Actively following and engaging in the OEWG I process has been a focus for the CyberPeace Institute since its creation in 2019. The inclusion of non-state actors and an overall multistakeholder approach in such critical discussions is of utmost importance. These communities can share knowledge and expertise with governments, and can encourage a more representative and comprehensive decision-making process. As such, the Institute has prioritized engagement and advocacy work in collaboration with other non-state actors to promote accountability and work towards a more peaceful cyberspace. The OEWG discussions provide a unique opportunity in that all UN Member States are welcome to participate, unlike at the GGE.¹ However, as the first OEWG II substantive session begins on 13 December 2021, there is the expectation that this process should be just as, if not more inclusive than OEWG I. OEWG II should ensure that countries can make meaningful contributions that build upon the previous discussions, Final Report, and multistakeholder input.
The importance of a multistakeholder approach
The systematic inclusion of non-state actors, specifically those without ECOSOC status, in substantive discussions regarding the application of international law to cyberspace and the implementation of capacity building measures is critical. This inclusive approach needs to be integrated from the beginning of the OEWG II process in order to be effective.
The CyberPeace Institute is concerned that the documents shared ahead of the first substantive session of OEWG II do not specifically mention the inclusion of civil society, they do not provide enough information on how non-state actors can participate in the first substantive session, and there is an overall lack of transparency and visibility offered for multistakeholder contributions throughout the process. Non-governmental stakeholders have been invited to an informal discussion ahead of the first substantive session, however, one ad hoc discussion is not a systematic or substantive approach to multistakeholder inclusion.
Some states have voiced concern about the lack of inclusion of civil society, as they are strong proponents and advocates for the inclusion of the multistakeholder community in UN processes. Non-state actors are also active in this area and have published a letter through the Let’s Talk Cyber initiative, which calls for “systematic, sustained and substantive” engagement through five points that call for greater transparency and inclusion in the process.²
Updates since OEWG I
Improved accountability in cyberspace takes time, and needs to be based on an evidence-led perspective. A data-driven analysis underpins the Institute’s advocacy work for a multistakeholder approach in the upcoming OEWG II discussions. For example, the Institute launched the Cyber Incident Tracer (CIT) #HEALTH to make data and facts about cyberattacks publicly accessible in one place. As this platform aggregates more and more data on disruptions, it can be an important reference for those seeking accountability in cyberspace and the quest for justice. With greater transparency about cyberattacks, the relevant laws can be more easily applied in practice to cases. Based on the data collected in CIT #HEALTH, the Institute recently published an Addendum to complement the Strategic Analysis Report published in March 2021. There are specific recommendations for governments throughout this work. The Report and Addendum can serve those engaged in the OEWG II process and other relevant fora to understand the true scale and impact of attacks against healthcare, and underscore that more must be done to protect this sector.
OEWG II: Priorities and Changes
The Institute has followed the developments ahead of OEWG II, set to run from 2021-2025, with great interest. So far, a change to note is the working group’s name. OEWG I was titled “Open-ended working group on developments in the field of information and telecommunications in the context of international security” whereas through UNGA resolution 75/240, OEWG II has been changed to “Open-Ended Working Group on security of and in the use of information and communications technologies.” Words count. This change in name is a signal that discussions could move away from responsible state behaviour and actions, to the security implications of information and communications technologies (ICTs). This could be a shift away from the political-legal considerations, such as how to build capacity and apply international law to cyberspace, to more military-centric considerations on the practical use of existing and emerging technology. It will be important to follow the first substantive session of OEWG II for clarity in this regard.
Additionally, there are several points that need to be discussed in OEWG II for the process to meet the priorities previously outlined by the Institute in an overview of OEWG I’s Final Report. This includes concerns about the overall lack of a human-centric approach, specifically regarding the analysis of threats and the implementation of confidence building measures in cyberspace. Focusing efforts around people and their rights is necessary not only as a means to foster cooperation but also in terms of practical application of the agreed upon norms. As underlined in the Final Report, the lack of actionable steps towards greater accountability in cyberspace is a serious concern. These issues remain key for the CyberPeace Institute, and are especially relevant for the proposed Programme of Action whose aim is to implement the recommendations outlined in OEWG I’s Final Report. To be clear, states are not acting alone, and should include the non-state actor community to assist in creating solutions for these issues.
Ahead of OEWG II’s first substantive session, the Institute, along with others from the multistakeholder community, published a Statement on the value of multistakeholder engagement in the OEWG process (2021-2025). This Statement focuses on how a multistakeholder approach would assist in the OEWG II discussions based on the wealth of knowledge and expertise that the community has to offer. Non-state actors are an untapped resource when it comes to the practical implementation of laws and norms, and can also be a key area of support for the Programme of Action. The CyberPeace Institute calls on all stakeholders to make their voices heard in this process, and call on all states to support the engagement of non-state actors. Together, a more stable, accountable cyberspace is possible.
¹ The UN Group of Governmental Experts (GGE) is made up of a limited number of Member States and restricts their consultations to regional organisations. The UN Open Ended Working Group (OEWG) includes all interested Member States and historically consults the multistakeholder community. For more information on the differences between the UN OEWG and GGE processes, please see the Geneva Internet Platform’s comparison.
² Forthcoming ‘Multistakeholder Letter for the OEWG Chair on Modalities.’
Juliana Crema is Research Associate with the Advancement team at the CyberPeace Institute.
© Copyright: The concepts and information contained in this document are the property of the CyberPeace Institute, an independent non-governmental organization headquartered in Geneva, unless indicated otherwise from time to time throughout the document. This document may be reproduced, in whole or in part, provided that the CyberPeace Institute is referenced as author and copyright holder.