You are here

BPF Cybersecurity



Best Practice Forum Cybersecurity

exploring best practices in relation to international cybersecurity initiatives



latest from the BPF Cybersecurity:




Participation in the work of the BPF Cybersecurity is free and open to all interested. Participants are expected to respect the IGF Code of Conduct .

Subscribe to this BPF mailing list:

For general inquiries on the BPF Cybersecurity please contact [email protected] .


BPF Coordinating team

  • Ben Wallis, MAG BPF Facilitator
  • Markus Kummer, BPF Co-facilitator
  • Maarten Van Horenbeeck, BPF Lead expert
  • John Hering, Lead Workstream 1
  • Mallory Knodel, Lead Workstream 2
  • Sheetal Kumar, Lead Workstream 3
  • Wim Degezelle, Consultant IGF Secretariat

contact [email protected]


BPF Activities 


BPF Work plan

Workstream 1:  Identify new agreements and recent developments since last year

Work stream 1 focuses on identifying new agreements that appeared since last year. We intend to review only on those agreements that are strictly norms-focused (so to not look into instruments of hard law). Specifically interesting would be to identify any new norms related to healthcare cybersecurity, given COVID-19.

  • Reviewing new agreements and perform last year’s mapping exercise on both the new agreements and to capture any new developments in relation to agreements reviewed last year;
  • Identify a core set of agreements we want to retain for a more detailed review;
  • Develop a targeted Call for Contributions to gain further input on these selected agreements;
  • Initiate the Call for Contributions and process results;
  • Update last year’s research paper with new learnings about implementation regarding these core agreements.

WS1 update (22 July 2020) : link 

WS1 Research paper - Exploring Best Practices in Relation to International Cybersecurity Agreements (.pdf)


Workstream 2:  Understanding and documenting methods of norms assessment

This work stream focuses on understanding the role of assessment in norms setting and how assessment contributes to whether they are truly adhered to. In addition, we’ll take a look at other disciplines outside of cyber, and see how we can learn from normative principles as governance in other contexts.

Specifically interesting would be to identify any assessment related to healthcare cyber norms, given COVID-19: for instance, states calling out malicious cyber behavior affecting healthcare, indicating a norm may be present.

  • Identify forms of norms assessment which already exist in cyber, for instance by looking at publications and statements by states and non-state actors around adherence to a norm.
  • Identify methods of norms assessment in other disciplines;
  • Evaluate how these may apply to the principles we deal with in cyberspace.

WS2 Background paper  What Cybersecurity Policymaking Can Learn from Normative Principles in Global Governance (.pdf)

Workstream 3:  Outreach to widen participation in the BPF

We’ve identified for a few years now that we need wider participation, and given the growth of interest in the BPF, this is a good year to dedicate some effort to outreach and engagement - specifically focused on government and private sector, which have historically been underrepresented in our group.

  • Identify potential new participants in government, private sector and other stakeholder groups.
  • Have a special focus on identifying participants from the youth constituency;
  • Reach out to these potential participants and motivate them to contribute to the BPF.


Contact Information

United Nations
Secretariat of the Internet Governance Forum (IGF)

Villa Le Bocage
Palais des Nations,
CH-1211 Geneva 10

igf [at] un [dot] org
+41 (0) 229 173 411