Q1/2019 - Munich Security Conference (MSC)

Even though the 2019 Munich Security Conference was dominated by the latest military conflicts, many sessions and supporting events centered around cyber security. The following six issues were in the focus:

1. Apparently, there is a growing desire for global regulations in order to strengthen security in cyberspace. The decision of the 73rd Session of the UN General Assembly to establish two new working groups (Group of Governmental Experts/GGE und Open Ended Working Groups/OEWG) that are to draft norms for the behaviour of state and non-state players and Confidence-Building Measures in Cyberspace (CBMCs) was received with general approval. The fact that the UN resolutions request the two cross-national groups to consult with non-state players (OEWG) and regional security organisations (GEE) was considered a progress. Critically seen was the unclear delimitation of the mandates of the two groups.
    
2. The Paris Call for Trust and Security in Cyberspace initiated by the French government on the occasion of the centenary of the end of the First World War was called an important document that should receive broad support. Also the Norm Package Singapore of the Global Commission on the Stability of Cyberspace (GCSC) was welcomed as an essential contribution to the discussion, in particular the “Call to Protect the Public Core of the Internet”. In the meantime, this norm has been integrated in the Paris Call and in resolutions of the European Parliament, to mention only a few.
    
3. A pressing problem that should urgently be solved was seen in the security gaps of hardware and software in IT technologies. Risks would increase with the further development of the Internet of Things and of artificial intelligence and the window of vulnerability would become larger. Legal provisions were required that forced enterprises to close security gaps. The efforts of some governments to create backdoors for surveillance were called contra-productive and rejected. A certification system would be useful. However, the related procedures to be developed must not strangle innovation and creativity. Greater cooperation between politicians who legislate and technicians who develop new codes was necessary.
    
4. It was complained that there was still a lack of general awareness of the risks in cyberspace. Improved "day-to-day cyber-hygiene" – i.e. the implementation of basic cyber-security precautions that have been propagated as best practice for years – could eliminate many of the current security problems on the Internet. It was warned against shifting responsibility for cyber security to the end user. Regardless of all this, so the opinion at the conference, it was crucial to adapt the entire education system – from kindergarten to lifelong learning – to the challenges of the digital age.
    
5. In addition to the critical infrastructure (energy supply, transport, communication, health), financial systems and electoral systems were also rated as particularly vulnerable areas with regard to national security.
    
6. When discussing Lethal Autonomous Weapons Systems, the conference attendants approved the work of the Group of Governmental Experts for Lethal Autonomous Weapons System (GGE LAWS) and the basic principles they had agreed. Like in the GGE-LAWS itself, opinions at the MSC varied as to whether an international treaty or a moratorium presently were most appropriate to render an effective contribution to strengthening international security. However, there was general consensus that control and oversight of the use of autonomous weapons systems must always remain in the hands of human beings who could be held accountable in case of failure.