aim to gather additional feedback from the IGF international audience to enhance the preliminary results collected by the GD through regular multistakeholder consultations since April. This feedback and session will contribute to the final version of the Geneva Manual, which is developed to support non-state actors by providing specific guidance for contributing to cyberstability.

Expected Outcomes

The session is expected to clarify roles and responsibilities by various stakeholders in implementing the cyber norms related to reducing vulnerabilities and supply chain security, and thus in contributing to cyberstability. The session will provide a platform to discuss the challenges faced by these stakeholders, particularly in relation to reducing vulnerabilities in digital products and securing supply chains. The session will also focus on existing practices in implementing these norms, including those which are collected in the draft of the Geneva Manual which serves as a guidance for non-state actors on the implementation of cyber norms. The draft version of the Manual will be prepared for the session as a result of the extensive multistakeholder expert consultations conducted in 2023. The input discussed at the session will help finalize the Geneva Manual to publish this later in 2023 and thus to add the much-needed multistakeholder perspectives to the final version.

Hybrid Format: The interactive discussion in roundtable setting will start with a brief presentation of the Geneva Manual draft & findings on possible roles & responsibilities of stakeholders to implement norms related to reducing vulnerabilities and supply chain security, challenges and best practices in this regard.

The moderator will invite participants to reflect on policy questions, turning to discussants to contribute as ice-breakers. The floor will especially be given to youth participants in the audience and to participants who represent the open-source community, civil society, SMEs, academia, including from the Global South - who are critical contributors to implementing these norms and reducing digital risks, yet often have limited resources in their work.

Diplo's extensive experience in organizing online and hybrid meetings will ensure both online and onsite participants are actively engaged, including with online polls and through parallel chat discussions facilitated by a skilled online moderator.