Cybersecurity digest (June 2019)

3 Jul 2019

This extract is taken from the June 2019 issue of The digest, GPD’s flagship newsletter. Sign up here.


As predicted in last month’s edition of the Digest, June was a busy month for the ongoing processes around cybernorms at the First Committee (for the uninitiated, here’s an explainer).

New York hosted the first organisational meeting of the Open Ended Working Group (OEWG), where a range of issues were discussed—including the programme of work and stakeholder participation. Read our key takeaways from the OEWG meeting and UNIDIR’s Cyber Stability conference here.

Since we published those takeaways, the registration process for the first substantive meeting of the OEWG has been announced. However, several questions remain unanswered about non-governmental participation. It’s hoped that the UNODA will be able to offer more clarity before the deadline on 12 July.

Over at the UN Group of Governmental Experts (GGE), the current focus is on regional consultations, which will feed into the first meeting of the GGE in December. Two of these regional consultations—with the EU and the Organization for Security and Co-operation in Europe (OSCE)—took place in June. You can watch segments of the EU discussions here, and read a brief overview of the OSCE consultation here. The next regional consultation is with the Organization of American States and is scheduled for 15-16 August in Washington D.C. We expect to have more information to share on this in next month’s newsletter.

At this stage it’s difficult to predict what the key fault lines will be in discussions at the OEWG and GGE. But two of the events we attended this month—the UNIDIR conference in New York and RightsCon in Tunis—might offer some clues. Both saw considerable debate on the question of whether new cybernorms are needed, with some stakeholders saying they are, and others arguing that the norms set out in the last consensus report of the 2015 report are sufficient. Two other questions likely to cause friction:

  • What should the roles and responsibilities of different stakeholders be in cybersecurity discussions?
  • What cyber-related issues should states be allowed to discuss? (e.g. should this include broader internet governance issues?). On the evidence of recent statements by the Russian and EUdelegations at the OEWG’s first meeting, it seems likely that a wide range of controversial issues will be brought to the table for the first meeting in September.

In other news:

  • The GCSC met in the Hague this month to discuss its upcoming report on cyber norms, due at the end of the year.
  • The UNSG’s High Level Panel on Digital Cooperation report was published, and included a recommendation for the “development of a Global Commitment on Digital Trust and Security”.