IGF 2023 WS #90 A global village to address tackle cyber mercenaries


Cybersecurity, Cybercrime & Online Safety
Cyberattacks, Cyberconflicts and International Security

Organizer 1: Monica Ruiz, 🔒
Organizer 2: Kaja Ciglic, 🔒

Speaker 1: Monica Ruiz, Private Sector, Western European and Others Group (WEOG)
Speaker 2: Katie Shay, Private Sector, Western European and Others Group (WEOG)
Speaker 3: Stephane DUGUIN, Civil Society, Eastern European Group


Monica Ruiz, Private Sector, Western European and Others Group (WEOG)

Online Moderator

Kaja Ciglic, Private Sector, Eastern European Group


Monica Ruiz, Private Sector, Western European and Others Group (WEOG)


Birds of a Feather - 30 Min

Policy Question(s)

1) What existing vehicles could be leveraged and considered at the UN to increase international cooperation to address the threats posed by cyber mercenaries?

2) What is the appropriate balance between using an existing vulnerability or cyber mercenary group for national security purposes versus reporting a vulnerability to improve the security of the overall digital ecosystem?

3) What are ways the multistakeholder community can act in coordination to limit the cyber mercenary market and increase transparency?

What will participants gain from attending this session? Building on the Guiding Principles on Government Use of Surveillance Technologies that was supported by 44 Summit for Democracy participating states and the Cybersecurity Tech Accord’s industry principles to limit the threats posed by cyber mercenaries, this session looks ahead to what is next at the UN. Participants will get a better understanding of existing and upcoming measures being taken to address this threat. Additionally, it will explore its relevance for UN Open Ended Working Group (OEWG).


Cyberspace is increasingly seen as an area of conflict. However, developing and sustaining cyber offensive programs is expensive, takes time and requires skills that most countries do not have or cannot maintain over time. This has seen the emergence of the cyber mercenary, companies or at times individuals, willing to offer these capabilities to countries and enterprises for a fee. The risks posed by these groups must be addressed at the international level, as well as nationally. Alarmingly, the tools and techniques cyber mercenaries sell can violate human rights laws, as well as norm ‘(13-j)’ included in the 2015 United Nations (UN) Group of Governmental Experts (GGE) report, which was endorsed by consensus through successive General Assembly resolutions. Given the need to address this issue globally, the session will feature representatives from across the multistakeholder community, including a speaker from the Tech Accord, civil society group Citizen Lab and representatives from the Government of the Philippines and the European Parliament PEGA Committee.

Expected Outcomes

This session will help increase awareness of the cyber mercenary challenge and raise the need to include it in OEWG cyber dialogues at the UN. Several member states touched on the issue of cyber mercenaries at the fourth substantive session of the OEWG in the context of existing and potential threat and at the follow-on Summit for Democracy. This raises the bar for governments to take more proactive steps in identifying what is responsible state behavior in the use of these groups. Civil society and industry have been tackling this issue for years, it is time for governments to proactively act on their end as well.

Hybrid Format: 1) I plan to use online tools such as virtual documents all participants can contribute to and virtual survey questions to drive the discussion forward.
2) I will allocate time for both in-person and online contributions from participants. This will allow for a free flow of insights throughout the hybrid session.
3) Similar to what was shared below, tools such as surveys, virtual documents and potentially breakout sessions will be part of this session, so participants actively engage.