The United Nations Institute for Disarmament Research (UNIDIR) recently launched its Cyber Policy Portal – an accessible and up-to-date overview of the cyber policies of all UN Member States and a select number of intergovernmental organizations.

 

The Importance of Transparency to Cyber Stability

States, regional and international organizations are increasingly acknowledging the important role of transparency and information sharing for cyber stability. Transparency about national cybersecurity strategies and policies serves a range of objectives: in addition to the stabilizing nature of transparency efforts, information sharing has other important benefits including facilitating targeted needs analysis and better focused capacity-building efforts. Accessible, voluntarily shared information can serve as the basis to facilitate common efforts to address the risks related to the use of Information and Communications Technologies (ICTs) while sharing in the benefits of a stable cyber environment.

Recognizing the critical importance of information sharing, the report of the 2012-2013 United Nations Group of Governmental Experts (GGE) on Developments in the Field of Information and Telecommunications in the Context of International Security encouraged States to undertake an “exchange of views and information … on national strategies and policies, best practices, decision-making processes, relevant national organizations and measures to improve international cooperation”¹. The 2014-2015 GGE report further encouragedvoluntary transparency efforts at the bilateral, subregional, regional and multilateral levels as a confidence-building measure.²

Background 

In 2013, UNIDIR published The Cyber Index: International Security Trends and Realities. This book served as a snapshot of then-current cyber security activities undertaken by all UN Member States at the national, regional, and international levels. While a useful resource, UNIDIR recognized the need to translate the static information contained in the Index into a dynamic, interactive resource in order to provide timely, policy-relevant information on cyber security issues.

UNIDIR surveyed the availability of existing information on governmental and organizational websites, as well as other online resources.⁴ The results of that analysis demonstrated that while considerable information is in the public domain, those seeking an overview of national, regional and international cyber policies often need to piece together data from disparate sources, attempt to identify relevant information in foreign languages, and seek to understand different ranking methodologies. Together, these obstacles hinder mapping the cyber policy landscape and the ability to conduct comparative analyses.

Following a rigorous research and design phase to establish the conceptual foundations of this resource,⁵ the Institute commenced development on an online policy repository that presents the current cyber policy landscapein an objective format.

The Cyber Policy Portal was launched in January 2019--a user-friendly tool to enhance informed participation in key dialogue and policy processes, and foster further transparency and cyber capacity-building measures. Serving as a reference guide with which to navigate the cyber policy arena, users can access concise yet comprehensive cyber policy profiles of states as well as regional and international organizations.

 

Features of the Cyber Policy Portal

Each state profile provides the user with an overview of the state’s cybersecurity policies, national structure, legal framework, and bilateral, regional and multilateral cooperation. Similarly, organization profiles provide an overview of the entity’s respective policies, structure, legislation and cooperation with members, non-members, and other organizations. All data available via the Portal is from open source and voluntarily submitted material. Useful features include the ability to compare two or three states or organizations, filter for specific criteria,and export theprofiles. 

 

Outcomes

The Portal promotes cyber stability by providing key information about each UN Member State’s strategy and policy documents. Situational awareness is critical for states, regional and international organizations wishing to undertake effective and appropriate cyber capacity-building measures. This data will not only help policy makers, risk managers and practitioners to identify specific needs thematically and geographically, but also to tailor their responses. Accessible information on national, regional and international trends and capabilities, as well as comparative analyses, may allow for a better understanding of what constitutes responsible behaviour in cyberspace and will assist States as they prepare for UN Group of Governmental Experts⁶ and the Open-Ended Working Group⁷, commencing work later this year.

 

Updates and feedback concerning the Cyber Policy Portal may be sent to unidir@un.org.  

¹ UN General Assembly document A/68/98, para. 26.

2 UN General Assembly document A/70/174, paras. 16(c) and 16(d).

4 See, for example: Global Cybersecurity Index, International Telecommunications Union, available at: <https://www.itu.int/en/ITU-D/Cybersecurity/Pages/global-cybersecurity-index.aspx>; F. Hanson, T. Uren, F. Ryan, M. Chi, J. Viola, E. Chapman, ‘Cyber Maturity in the Asia Pacific Region 2017’ (12 December 2017), Australian Strategic Policy Institute, available at: <https://www.aspi.org.au/report/cyber-maturity-asia-pacific-region-2017>.

5 See L. Rudnick, D. B. Miller, L. Levy, ‘ Towards Cyber Stability: A User-Centred Tool for Policymakers’ (2015), available at: <http://www.unidir.org/files/publications/pdfs/cyber-index-2014-en-625.pdf>.

6 United Nations General Assembly, ‘Advancing responsible State behaviour in cyberspace and in the context of international peace and security’ (18 October 2018), A/C.1/73/L.37, available at: <https://undocs.org/A/C.1/73/L.37>.

7 United Nations General Assembly, ‘Developments in the field of information and telecommunications in the context of international security’ (18 October 2018), A/C.1/73/L.27/Rev.1, available at: <http://undocs.org/A/C.1/73/L.27/Rev.1>.