“Confidence building is a long journey. It has ups and downs. It gets pulled off course by different factors so a strong foundation in which to base our discussion is crucial to keep moving forward,” said Kathryn Jones, Head of International Cyber Governance, United Kingdom, during the 2021 Cyber Stability conference organised by the United Nations Institute for Disarmament Research (UNIDIR).
The panel discussion, moderated by Samuele Dominioni, Researcher, UNIDIR, was convened to discuss the importance of confidence-building measures (CBMs) in reducing tensions among countries. The panel consisted of Gerardo Isaac Morales Tenorio, Coordinator for Multidimensional Security, Multilateral Affairs, Ministry of Foreign Affairs of Mexico; Yutaka Arima, Ambassador for Cyber Policy of the Ministry of Foreign Affairs of Japan, and Kaja Ciglic, Senior Director, Digital Diplomacy, Microsoft.
There are increased instances of states developing ICT (Information & Communications Technology) as an instrument of warfare which means it is crucial to develop confidence-building measures to reduce the risk of misperceptions and avoid conflicts.
Countries must elaborate on the role of ICT agencies, remarks Kathryn Jones
Role of regional collaboration: “The UN has a strong role in global confidence-building measures but we’ve seen regional organisations really pick up these confidence building measures and progress has tended to be faster at the regional level. It’s obviously easier to build confidence within an established relationship. Regional fora such as OSCE have resource pools which reduce the cost to individual states of having to build bilateral CBMs individually,” Jones told the gathering.
Leveraging United Nations: “…fills a gap by sharing experience and by providing a space in which avenues for collaboration and mutual learning can be established. The membership of the UN is a diverse group of states and all will never take the same approach with everything and we don’t need to but we do need to understand how other states see things and crucially, how they might act in cyberspace so as to avoid that misunderstanding and inadvertent escalation,” she explained.
Transparency: “OEWG is supporting transparency at the most basic level and in securing consensus adoption of the latest resolution. The national position statements’ annex to the GGE report from 2021 was a tangible example of transparency CBMs in which, states committed to sharing their views for the benefit of stability and predictability in cyberspace,” Jones underlined.
Defining the scope of ICT agencies: “I would like to highlight the call in the 2021 GGE report that states should clarify their positions on the ICT security agency’s mission and functions as well as their ICT strategy at the national and organizational level and the legal and oversight regimes under which those agencies operate because whether we like what the state is doing or not, if we understand these broader patterns of behavior, we can easily mitigate risks to international peace and stability,” she added.
Terminology: “It is a very challenging point. We need to understand each other and be able to understand where each other is coming from as we all conceptualise things differently. It’s quite difficult to align different conceptual frameworks into one clear set of terminology that we could all agree on except for negotiating legally binding agreements. The building of understanding is our main challenge here,” Jones said.
Mutual understanding among different governments is important in cyberspace, asserts Yutaka Arima
Arima revealed that Japan regularly carries out cyber dialogue with various countries to exchange views on cyber policies and activities and considers it important to engage within the regional framework.
Regional outreach: “Japan has co-chaired cybersecurity-related meetings with Malaysia and Singapore within ASEAN Regional Forum. It was a good opportunity to share each country’s respective cyber policies as well as to exchange views on region-wide cyber activities,” he mentioned.
Pinning hopes on OEWG: “…has an important role as a confidence-building measure. Member states can share their cyber policies and views on relevant issues in the OEWG. The OEWG could then possibly have an annex to the annual progress report that compiles the national policies of participating countries or have links on its official website,” Arima advised.
- Multi-stakeholder approach: “…had the participation of the civil society, academia and the business community. The multi-stakeholder approach will promote mutual understanding between different players, such as governments, the private sector and academia, which is also important for the development of cyberspace,” he added.
- What would Japan like? “A level of understanding of cyberspace among a substantial number of member states that will make it easier for them to understand what other countries are doing and measure that in concrete terms,” Arima explained.
Joint exercises: “We hope there are joint exercises as a result of these discussions or cooperative measures coming out of regular discussions. I hope there are cooperative activities that member states will take part in to enhance trust among each other in cyberspace,” he said.
Agreement on norms for responsible behaviour: “It is a very difficult issue. We have to agree on norms for responsible state behaviour which we have in a way through UN fora. There is trust but how do you verify it? A country will need exceedingly well-qualified and capable people to verify if there is malicious activity coming from a country that claims to abide by all the norms or if it’s coming from someone who is not making any claims,” Arima concluded.
CBMs are a precursor to political will, states Isaac Morales
Relevance of CBMs: “It is important to reiterate that the CBMs are part of the tools and measures to prevent conflict, of course, to promote a peaceful settlement of disputes and to prevent any escalation of disputes and conflicts. They can also be used to promote peaceful uses and encourage member states to use cyberspace for collaboration,” Morales conveyed.
- Using CBMs to build cooperation: “CBMs are linked to the identification and dealing with threats and challenges. It is necessary to encourage concrete cooperation and capacity building programmes,” he explained.
Clear expression: “CBMs are a clear expression of tools driving states to action. These tools are encouraging us at the international level, at the national level, at the regional level, to put into practice and go to action,” said Morales.
Using the Organisation of American States (OAS): “CBMs could be considered a precursor of political will and commitment to the collective endorsement and implementation of the voluntary norms of responsible state behaviour in cyberspace. For instance, a more formal and continuous dialogue on cyberspace has been consolidated by the OAS increasing the relevance of discussions related to cyber security, the applicability of international law and cyberspace governance,” he remarked.
Significance of stakeholders: “The role of other stakeholders and service providers, private sector, civil society, academia, is key to not only encourage member states to put into practice (CBMs) but also to help them with the most operative elements related to CBMs,” Morales stated.
Develop universal understanding of CBMs: “Confidence building is not universally understood in exactly the same way but we do need to increase confidence and then we need more measures and commit ourselves to implement them. It is important to step forward on the goals and commitments that we have from these (OEWG and GGE) reports and standardising interactions in cyberspace under the framework. It will be important to avoid any detailed discussion on concrete terms,” he detailed.
- Gradual process: “We need to work on a gradual process to identify, with the greatest possible degree of clarity, factors which could adversely affect mutual trust in a given situation,” Morales concluded.
CBMs are an iterative process, comments Kaja Siglic
Continued focus: “It is important to have regular conversations, including with groups that are not necessarily close to you. It’s also important that the conversations do not stay at a theoretical level but they are supplemented by exercise which simulates real-life situations where you would need to cooperate with your counterparts in different countries and in different sectors,” Siglic underscored in her response.
Including non-state perspectives: “The private sector and technical communities specifically have an important role to play when it comes to response and preventing escalation. They are often called in at the national level, and when something happens. We must work together to ensure that there is a cross-sectoral conversation and cross-country conversation going on around incidents in particular. I would look at confidence-building measures which do not just look at the diplomatic community or the policy community but also the technical community,” she suggested.
Banking on Information Sharing and Analysis Centre: “Companies can build trust through various information sharing organisations wherein companies exchange information, and share threat intelligence with each other including with governments and others. There are formal structures and then there are informal relationships. For example, the case of SolarWinds‘ hack after another company alerted us and we issued protections,” Siglic said.
Calling out states acting in bad faith: “This space needs to call out states which are bad actors when they are not accountable. It should not be: ‘you’re a bad person’ but also include which particular norm was breached or which particular international law or agreement,” she concluded.
- UN Cyber Stability Conference: Understanding Threats In Cyberspace
- Transparency needed in content moderation rules of social media firms, UN rapporteur agrees
- AI has been key in automating various cybersecurity practices: Shapoorji Pallonji CISO
- A government project that provides cybersecurity advice to citizens is in the works: Report
Have something to add? Post your comment and gift someone a MediaNama subscription.