In recent years, the digital world has emerged as a new domain of human activity, bringing with it unprecedented opportunities and global connectivity. As the world continues to progress through this period of digital transformations — including closing a digital divide where nearly half of the world’s population has yet to connect to the Internet — societies everywhere are realizing the benefits of increased connectivity via information and communication technologies (ICTs). This includes the explosion of network-connected devices — making up the “Internet of things” — and faster and more reliable networks for communication and instant access to information. However, this same digital transformation also expands the digital threat landscape, creating new cybersecurity challenges and responsibilities for all stakeholders.
Before we continue down this path of greater connectivity and technological access, we need to acknowledge some poignant realities. Despite years of investments in cyber defense, cyberattacks, in particular those perpetrated by — or linked to — state actors are getting worse and have been for quite some time. Over the past 12 months alone we have seen an alarming increase in cyberattacks on journalists, human rights activists, governments, as well as healthcare infrastructure, including vaccine research institutions. The fact that these incidents occurred during a global pandemic proves that nothing appears to be off-limits for malicious actors in cyberspace. Moreover, long-standing geopolitical tensions are further stagnating and destabilizing necessary multilateral discussions on cybersecurity.
Tackling these challenges is beyond any single country, company, or civil society entity. Making a meaningful difference and countering threats emanating from cyberspace, especially state cyberattacks, will require effective cooperation among all relevant stakeholders. As a result, all stakeholders need to begin acting accordingly and embrace new approaches to facilitate multistakeholder digital diplomacy.
We need to build upon — and evolve — the frameworks that have traditionally been leveraged to address peace and security in cyberspace, such as the “United Nations (UN) Group of Governmental Experts (GGE) on Advancing responsible state behavior in cyberspace in the context of international security”, where a small number of governments discussed global cybersecurity matters behind closed doors. While these deliberations have delivered noteworthy and foundational results – including the 2013 UNGGE report, which recognized that international law and the UN Charter in its entirety apply to cyberspace, and the 2015 UNGGE report which agreed on eleven voluntary norms for responsible state behavior online – they have also unveiled the many areas where consensus has not been possible. This includes answers to key questions such as how exactly international law applies to cyberspace or whether and how to uphold human rights in cyberspace.
Leveraging another framework, the “Open-Ended Working Group on Developments in the Field of ICTs in the Context of International Security (OEWG)” and its successfully adopted 2021 final report proved that consensus, even among 193 countries and in the current geopolitical climate, is possible on certain cybersecurity related issues. It was also open, to a limited extent, to participation by non-governmental stakeholders.
That said, all stakeholders need to do more.
Against this backdrop, and as nation states have been working to define what responsible state behavior in cyberspace might look like, the private sector has also explored what responsible industry behavior might be. Initiatives such as the Cybersecurity Tech Accord, now signed by over 150 technology companies, or the Charter of Trust, founded in 2018 at the Munich Security Conference, are two such examples, clearly seeing to differentiate themselves from the emerging online surveillance industry and other reckless actors. Similarly, civil society initiatives, such as Digital Peace Now and efforts by the CyberPeace Institute, have been working to raise regular Internet users’ awareness about threats emanating from cyberspace.
Yet, despite all these efforts, it is impossible to escape the unfortunate reality that cyberattacks – especially those perpetrated by states – are only getting worse. As previously mentioned, all stakeholders need to do more. Specifically, they need to do more together.
So, what exactly is multistakeholder digital diplomacy? It is not the same as public-private-partnerships. It does not mean that industry or civil society get to make decisions that should reasonably be made by governments, such as those pertaining to national security concerns. Nor does it mean that all stakeholders need to consult on all issues all the time. Rather, it means that when an issue is too challenging to reasonably be resolved by any one stakeholder group, all relevant stakeholders should come together for the greater good. Escalating nation state cyberattacks are one such challenge.
Multistakeholder digital diplomacy in cybersecurity is no longer something to do occasionally or when it is convenient or easy. Rather, the involvement of all relevant stakeholders is essential for maximizing the impact of our collective actions in this space. Therefore, rather than being the exception, it must become the new normal. To enable this cooperation, both formal and informal structures need to be created. Moreover, companies and civil society entities must be better equipped so that they are able to meaningfully engage in these processes at both the domestic and international levels. Endeavors such as the Paris Call for Trust and Security in Cyberspace represent an example of a mechanism that might enable us to do just that. Since its inception in 2018, it has become the leading multistakeholder initiative in cybersecurity.
In addition, consultation processes such as the ones organized under the auspices of “LetsTalkCyber” have enabled meaningful discussions among governments, industry, and civil society. Similarly, there are discussions on more specific topics, such as those occurring within the Oxford Process on International Law Protections in Cyberspace and the various statements it has produced on areas such as attacks on the healthcare sector, vaccine research, foreign electoral interference, information operations represent an unprecedented achievement in this space.
Diplomacy continues to be the path forward – and today it is needed more than ever. That said, the international community needs to recognize that the world has changed.
To meaningfully and sustainably deal with cyber threats today and tomorrow, we need a new and inclusive kind of diplomacy that recognizes new technical realities. As such, we need more multistakeholder digital diplomacy.