Cybersecurity digest (March 2020)

1 Apr 2020

This extract is taken from the March 2020 issue of The digest, GPD’s newsletter. Sign up here.


The pandemic has reportedly brought about a sharp increase in cyberattacks—including likely acts of “cyberespionage” by state actorsAt the same time, global travel bans and a marked lack of intra-state solidarity—even among historic allies—seem to be signalling a turn (at least temporarily) away from the international order. 

What will this mean for the emerging framework around cyber norms and responsible state behaviour in cyberspace? At the time the virus struck, discussions were progressing at the UN’s First Committee (albeit slowly, and with many sticking points). 

While the Group of Governmental Experts (GGE) and Open Ended Working Group (OEWG) have yet to say anything publicly about COVID-19, other stakeholders have not been silent. The International Red Cross—an active stakeholder in OEWG discussions—has proposed a new cyber norm on not harming medical facilities. Existing GGE norms on protecting critical infrastructure (widely understood to include health facilities) have also acquired a new salience with this crisis. It is crucial that all states respect them.

Final note: for those engaging at the First Committee—here’s a quick rundown of what’s coming up:

  • Consultations on the OEWG pre-draft report have just been extended to 16 April (you can read our submission here). For information on submitting as a non-governmental stakeholder, contact the NGO liaison Allison Pytlak (
  • The new draft is scheduled to be released in May.
  • For now, the plan is still to hold informal intersessionals in late May. Obviously, as with the last substantive session scheduled for July, this might change.