Authors:
Ambassador Benedikt Wechsler, Head of Division for Digitalisation, Swiss Federal Department of Foreign Affairs (FDFA)
Katharina Frey Bossoni, Deputy Head of Division for Digitalisation, Swiss Federal Department of Foreign Affairs (FDFA)
It’s been five years since the launch of an important dialogue in Geneva: the Geneva Dialogue on Responsible Behaviour in Cyberspace. Since then, the dialogue has managed to gather a global multistakeholder community motivated to increase the security of our digital space, collect numerous good practices, and achieve political recognition, both globally and back home, in Switzerland – by becoming part of our national Digital Foreign Policy Strategy. Therefore, now is a convenient moment to outline the next steps – and initiate the next phase of the dialogue.
Let us, firstly, look at the ‘problem statement’: vulnerable digital products.
The rapid development of technology and the increasing dependence on the internet and digital infrastructure have made cyberspace a critical component of modern life. However, this growing reliance also brings an increase in vulnerabilities in cyberspace that can lead to security risks not only for individuals and organisations, but also for entire nations, and even the global economy and international peace. Therefore, it is essential to address those vulnerabilities and improve the security of digital products to mitigate the risks in cyberspace.
In addition to the issue of vulnerabilities in digital products and systems, there is also growing concern about the cybersecurity of information and communication technology (ICT) supply chains. For instance, software is developed by multiple vendors and integrated into different products and systems – almost 90% of software code in most products is a ‘third party’, i.e. borrowed from others, as we learned recently at the software supply chain security conference in Lausanne. A vulnerability that emerges in one piece of code can end up being ‘borrowed’ by other products and, thus, penetrate the supply chain, putting multiple organisations and their users at risk. It, therefore, highlights the necessity to act together, while addressing vulnerabilities in digital products requires collaboration and coordination among all actors in ICT supply chains.
Luckily, there are solid international basis to start from: the implementation of the UN cyber norms.
The normative framework presented by the UN Group of Governmental Experts (GGE) and the UN Open-ended working group (OEWG) provides impetus and guidance. For instance, GGE norms 13i) and 13j) outline, among other, that ‘states should take reasonable steps to ensure the integrity of the supply chain so that end users can have confidence in the security of ICT products’, and ‘encourage responsible reporting of ICT vulnerabilities and share associated information on available remedies to such vulnerabilities’. Their implementation, however, requires the participation and cooperation of various stakeholders in the cyberspace ecosystem: states, as well as companies, technical and academic community, civil society organisations, and end-users themselves (or, rather, ourselves, as we are all technology users as well). And for that, it is important that stakeholders – and, indeed, all of us – understand their possible roles and responsibilities, as well as the contribution they could make to greater security and stability in cyberspace.
This is where the Geneva Dialogue steps in, facilitating the global multistakeholder exchange on what should be done.
The Geneva Dialogue, in this regard, serves as an important platform for promoting awareness and understanding of these norms, and for identifying best practices and strategies for their implementation. In its title, Geneva does not only mark the origins of this dialogue, which has been proudly launched and supported by the Swiss authorities and implemented by a Geneva-based DiploFoundation: it signals that this dialogue is conducted in the best spirit of the international Geneva – a city that is known for providing ‘good offices’ and home for open, inclusive, and constructive international dialogue on variety of topics critical for the future of humanity.
By bringing together stakeholders from all over the world with diverse backgrounds, and by facilitating open and constructive dialogue, the Geneva Dialogue can help build better mutual understanding between different communities, identify existing challenges in operationalisation of the norms, as well as develop practical solutions to such challenges to reduce vulnerabilities and enhance supply chain security in cyberspace. This multistakeholder approach ensures that different voices and perspectives are heard to identify better solutions through a collaborative effort.
The goal? To produce tangible and useful guidance to stakeholders on how each can contribute.
This year, the Geneva Dialogue will further focus on these two norms to clarify the roles and responsibilities of non-state actors – taking into account other existing international and regional multilateral and multistakeholder agreements and principles, such as the OSCE or ASEAN Confidence Building Measures, OECD work on digital security of products, the Paris Call, and the Charter of Trust, among others. As a result, it aims to produce guidance on how to contribute to the implementation of those norms on principles. The results of the Geneva Dialogue will be published in the Geneva Manual on the non-state actors’ implementation of voluntary norms for responsible behaviour in cyberspace.
We started this phase of the Geneva Dialogue with the two public webinars to set the stage: what the risks stemming from vulnerabilities for all of us are (recording available), and who is responsible for reducing vulnerabilities (recording available). I invite you to review the recordings, along with various materials already available on the Geneva Dialogue website, to think about what you and your community can do to contribute – and to join the dialogue!