What’s new with cybersecurity negotiations? The informal OEWG consultations on capacity building
In May 2023, delegations met in New York for an informal meeting on capacity building and discussions on all topics under the Open-Ended Working Group’s (OEWG) mandate. Lines drawn long ago don’t seem to be budging. Operalisation and implementation of existing vs elaboration of new rules and mechanisms are causing issues across the board. It seems that the discussions on threats is the most straightforward. Let’s delve into the intricacies of these discussions to gain a deeper understanding of the current dynamics.
At the first session of the OEWG intersessional meetings, the chair held an informal roundtable on cyber capacity building where UN agencies and international organisations spoke on capacity building in the area of ICT security.
First, the Counter-Terrorism Committee Executive Directorate (CTED) emphasised its role as a key facilitator of capacity -building for member states in the field of ICTs and terrorism. CTED identified critical technical assistance gaps in combating terrorist and violent extremist activities online and made a number of recommendations for member states to address those challenges CTED highlighted comprehensive training programmes designed for law enforcement and criminal justice practitioners dealing with digital evidence as well as technical assistantships on how to identify and investigate terrorism-financing crimes committed online using virtual currencies, new payment methods, and cyber-based fundraising techniques. CTED highlighted the significance of public-private partnerships, such asTech Against Terrorism or CTED’s Global Research Network
The UNOCT/UNCCT Global CounterTerrorism Programme on Cybersecurity and New Technologies called upon member states to develop strategies for reducing risks to critical infrastructure from terrorist attacks and emphasised the need for cooperation between Computer Security Incident Response Teams (CSIRTs) and law enforcement. They presented recommendations for cyber capacity building, including raising awareness and implementing guidelines, utilising open-source information for analysis, conducting dark web investigations with digital evidence for prosecution, and conducting tabletop exercises and cyber drills to enhance preparedness and collaboration in response to terrorist cyberattacks.
Finally, the UN Institute for Disarmament Research (UNIDIR) outlined ways in which the OEWG could better support UNIDIR’s capacity-building work, including Annual Programme of Work reviews to identify priority issues, dedicated discussions on selected topics, and increased awareness and promotion of existing resources.
Existing and potential threats
When summing up the discussions on international law for the OEWG’s March 2023 session, we wrote that the faultlines from the previous discussions remain. We must now reiterate the same. The lack of progress towards convergence has prompted many calls for more discussions on international law within the OEWG.
Rules, norms, and principles
During the session on confidence-building measures (CBMs) delegations discussed concrete proposals to approach the operationalisation of CBMs, and also made some proposals regarding the possibility of new CBMs.
Regular institutional dialogue
In recent years, states became divided on future regular institutional dialogue, or, in other words, what will come after the current OEWG, with three main possibilities emerging.. Some delegations prepared elaborate proposals based on the details of the Programme of Action (PoA), some delegations outright opposed the PoA at this stage, and some delegations just wanted to avoid duplication of efforts. Such a division was present at this informal meeting as well.
Among the supporters of the PoA, coordinating capacity-building efforts and implementing the already agreed-upon framework are considered to be within the scope and goals of the PoA.
Additionally, diverse views have been shared on how the PoA could be organised, how often the review of the programme should be conducted, and which structure and format of work it should have, including annual meetings, intersessional meetings, review conferences, and technical working groups.
A group of countries that opposes the PoA, shared different views on the future regular institutional dialogue. For instance, Russia stressed that the agenda of the PoA is considerably narrower than that of the OEWG, and that the Western countries attach very specific political meaning to the PoA, publicly promoting it as an anti-Russian course. Instead, for the future regular institutional dialogue, Russia continues advocating for other modalities for the future process, where, as proposed, among other points, only accredited non-state actors should be allowed the right to participate in official events as observers.
China added that some states ‘tried to impose a UNGA Resolution on a PoA last year’ and split the UN process on ICT security and undermine the OEWG’. The Chinese delegation stressed that in accordance with the OEWG mandate, ‘there is only a regular institutional dialogue, and there is no so-called PoA’. China proposed that the future mechanism should be developed based on two principles: (1) upholding the agreed-upon framework and (2) formulating new international rules in response to evolving situations, particularly data security issues. However, no concrete suggestions on the future regular institutional discussion came from this group.
In the meantime, other delegations did not directly express views on the PoA during this session but rather called for avoiding polarisation and the duplication of efforts.
The OEWG will meet for its 5th substantive session from 24 to 28 July 2023, when the chair is set to present the draft of the 2nd OWEG APR. States will negotiate the text of the report and are expected to adopt it on 28 July.
By Andrijana Gavrilović, Anastasiya Kazakova, Salomé Petit-Siemens