The United Nations Open-Ended Working Group on the security of and in the use of information and communications technologies (OEWG) concluded its seventh substantive session in early March. Delegations gathered in New York to discuss proposals to advance the framework of responsible behaviour in light of present and emerging cyber threats and the needed capacity-building efforts. With the group’s mandate expiring …
Striking the Right Balance: How to Publicly Attribute a Cyber Operation to Another State
In recent years, publicly attributing the authorship of malicious cyber operations to another state has become an increasingly popular policy response for many states. Given the political attention these official public political attributions receive, it is vital for states to reasonably explain and justify the reasoning behind particular public attributions. In striking a balance between disclosing and strategically withholding information, …
Ahead of the Threat(s)?
With the new Dutch International Cybersecurity Strategy for 2023-2028, the government of the Netherlands demonstrates responsibility and agency in the face of continuous cyber threats posed by states and criminals. It aspires to keep democratic and human rights and norms top of mind and seeks to preserve a globally open, free and secure internet. The strategy makes clear the government’s …
The Global Digital Compact: Progress Towards Digital Cooperation
This article recaps the genesis and evolution of the Global Digital Compact, an ambitious initiative born out of the United Nations’ 75th anniversary declaration. Against the reality of escalating global tensions, the 2020 declaration emphasised the urgency of upholding the organisation’s founding principles. The proposed Compact represents a response to the challenges posed by digital technologies, which both offer immense …
Africa’s Cybersecurity Treaty Enters into Force
The Malabo Convention has now entered into force. But with ratifications from only 15 of 55 AU member states – and none yet from any of Africa’s power countries, such as Egypt, Algeria, Nigeria, South Africa, Kenya, Morocco or Ethiopia – will the Convention be accorded the regional and international validation needed to become a viable instrument for regulating cybersecurity …
From Westphalia to San Francisco: A cyber and digital perspective on the changing nature of European diplomacy and transatlantic relations
Gerard de Graaf is no stranger to EU digital policies. He serves as EU Senior Envoy for Digital to the US and currently heads the EU Office in San Francisco. Prior to his recent appointment, de Graaf was Director responsible for the Digital Services and Digital Markets Acts in the Directorate-General for Communications Networks, Content and Technology, and co-chaired two …
Coordinated Vulnerability Disclosure: A Quick Win for Cyber Norms and Software Security
In 2015, UN member states committed themselves to fostering software supply chain security. But the issue has since been neglected in international forums, even as software supply chain compromises have severely impacted individuals, companies and societies. To begin to close this implementation gap, diplomatic action should focus on global promotion of processes of coordinated vulnerability disclosure (CVD). This would both …
Striking the Right Balance: A Commentary on the Fourth Substantive Session of the OEWG on ICTs
The recent meeting of the OEWG on ICTs in New York was held amidst a climate of significant global cyber threats and geopolitical tensions. The meeting was successful in terms of attracting a high number of new proposals and broad participation from member states, which is particularly valuable in the current climate of multilateral uncertainty. However, the OEWG faces the …
Top 5 Cyber Policy Articles to Read For 2023
The past year has been a busy one for cyber and digital diplomacy. Discussions by the UN Ad Hoc Committee on Cybercrime and the UN Open-ended Working Group on responsible state behaviour in cyberspace have advanced global debate on these issues and have included much more participation from the Global South. However, decisions about the participation of non-governmental stakeholders left …
Multi-stakeholder Governance of Cyberspace – Merely a Myth?
Blocking non-state stakeholders’ participation in discussions about the information and communication technology environment may set a dangerous precedent for the future