Check-in and access this session from the IGF Schedule.

IGF 2020 BPF Cybersecurity

    Time
    Tuesday, 17th November, 2020 (12:50 UTC) - Tuesday, 17th November, 2020 (14:20 UTC)
    Room
    Room 1
    About this Session
    'Exploring best practices in relation to international cybersecurity initiatives.'

    Join the BPF in discussing what cybersecurity can learn from normative principles in global governance and in exploring best practices in relation to international cybersecurity initiatives.

    Session agenda  

    1. Introduction to the work of the BPF in 2020

    2. Norms development in cyber vs. the real world 

    3. Analysis of new cybersecurity agreements

    4. Discussion

    5. Wrap up

     

    Confirmed panelists

    • Moliehi Makumane, Government of South Africa
    • Pablo Hinojosa, APNIC
    • Sherif Hashem, SUNY Polytechnic Institute
    • Louise Marie Hurel, Igarapé Institute
    • Isaac Morales, Government of Mexico
    • Stéphane Duguin, CyberPeace Institute
    • Aude Gery, GEODE

    Discussion leads 

    • John Hering, Microsoft
    • Sheetal Kumar, Global Partners Digital
    • Maarten Van Horenbeeck, First 

    Presentation of the BPF background paper

    • Anastasiya Kazakova, Kaspersky
    • Apratim Vidyarthi, University of Pennsylvania Law School

     

    BPF Cybersecurity webpage

    https://www.intgovforum.org/content/bpf-cybersecurity

    BPF papers 

    1. Key Policy Questions and related issues
    What trends and commonalities can be identified between different international agreements and initiatives on cybersecurity?
    To what extent do international agreements and initiatives on cybersecurity include one or more of the 11 norms contained in the 2015 Report of the UN Global Group of Experts (adopted under UN GA Resolution A/RES/70/237)?
    What can cybersecurity policymaking learn from normative principles in global governance?
    2. Summary of Issues Discussed

    Looking at norms developed in other fields can provide useful lessons for better development, implementation and respecting of norms in the area of cybersecurity. 

    The development and implementation of norms should include both policy / diplomatic professionals as well as technical experts.

    Norms development should be open and inclusive in order to include developing countries and stakeholders.

     


     

    3. Key Takeaways

    Even if not binding themselves, norms can play an important role in helping to interpret and implement binding aspects of international law. Norms matter for cybersecurity because the internet is a decentralized, multinational entity that is hard to govern. Internet governance therefore relies on multistakeholderism, which forms the basis for norms. There are useful lessons to learn from norms developments in other areas:

    • Successful norms are concrete, specific, and often create processes to foster implementation and accountability
    • Powerful norm promoters can be critical for success, as can be incentives and persuasion
    • Failures happen and are inevitable but can become the basis for success
    • Norms development, even without results, creates socialization, which can be critical for further success

    While norms are often developed via multilateral diplomacy and state-driven efforts, there is an important role for non-state actors from private sector and civil society, providing expert input into both the substance of the norms as well as how they can be implemented. It is also important to involve technical experts, both in the development of norms (to avoid creating unintended negative consequences on the technical operation of the Internet), and to bring technical and policy professionals together to work on implementation of norms.

    There are challenges in both developing norms that have wide support and then subsequently in having them implemented. Guidelines can be helpful in supporting implementation of norms. 

    There are also concerns that cybersecurity norms development processes are not always open and inclusive to all countries and stakeholders.

    The work of the BPF has been valuable in tracing norms and finding commonalities, even where there are differences in language and terminology.

     


     

    6. Final Speakers

    1. Introduction to the work of the BPF in 2020

    Maarten Van Horenbeeck, FIRST

    Sheetal Kumar, Global Partners Digital

     

    2. Norms development in cyber vs. the real world 

    Apratim Vidyarthi, University of Pennsylvania Law School

    Anastasiya Kazakova, Kaspersky

     

    3. Analysis of new cybersecurity agreements

    John Hering, Microsoft

     

    4. Discussion

    Moliehi Makumane, Government of South Africa

    Pablo Hinojosa, APNIC

    Sherif Hashem, SUNY Polytechnic Institute

    Louise-Marie Hurel, Igarapé Institute

    Isaac Morales, Government of Mexico

    Stéphane Duguin, CyberPeace Institute


     

    8. Session Outputs

    Full details of the BPF’s work this year can be found at the BPF’s webpage - https://www.intgovforum.org/content/bpf-cybersecurity. These include: 

    • What Cybersecurity Policymaking Can Learn from Normative Principles in Global Governance  -  Background document (download .pdf)

    The Internet Governance Forum’s thematic intersessional work on cybersecurity intends to guide submissions to the 2020 Best Practice Forum on Cybersecurity’s final, annual report. By taking the time to identify successful norms initiatives and their role in policy change, the BPF Cybersecurity grounds its analysis of a wide variety of Cyber Norms initiatives in the lessons learned throughout the stages from early development to implementation. The examples studied in this review were chosen for their effectiveness and are not necessarily related to or even tangential to technology or the internet. By looking to successful norms frameworks the BPF Cybersecurity, and the initiatives it has invested in, might better understand the strengths, flaws, and why some norms initiatives have ultimately succeeded. 

    • Exploring Best Practices in Relation to International Cybersecurity Agreements - draft Research paper (download .pdf)

    The IGF 2020 Best Practice Forum (BPF) on Cybersecurity’s workstream on exploring best practices in relation to international cybersecurity agreements is focused on updating and further advancing the analysis of the 2019 BPF report on the state of international cybersecurity agreements, with a more narrow focus on cyber norms agreements. Its work includes:

    • Identifying new agreements and developments since last year to include in the analysis.
    • Reviewing and refining the scope of agreements to be included in the report.
    • Identifying a core group of agreements to include in the 2020 analysis.
    • Identifying trends and commonalities between contents of cyber norms agreements.
    • Releasing a call for contributions to gain further input on these selected agreements and their implementation.
    • Updating last year’s research paper with new learnings about implementation regarding these core agreements.

     

    • Identifying additional international agreements and initiatives on cybersecurity, and performing a deeper analysis of a set of agreements  -  Call for contributions 

    In 2020, the BPF Cybersecurity is building on its 2019 report by focusing on identifying additional international agreements and initiatives on cybersecurity, and performing a deeper analysis of a narrower set of agreements. In this deeper analysis, we’re looking specifically at whether the agreement includes any of the UN-GGE consensus norms; and whether any additional norms are specifically called out.

    The narrower set of agreements is focused on those that are specifically normative, rather than having directly enforceable commitments.  The Best Practice Forum on Cybersecurity is calling for input for its 2020 effort. Input will feed into the BPF discussions, the BPF workshop during the virtual IGF2020 and this year’s BPF output report.