Cyber norms and security of critical infrastructure | Chapter II of the Geneva Manual

From words to protection – how do cyber norms guide security of critical infrastructure? Announcing Chapter II of the Geneva Manual

From energy grids to hospital networks, the systems that sustain our lives are constantly under increasing pressure. As threats evolve, so must our defences – not just in code and hardware, but in principles and responsibility.

States have agreed on a global framework for responsible state behaviour in cyberspace. However, agreements alone do not protect critical infrastructure. It’s time to ask the question: how do these norms move from paper to practice? Who ensures that they are upheld, not just by governments, but by the operators, engineers, developers, and researchers behind the world’s most essential systems?

The session titled “From words to protection – how do cyber norms guide security of critical infrastructure?” took place on 14 May 2025 in Geneva, as part of the Global Conference on Cyber Capacity Building (GC3B) organised by the Global Forum on Cyber Expertise (GFCE). This session marked the launch of Chapter II of the Geneva Manual – a milestone in defining what the UN cyber norms mean for real-world protection of critical infrastructure. Built through the Geneva Dialogue’s global community of experts, this new chapter provides practical guidance for non-state stakeholders navigating a shared, high-stakes digital environment, and highlights challenges, including for states.

Organised by the Geneva Dialogue on Responsible Behaviour in Cyberspace, the session discussed these questions in a multistakeholder approach, engaging representatives from the private sector, academia, civil society, and technical community. Established by Switzerland in 2018 and implemented by DiploFoundation with support of the Republic and State of Geneva, C4DT, Swisscom, and UBS, the Dialogue maps the roles and responsibilities of various actors in the implementation of agreed cyber norms and confidence-building measures (CBMs), and thus contributes to stability and security in cyberspace. The Geneva Dialogue is a global process which engages over 69 organisations and experts representing different stakeholder groups from all over the world.

The session showcased an innovative and interactive methodology that blended knowledge-sharing with participatory elements. It began with an introduction to the Geneva Manual and its practical relevance, followed by small group discussions based on an animated cyber incident scenario, designed to explore real-world challenges in protecting critical infrastructure. This immersive scenario exercise encouraged participants to consider different stakeholder roles, risks, and decision-making dilemmas. The outcomes from the group work were then brought into the moderated debates involving experts from different stakeholders groups.

Ambassador Benedikt Wechsler, Head of the Digital Division at the Swiss Federal Department of Foreign Affairs, opened the session by reaffirming Switzerland’s commitment to an open, stable, and secure cyberspace, as well as the importance of a multistakeholder approach to implementing the agreed framework for responsible state behaviour. He expressed appreciation to all contributors for their continued engagement in the Geneva Dialogue and their efforts to advance the understanding of how cyber norms and CBMs can enhance CI protection.

Ambassador Burhan Gafoor, Singapore’s Permanent Representative to the UN and Chair of the UN Open-Ended Working Group (OEWG), offered insights ahead of the OEWG’s concluding session under the 2021–2025 mandate. Returning for the second time to announce the next chapter of the Geneva Manual, he emphasized the value of multilateral cooperation and inclusive dialogue, highlighting the importance of integrating perspectives from across sectors to ensure a secure and resilient digital environment.

The session also featured an interactive segment, inviting participants to reflect on practical actions inspired by the Geneva Manual. Insights from the group work during the “Cyber Quest“ exercise sparked thoughtful discussion, moderated by Emmanuella Darkwah, Senior Manager for International Cooperation at Ghana’s Cyber Security Authority. Two expert commentators joined the conversation: Christina Rupp, Senior Policy Researcher at interface, presented a comprehensive analysis of the EU cybersecurity policy ecosystem, highlighting potential governance models for CI protection; and Xiang Zheng Teo, Vice President of Advisory at Ensign InfoSecurity, spoke on the implementation side of cybersecurity, stressing the importance of threat-informed defense strategies and the private sector’s role in national cyber resilience.

The session concluded by underscoring the pressing need for cross-sectoral and international collaboration to address the complex challenges facing global cybersecurity. Participants are warmly invited to continue contributing to the dialogue at genevadialogue.ch and stay informed about future updates and initiatives.

Event gallery