IGF 2019 WS #348 Can cyberweapons be developed and used responsibly?

Organizer 1: John Hering, Microsoft
Organizer 2: Kaja Ciglic, Microsoft

Speaker 1: Jan Neutze, Private Sector, Western European and Others Group (WEOG)
Speaker 2: Suzanne Spaulding Suzanne Spaulding, Government, Western European and Others Group (WEOG)
Speaker 3: Camille François, Private Sector, Western European and Others Group (WEOG)
Speaker 4: Abdul-Hakeem Ajijola , Private Sector, African Group

Policy Question(s): 

Recognizing that States have a responsibility to national security and defense, is there a way for governments to responsibly pursue military capabilities in cyberspace that doesn’t threaten to unnecessarily jeopardize innocent civilians and other parties?
What would characterize a responsible military presence in cyberspace as opposed to irresponsible pursuits?
What role can other stakeholders, including industry and civil society organizations, play in identifying responsible behavior as it relates to military cyber capabilities and holding states accountable to such behavior?

Relevance to Theme: This session will directly address concerns at the core of the “Security, Safety, Stability and Resilience” theme of the IGF by exploring how governments can uphold their national security responsibilities while not jeopardizing the security of individuals and the broader online ecosystem. At a time when nation states are playing an ever-larger role in the development and use of cyberweapons, which can be easily misused or repurposed for malicious ends, it is critical to explore what processes and procedures can be put in place to limit the dangers posed by these advanced capabilities in partnership with other governments and stakeholders to preserve a safe and secure online world.

Relevance to Internet Governance: This session addresses the core of internet governance as it seeks to further develop norms and expectations to limit the frequency and sophistication of threats online by leveraging multistakeholder perspectives to identify the characteristics of responsible state actions in the development, maintenance and implementation of military capabilities in cyberspace. This will include highlighting the rules and decision making processes which should govern activities in this space.


Panel - Auditorium - 90 Min

Description: Can cyberweapons be developed and used responsibly?
Amidst escalating numbers of sophisticated cyberattacks – many of which are conducted on behalf of governments or leverage tools developed by government actors – this session will explore whether or not there is a responsible way for states to develop, maintain and employ military cyber capabilities in the interests of national security and under a right to self-defense. Among other things, this session will touch on subjects including vulnerability disclosure, government transparency, kinetic versus cyber-attacks, and nation-state responsibility in the event of a misused or stolen cyberweapon.
Each year, increasing numbers of governments decide to invest considerable resources in establishing military capabilities in cyberspace. This decision is often made with little input from citizens or outside groups and the activities of the resulting “cyber units” are generally shrouded in secrecy. This panel will provide an important opportunity for feedback and input on these activities from a diversity of stakeholder groups to promote responsible behavior that prioritizes the security of the entire online ecosystem.
The session format will allow speakers from industry, academia and civil society groups to share their thoughts on what would characterize responsible behavior by governments as they seek to achieve national security objectives in cyberspace. In addition, the session will also give those with experience in government the opportunity to provide greater context and insight into government decision making related to the militarization of cyberspace. The discussion will hope to provide valuable learnings to those in attendance seeking to influence or guide government activities in this space and provide ample time for questions for the speakers.

• 5 minutes – Opening remarks from moderator setting the stage for the discussion, highlighting the current state of affairs as it relates to the militarization of cyberspace and the pursuit of offensive capabilities by governments, and letting those attending the panel know that a substantial amount of time will be saved for questions in the later portion of the session.
• 25 minutes – Opening remarks from panelists sharing their perspectives on what, if any, are examples of responsible military postures in cyberspace and what constitutes irresponsible behavior.
• 30 minutes – Moderator asks pointed questions to respective speakers about what best practices should be adopted to minimize the unintended dangers posed by military cyber operations. Speakers will respond both to direct questions as well as to one another, representing both their individual and stakeholder perspectives as it relates to the positions of others. This portion of the session will identify points of agreement and divergence for those in attendance.
• 30 minutes – Those attending the session, in the room or remotely, will be welcomed to ask direct questions of the speakers and share differing perspectives related to the development of offensive capabilities in cyberspace. Once again, speakers will be encouraged to both address the questions that are asked as well as to respond to the answers provided by their colleagues.

Expected Outcomes: This session will provide important learnings and highlight significant opportunities for those in attendance from all stakeholder groups seeking to find ways to improve the cybersecurity ecosystem by promoting responsible behavior on the part of states in pursuit of national security objectives online.

For government representatives, the session will highlight best practices and innovative new approaches to the development of military capabilities in cyberspace - including on issues like transparency and vulnerability disclosure. Meanwhile, other stakeholders from industry and civil society will have an opportunity to learn about ways to continue influencing this discussion in favor of solutions that protect the entire online ecosystem.

Onsite Moderator: 

Kaja Ciglic, Private Sector, Eastern European Group

Online Moderator: 

John Hering, Private Sector, Western European and Others Group (WEOG)


John Hering, Private Sector, Western European and Others Group (WEOG)

Discussion Facilitation: 

The moderators will work to ensure that the discussion at the outset of the session highlights the current state of play in the issue space and then prompt speakers to actively engage with and respond to one another. Moderators will also keep the timing of the discussion on track to allow for a full half hour of audience questions and comments at the end of the session, which the moderators will make attendees aware of at the outset to promote thoughtful questions and comments in response to speakers. The onsite and online moderators will work together to make sure audience questions are taken from a diverse collection of session attendees, both on site and online.

Online Participation: 

The online moderator will manage remote participation in the session via the Official Online Participation Platform, ensuring that those who are virtually attending the panel discussion are able to view/listen throughout its entirety, and that they are actively included in the question and comments portion from session attendees.


GOAL 11: Sustainable Cities and Communities
GOAL 16: Peace, Justice and Strong Institutions
GOAL 17: Partnerships for the Goals