Technology & Trade

Stimson Center Statement to the UN Open-ended Working Group on Cybersecurity as It Completes its Work, March 2021

Work cannot wait for the new OEWG to begin
NGOs and others can help UN jumpstart its efforts by doing the research needed to address some critical questions such as accountability, non-duplication of efforts and action priorities.

Thank you, Ambassador Lauber, for your leadership and to Reaching Critical Will for supporting civil society’s engagement. The OEWG report is inspiring – especially as we have seen all the work that has been done to try to achieve consensus. I also want to extend much appreciation for the Chair’s Summary addended to the report; this summary well highlighted many points of difference among the States. 

I want first to make some observations then offer some help. 

The UN needs to fast track its work on ICT security. The UN is a thoughtful body that generally works via consensus.  ICT risks, however, evolve quickly along with States’ and criminals’ threatening capabilities. These capabilities have increasingly been exercised recently. States and individuals are now feeling forced to react to the many cyber incidents being experienced. 

In many States, public discussions and domestic legislation are calling for increased accountability and recompense. What will and is happening is that States will start adopting some legislation and supporting judicial approaches outside of thoughtful UN discussions. Some of these actions may inadvertently threaten cyber stability – or may benefit stability. What happens when a State eliminates sovereign immunity so that individuals can sue in domestic courts for damages incurred by the actions of a foreign state or state-supported actor? What happens when States have uncoordinated approaches to vulnerability disclosures? What happens when a State holds an international final goods assembler liable for vulnerabilities? This is all starting to happen now, and we don’t know what the ending will be.

Such national legislative and judicial actions could better support a safe and secure ICT environment if developed in discussions among States that could collaborate to support a more reflective and effective approach to ICT security and accountability. The GGE may well present, when it concludes its own work, some recommendations along these lines such as calls for regional cooperation in approaches. But even if States agree to try to coordinate among themselves, progress will be slowed by politics. 

This is where civil society can help. Take some of the competing but contentious ideas as well as some the aligned but uncoordinated ideas and move them quickly outside of the UN where they can be researched, with alternative approaches to action transparently assessed. Such independent work could then move back into the UN where it could help jumpstart UN efforts. For example: 

  • What should be in a Programme of Action? An intermediary NGO can survey States and stakeholders to develop options for what should be in the Programme, then develop and apply criteria for acceptance and present alternatives on how to proceed. Such a report could aid the next OEWG in its efforts to agree on a Programme.
  • How should States have future regular institutional dialogue in the OEWG without duplicating existing mandates of other UN bodies? External non-profit advisors can be asked to work with UNODA and/or UNIDIR to define in detail the overlapping mandates and their work status and propose alternative mechanisms for coordination – with process mapping!
  • How could a universally-accepted, common approach and understanding of the source of ICT incidents at the technical level be developed under the auspices of the United Nations? Lessons can be learned from considering how States have developed agreement over accountability in other areas. Cyber is simply another threat domain that can be added to existing conventional, nuclear, radiological, chemical, and biological threats. Mechanisms already exist for holding States and individuals accountable for actions that harm or could cause harm from these. 

I believe most of the non-State actors who have participated in these discussions stand ready to contribute their expertise to UN efforts – as does the Stimson Center. Just let us know how we can help. 

Contact: Debra Decker, Senior Advisor, Stimson Center, [email protected]

The UN OEWG Final Report, Chair’s Summary and related documents,  see: 

For consolidated information, including the new OEWG starting in 2021, see: Reaching Critical Will 

Share on twitter
Share on facebook
Share on linkedin
Share on email
Part of the Cyber Security Project
Choose Your Subscription Topics
* indicates required
I'm interested in...
38 North: News and Analysis on North Korea
South Asian Voices