Session
Join the BPF in discussing what cybersecurity can learn from normative principles in global governance and in exploring best practices in relation to international cybersecurity initiatives.
Session agenda
1. Introduction to the work of the BPF in 2020
2. Norms development in cyber vs. the real world
3. Analysis of new cybersecurity agreements
4. Discussion
5. Wrap up
Confirmed panelists
- Moliehi Makumane, Government of South Africa
- Pablo Hinojosa, APNIC
- Sherif Hashem, SUNY Polytechnic Institute
- Louise Marie Hurel, Igarapé Institute
- Isaac Morales, Government of Mexico
- Stéphane Duguin, CyberPeace Institute
- Aude Gery, GEODE
Discussion leads
- John Hering, Microsoft
- Sheetal Kumar, Global Partners Digital
- Maarten Van Horenbeeck, First
Presentation of the BPF background paper
- Anastasiya Kazakova, Kaspersky
- Apratim Vidyarthi, University of Pennsylvania Law School
BPF Cybersecurity webpage
https://www.intgovforum.org/content/bpf-cybersecurity
BPF papers
- Background paper What Cybersecurity Policymaking Can Learn from Normative Principles in Global Governance (.pdf)
- Research paper - Exploring Best Practices in Relation to International Cybersecurity Agreements (.pdf)
Report
Looking at norms developed in other fields can provide useful lessons for better development, implementation and respecting of norms in the area of cybersecurity.
The development and implementation of norms should include both policy / diplomatic professionals as well as technical experts.
Norms development should be open and inclusive in order to include developing countries and stakeholders.
Even if not binding themselves, norms can play an important role in helping to interpret and implement binding aspects of international law. Norms matter for cybersecurity because the internet is a decentralized, multinational entity that is hard to govern. Internet governance therefore relies on multistakeholderism, which forms the basis for norms. There are useful lessons to learn from norms developments in other areas:
- Successful norms are concrete, specific, and often create processes to foster implementation and accountability
- Powerful norm promoters can be critical for success, as can be incentives and persuasion
- Failures happen and are inevitable but can become the basis for success
- Norms development, even without results, creates socialization, which can be critical for further success
While norms are often developed via multilateral diplomacy and state-driven efforts, there is an important role for non-state actors from private sector and civil society, providing expert input into both the substance of the norms as well as how they can be implemented. It is also important to involve technical experts, both in the development of norms (to avoid creating unintended negative consequences on the technical operation of the Internet), and to bring technical and policy professionals together to work on implementation of norms.
There are challenges in both developing norms that have wide support and then subsequently in having them implemented. Guidelines can be helpful in supporting implementation of norms.
There are also concerns that cybersecurity norms development processes are not always open and inclusive to all countries and stakeholders.
The work of the BPF has been valuable in tracing norms and finding commonalities, even where there are differences in language and terminology.
1. Introduction to the work of the BPF in 2020
Maarten Van Horenbeeck, FIRST
Sheetal Kumar, Global Partners Digital
2. Norms development in cyber vs. the real world
Apratim Vidyarthi, University of Pennsylvania Law School
Anastasiya Kazakova, Kaspersky
3. Analysis of new cybersecurity agreements
John Hering, Microsoft
4. Discussion
Moliehi Makumane, Government of South Africa
Pablo Hinojosa, APNIC
Sherif Hashem, SUNY Polytechnic Institute
Louise-Marie Hurel, Igarapé Institute
Isaac Morales, Government of Mexico
Stéphane Duguin, CyberPeace Institute
Full details of the BPF’s work this year can be found at the BPF’s webpage - https://www.intgovforum.org/content/bpf-cybersecurity. These include:
- What Cybersecurity Policymaking Can Learn from Normative Principles in Global Governance - Background document (download .pdf)
The Internet Governance Forum’s thematic intersessional work on cybersecurity intends to guide submissions to the 2020 Best Practice Forum on Cybersecurity’s final, annual report. By taking the time to identify successful norms initiatives and their role in policy change, the BPF Cybersecurity grounds its analysis of a wide variety of Cyber Norms initiatives in the lessons learned throughout the stages from early development to implementation. The examples studied in this review were chosen for their effectiveness and are not necessarily related to or even tangential to technology or the internet. By looking to successful norms frameworks the BPF Cybersecurity, and the initiatives it has invested in, might better understand the strengths, flaws, and why some norms initiatives have ultimately succeeded.
- Exploring Best Practices in Relation to International Cybersecurity Agreements - draft Research paper (download .pdf)
The IGF 2020 Best Practice Forum (BPF) on Cybersecurity’s workstream on exploring best practices in relation to international cybersecurity agreements is focused on updating and further advancing the analysis of the 2019 BPF report on the state of international cybersecurity agreements, with a more narrow focus on cyber norms agreements. Its work includes:
- Identifying new agreements and developments since last year to include in the analysis.
- Reviewing and refining the scope of agreements to be included in the report.
- Identifying a core group of agreements to include in the 2020 analysis.
- Identifying trends and commonalities between contents of cyber norms agreements.
- Releasing a call for contributions to gain further input on these selected agreements and their implementation.
- Updating last year’s research paper with new learnings about implementation regarding these core agreements.
- Identifying additional international agreements and initiatives on cybersecurity, and performing a deeper analysis of a set of agreements - Call for contributions
In 2020, the BPF Cybersecurity is building on its 2019 report by focusing on identifying additional international agreements and initiatives on cybersecurity, and performing a deeper analysis of a narrower set of agreements. In this deeper analysis, we’re looking specifically at whether the agreement includes any of the UN-GGE consensus norms; and whether any additional norms are specifically called out.
The narrower set of agreements is focused on those that are specifically normative, rather than having directly enforceable commitments. The Best Practice Forum on Cybersecurity is calling for input for its 2020 effort. Input will feed into the BPF discussions, the BPF workshop during the virtual IGF2020 and this year’s BPF output report.