The United Nations Institute for Disarmament Research (UNIDIR) together with the Center for Strategic and International Studies (CSIS) held a workshop on The Role of Regional Organizations in Strengthening Cybersecurity and Stability. A total of five sessions was held on: regional perspectives, inter-regional co-operation, best practices, international perspectives, and issues for international dialogue.
The participants of the workshop primarily highlighted the important role that regional organisations (ROs) play in cybersecurity. They agreed that ROs should complement the work of international organisations, primarily UN processes, that address issues related to cybersecurity. They could do so in numerous ways, namely, by representing regional perspectives, implementing internationally established norms and decisions, but also by raising awareness and co-ordinating capacity building.
In general, the speakers agreed that progress is being made in cyberspace. Ambassador for Cyber Diplomacy at the Ministry of Foreign Affairs of Estonia, Heli Tiirmaa-Klaar, noted that ten years ago similar discussions among various stakeholders did not take place. She underlined that further dialogue on co-operation, best practices exchanges, and basic cyber capacities to name a few - are needed. Associate Professor at Daniel K. Inouye Asia-Pacific Center for Security Studies, Elina Noor, also observed that momentum in the field of cybersecurity is also picking up in Southeast Asia. Among other things, the adoption of the ASEAN Cybersecurity Cooperation Strategy as well as the UN GGE cyber norms could all be seen as steps towards progress.
One issue that came up several times during the discussion is that of cybercrime and security breaches. Former president of INTERPOL, Khoo Boon Hui, cited several security breaches such as the Yahoo! hack and SingHealth that have had adverse effects on trust in the cyber system. Executive Chairman of Consultancy Support Services Ltd, Abdul-Hakeem Ajijola, observed that even though cybercrime is transnational in nature, it is also confined within each state’s law and that collaboration mechanisms such as the sharing of resources and understanding between jurisdictions are required. At present, there is no internationally agreed upon framework on cybercrime. It was also noted that cybercrime is a growing problem in Southeast Asia, primarily due to the considerable expansion of e-commerce activities. Noor stressed that governments should provide a safe, stable, and secure international cyberspace.
In a similar context, the speakers touched upon privacy. Even though it was emphasised that the notion of privacy is changing, it was agreed that certain things, such as sensitive personal data, should be kept private. Faculty Associate at Berkman Klein Center for Internet and Society, Virgilio Almeida, also observed that NGOs should be involved in discussions on privacy and security so as to counterbalance measures taken by governments and police authorities. Other roles of civil society and NGOs in cyberspace were also discussed by the participants. Malin Oestevik from the UNODC stressed the importance of engaging NGOs that specialise in specific issues, such as online child sexual exploitation. Nonetheless, Almeida noted that in Latin America the growing militarisation of cybersecurity as well as the lack of appropriate funds impedes civil society from participating in the cyber policy agenda.
Capacity building measures (CBMs) and awareness raising also featured highly on the agenda. Head of Information Society Division at the African Union Commission, Moctar Yedaly, spoke about a digital platform that allows African experts to discuss how to develop policy and build capacity on cyber policy and data protection. Other capacity building initiatives can be found, among others, in the EU (ENISA), ASEAN (ASEAN-Japan Capacity Building Center) and OAS. The speakers underscored that ROs could play a vital role in capacity building and that experience is needed in order to raise awareness on cyber issues.
The overlap and duplication of work by regional and sub-regional organisations (examples from Africa and Latin America) in the field of cybersecurity was also addressed by some of the speakers. Some claimed that this is problematic primarily because organisations tend to compete against each other, but also end up doing different work on identical issues. It was suggested that the member states should help come up with a unique voice and a harmonised view on regional co-operation. On the other hand, a speaker noted that this overlap and duplication could be beneficial because organisations tend to perceive things differently, and as such, promote the inclusion of all stakeholders in the discussion.
The applicability of international humanitarian law (IHL) in cyberspace was also tackled. Senior Legal Advisor from the ICRC, Laurent Gisel, noted that new technologies are increasingly being used as methods and means of warfare. He observed that universal IHL applies to both current and future conflict, and as such, should comply with the principles of proportionality and distinction in order to ensure adequate protection of civilians and critical infrastructure (e.g. election systems) in cyberspace.
Generally speaking, the participants of the workshop agreed that common regional visions and approaches should be consolidated, which in return should lead to a common regional position.