Diplo and Geneva Dialogue at IGF 2023: ICT vulnerabilities: Who is responsible for minimizing risks?
Specifically, the session delved into the implementation of cyber norms, with a particular emphasis on the involvement of non-state actors and relevant stakeholders in this process. Two specific norms of interest were supply chain security and the responsible reporting of ICT vulnerabilities.
On the final day of the Internet Governance Forum 2023 (IGF), Diplo, with its partners from the Geneva Dialogue on Responsible Behaviour in Cyberspace (GD), co-organised a side session titled ‘ICT vulnerabilities: Who is responsible for minimizing risks?‘ The session was moderated by Diplo’s Cyber Diplomacy Knowledge Fellow, Anastasiya Kazakova, and Diplo’s Director of Cybersecurity & E-diplomacy, Vladimir Radunović, who moderated the session online. Additionally, Pavlina Ittelson, Executive Director for Diplo US, participated in the discussion.
The session’s primary focus was on addressing vulnerabilities in digital products and implementing cyber norms to enhance cyber stability. This included discussions about responsibilities for these vulnerabilities, necessary actions, and the impact of established cyber norms, such as those set by the UN Group of Governmental Experts (UN GGE) and the Open-Ended Working Group (OEWG).
Specifically, the session delved into the implementation of cyber norms, with a particular emphasis on the involvement of non-state actors and relevant stakeholders in this process. Two specific norms of interest were supply chain security and the responsible reporting of ICT vulnerabilities. The session aimed to break down the expectations and actions needed by various stakeholders to uphold these norms and foster cybersecurity and responsible conduct in the digital realm.
Anastasiya Kazakova began its deliberation by presenting the Geneva Dialogue on Responsible Behaviour in Cyberspace.
The Geneva Dialogue on Responsible Behaviour in Cyberspace (GD) is an international process established in 2018 to map the roles and responsibilities of actors – private sector, civil society, academia, and the technical community – in implementing specific international norms and principles, starting from the cyber-norms agreed by the UN GGE and OEWG and thus in contributing to greater security and stability in cyberspace. As a process led by the Swiss Federal Department of Foreign Affairs (FDFA) and implemented by DiploFoundation, in partnership with the Center for Digital Trust (C4DT) and UBS, the Geneva Dialogue aims to develop the Geneva Manual, a comprehensive guidance for relevant stakeholders on cyber norms implementation. Findings from the session will directly feed into the drafting process of the Geneva Manual.
The initiative’s outcomes include the development of the Geneva Manual, emphasis on supply chain security and responsible reporting of vulnerabilities, and the recognition of the complexities surrounding the technical community. Kazakova underlined the need for further categorisation of digital products and cautioned against relying solely on product labels for security assurance.
Within the context of the Geneva Dialogue (GD) and the realm of cybersecurity, Vladimir Radunović provided a more in-depth elaboration:
Mr Radunović provided a overview of the key factors and considerations in implementing cyber norms for ICT security and the security of digital products., noting that it is a collective endeavour that involves multiple stakeholders. He emphasised the indispensable role of non-state actors, such as civil society, industry, and individual users, in effectively implementing cyber norms. Their participation ensures transparency, accountability, and collective responsibility in addressing cybersecurity concerns, particularly in the context of supply chain integrity and responsible ICT vulnerability reporting.
Radunović also raised concerns regarding the potential for national cybersecurity authorities to misuse vulnerabilities for state purposes. This led to a discussion about finding the right balance between state involvement and safeguarding against potential abuses of power. Finally, Radunovic reminded of the global nature of cybersecurity threats – that transcend borders. Global collaboration and a well-crafted regulatory framework provide the structure and support required to safeguard our digital infrastructure. These two pillars are vital in ensuring our collective cyber resilience.