BPF 2021 Cybersecurity

The BPF Cybersecurity 2021 on the use of norms to foster trust and security, intends to take a deeper look at the drivers of cyber norms and test these norms concepts against historical Internet events, to better understand how speficic norms can be effective at mitigating adverse cybersecurity events.  (MAG Agreed BPF proposal )

BPF Cybersecurity Final Report (December 2021)



BPF Cybersecurity session @IGF2021 - Friday 10 December, 10:15-11:45 UTC


Session agenda

  1. Introductory remarks
    1. Introduction to the BPF on Cybersecurity   (Hariniombonana Andriamampionona, MAG BPF Facilitator / Markus Kummer, BPF Facilitator )
    2. Introduction to 2021 work   (Maarten Van Horenbeeck, BPF Lead expert)
  2. the BPF 2021's three workstreams
    1. Workstream 1 - Mapping and Analysis of International Cybersecurity Agreements: Overview of findings   (Pablo Hinojosa / Eneken Tikk)
    2. Workstream 2 - Testing Norms Concepts Against Internet Events: Overview of findings   (Mallory Knodel)
    3. Workstream 3 - Outreach and Cooperation with other IG(F) Events : update on external engagement   (Sheetal Kumar)
  3. Participant Panel   (Moderators: Mallory Knodel, Pablo Hinojosa; Panelist : Eneken Tikk, Lobsang Gyatso, Sheetal Kumar, Chris Painter, Sherif Hashem, Art Manion, Siena Anstis)



Draft findings of the BPF on Cybersecurity 2021  https://www.intgovforum.org/en/filedepot_download/235/20029 

Workstream 1

Mapping Analysis of International Cybersecurity Norms Agreements - Draft Report (November 2021) https://www.intgovforum.org/en/filedepot_download/235/19829

Mapping Analysis of International Cybersecurity Norm Agreements - Draft References Document (November 2021)  https://www.intgovforum.org/en/filedepot_download/235/19830

Workstream 2

Testing Norms Concepts Against Cybersecurity Events - Draft Report (November) https://www.intgovforum.org/en/filedepot_download/235/20025


  • Thursday, 29 April, 15:00 UTC, BPF Kick-off meeting, slide deckrecording (passcode @D?Aj771 )
  • Thursday, 1 July, 6:00 UTC, BPF Update meeting, slide deck, recording (passcode Me$*Un2S )
  • Thursday, 19 August, 15:00 UTC, BPF Update meeting, agenda, recording (passcode u9X3YU$n )
  • Thursday, 14 October, 6:00 UTC, BPF Update meetingrecording (passcode q!I529q= )
  • Friday 10 December, 10:15-11:45 UTC BPF workshop during the IGF 2021 in Katowice 

*work sessions of the BPF's workstreams will be organised on a need-basis inbetween the scheduled updates, and announced on the BPF mailing list.

  • BPF update to the IGF Open Consultation & MAG meeting, 29 Sept (slide deck)
  • BPF update to the IGF Open Consultations & MAG meeting, 22 June (slide deck)
  • BPF update, NRI Assembly, EuroDIG, 28 June, (slide deck)

Preparatory process

draft BPF Workstreams and deliverables 

Workstream 1:  Update the BPF's mapping of agreements

Deliverable:  publish a research paper

During 2021, we intend to take a deeper look at the drivers of cyber norms. These may include concerns raised by internet users, security incidents, and other events. We plan to take a closer look at which ideas behind the norms have shown continuity during various incidents and stages of problematic behavior.


Workstream 2:  Testing norms concepts against Internet events

Deliverable:  discuss which core ideas behind the normative agreements had the most continuity through various incidents at the BPF meeting in December.

Research question: how would specific norms have been effective at mitigating adverse cybersecurity events?

Work package 1: List of significant historical cybersecurity events

Identify criteria to select major historical cybersecurity events (including adverse events such as incidents) that are representative of cybersecurity issues, and that in some cases may have informed norms development.

Work package 2: Analysis and background brief for each historical cybersecurity event

Review the selected events, and evaluate from the BPF’s prior reports, as well as other published research and reports, whether or how cyber norms have been successful at mitigating their adverse effects. We’ll also include how those events may have supported norms implementation, or expanded the scope of an existing norm.

Work package 3: Qualitative research that includes the voices of those affected by cybersecurity events

Participant interviews with incident responders and victims of historical cybersecurity events will be analysed and presented in order to understand their first-hand perception of the applicable norms and their response to the research question, “how would specific norms have been effective at mitigating adverse cybersecurity events?”


Workstream 3:  BPF outreach and cooperation with other IGF initiatives

The United Nations Secretary-General's Roadmap for Digital Cooperation, para 93, envisages a strengthened IGF, including by better integrating programme and intersessional policy development work to support other priority areas outlined in the report.

Work package 1: Drive engagement and participation in the BPF

Engage with stakeholders to drive engagement and participation in the BPF, including outreach to other IGF community activities, such as the National and Regional IGFs, the Dynamic Coalitions, Policy Networks.

Work package 2: Better integrate BPF work in the IGF Programme and activities

Actively explore synergies and opportunities to integrate the BPF's work in the overall IGF programme and to contribute to other IGF activities.



BPF Coordinating team

  • MAG BPF Facilitator: Ms Hariniombonana Andriamampionona
  • BPF Co-facilitator: Mr Markus Kummer
  • BPF Lead expert: Mr Maarten Van Horenbeeck
  • Lead Workstream 1: Mr John Hering
  • Lead Workstream 2: Ms Mallory Knodel
  • Lead Workstream 3: Ms Sheetal Kumar, Mr Markus Kummer
  • Consultant IGF Secretariat: Mr Wim Degezelle

contact [email protected]



Participation in the work of the BPF Cybersecurity is free and open to all interested. Participants are expected to respect the IGF Code of Conduct .

Subscribe to this BPF mailing list:

For general inquiries on the BPF Cybersecurity please contact [email protected] .



Related work on norms by the BPF Cybersecurity