Q4/2019 - UN Cybersecurity Groups (OEWG & UNGGE)

Open-Ended Working Group/OEWG, New York, 2 – 4 December 2019

From 2 to 4 December, the so-called “Informal Intersessional” meeting of the UN Open-Ended Working Group on Developments in the Field of Information and Telecommunications in the Context of International Security“ (OEWG) took place.

It was the first time in the history of the UN that an intergovernmental body such as the OEWG conducted an open consultation on an equal footing with non-state representatives from business, academia and civil society. The informal consultation was attended by about 100 representatives of governments and non-state organisations and of the private sector. The negotiation room was divided into two terraced rows of benches, with the aisle separating the state and non-state representatives. On the first day of the consultations mainly the non-state representatives took the floor. However, following a critical remark by Duncan Hollis, Professor of Law at Temple University (and former faculty member of the Summer School on Internet Governance/EURO-SSIG), who directly called on governments not only to listen but to enter into dialogue, an intensive communication developed across the "aisle". In their concluding remarks, both the OEWG Chair, Swiss diplomat Jürg Lauber, and David Koh, Director of the Singapore Cyber Security Authority, who acted as Chair of the "Informal Intersessional", acknowledged this dialogue on an equal footing between state and non-state representatives in the field of cyber security as a historic event for the UN and an innovation for the discussion of bodies operating under the 1st Committee of the UN General Assembly.

In substance, four topics were on the agenda: a. threat scenarios, b. norms for responsible state behaviour in cyberspace, d. confidence-building measures, and d. capacity-building measures.

  • Regarding the threat scenarios, representatives of the technical community and of NGOs – such as FIRST or the IGF Best Practice Forum on Cybersecurity – informed about a new type of cyber attacks, including attacks on the core components of the Internet, such as the Domain Name System (DNS).
  • Regarding the subject of norms for responsible state behaviour in cyberspace, the Global Commission on Stability in Cyberspace referred to its final report, which contains proposals for eight standards that shall be binding not only for states but also for non-state actors.
  • Regarding confidence- and capacity-building measures, the Global Forum for Cyberexpertise (GFCE), NGOs such as Access Now or Global Digital Partner and the newly founded CyberPeace Institute in Geneva offered their services for monitoring and training.

Among those from the private sector, Microsoft, Telefonica and Huawei participated with own proposals. Initiatives such as Tech Accord (Microsoft) or Charter of Trust (Siemens) were mentioned. The International Red Cross (ICCR) gave an overview of the implications of the use of autonomous weapons systems with regard to international humanitarian law (Geneva Conventions). The so-called I*Organisations of the technical community (ICANN, RIRs, ISOC, IETF) were not represented, which was noted with regret by the majority of participants.

The governments principally welcomed the new form of dialogue “across the aisle” and regarded it as an enrichment. Some governments present, such as Russia and China, did not participate in this dialogue. The Chairman of the "Informal Intersessional" David Koh, who was also a member of the Global Commission on Stability in Cyberspace, will present the report on this meeting to the next formal OEWG meeting in New York in early February 2020. It will then be up to the governments to decide how to deal with this input and what medium-term consequences they draw from the positive experiences of this Informal Intersessional Meeting.

The current mandate of the OEWG ends in autumn 2020, when the OEWG has to present a final report to the 75th UN General Assembly. However, it is expected that the mandate of the OEWG will be extended. In contrast to the UNGGE, the OEWG allows all UN members to participate and also opens up options for a multi-stakeholder dialogue. Some participants already envisage the "Open-Ended WG" developing into a "Never Ending WG", i.e. becoming a permanent element in the newly emerging cyber security architecture of the UN.

Group of Governmental Experts/UNGGE, New York, 5 – 13 December 2019

The 25 members of the 6th UN Group of Governmental Experts (UNGGE6) held their first official meeting from 9 to 13 December 2019 in New York. The meeting was not open to the public. There was no final report.

The meeting was preceded by two days of informal consultations with the UN states that are not member of the UNGGE6. Membership in the UNGGE is limited to 25 states. During the informal consultations the focus was on the reports about the five regional consultations[1].  According to UN Resolution 73/223, the UNGGE was obliged to hold such regional consultations with the African Union, the European Union, the OSCE, the ASEAN and the Organisation of American States (OAS). All these institutions are intergovernmental bodies. Consultations of UNGGE with non-state stakeholders are not laid down in the UN Resolution 73/223.

The Chair of UNGGE, Brazil’s ambassador Guilherme de Aguiar Patriota, summarised the results in six points[2]. According to this, the parties involved agree that the work of the 6th UNGGE should be based on the results of the previous consensus reports of the 2013 and 2015 UNGGE. It must not happen again that the UNGEE terminates its work without having achieved a result, as in 2017. The consensus reached, which says that international law and the UN Charta are applicable to all issues of security in cyberspace, must be preserved, even if there is disagreement about how to interpret individual articles of the UN Charta. One has to face the new technical challenges, especially those related with the Internet of Things and artificial intelligence. One of the conclusions resulting from the regional consultations was that agreements concerning confidence-and capacity-building measures – a mandate of UNGGE6 – were particularly useful in the regional field. Ambassador Patriota emphasized the need for more transparency in UNGGE’s work. He announced informal briefings of UNGEE after each formal UNGEE meeting. He did not talk about the involvement of non-state actors.

In 2020, two sessions are scheduled for UNGEE in Geneva (March 2020 and August 2020). A concluding session is planned for May 2021 in New York. The UNGGE must report to the 76th Session of the General Assembly in 2021.


Mehr zum Thema
  1. [1] Die Bericherstatter der regionalen Konsultationen waren Moctar Yedaly, African Union Commission (Afrika), David Koh, Cyber Security Agency Singapore (ASEAN), Rory Domm, European External Action Service (Europäische Kommission), Belisario Contreras, Inter-American Committee against Terrorism, (Organization of American States), und Szilvia Toth, Organization for Security and Co-operation in Europe (OSZE), siehe: https://www.un.org/disarmament/group-of-governmental-experts/
  2. [2] Chair’s Summary at the Informal consultative meeting of the Group of Governmental Experts (GGE) on Advancing responsible State behaviour in cyberspace in the context of international security, New York, 6. Dezember 2019: “The GGE Chair summed up the discussions, highlighting the following: 1. Strong agreement between delegates that the 2015 GGE report is a fundamental agreement not to be tampered with. The new GGE needs to move forward and make further progress by adding additional layers of understanding or agreement. The benefits of the consultative aspect of the GGE mandate and of having held consultative meetings with regional organizations and the broader UN membership prior to the commencement of the first session of the GGE. These steps have enabled more inclusivity and the Chair will make every effort to share with the experts the views that have been captured to date. 2. The desire for more transparency and inclusivity around the work of the GGE itself. While recalling that the GGE is a format mandated by the General Assembly and as such has its parameters, within these parameters, the Chair noted that he aims to be as transparent and inclusive as possible. In this regard the Chair will endeavour to: a. Hold more consultations in different regions, if an interest is expressed and resources permitting, while at the same time, continue the important dialogue commenced with those regional groups he has already held consultations with. b. During the first session of the GGE (9-13 December) raise the possibility with the experts of providing post-meeting briefings to the broader UN membership on the Group’s deliberations. 3. On emerging threats, a number of new issues, including new threat vectors emerging around the growing connectivity of devices and machines (Internet of Things), as well as developments in sub-disciplines of AI such as automation, robotics and machine learning. While these developments bringing much opportunity, different uses or applications can bring about new risks, including to the maintenance of international peace and security. On how to manage these risks, the Chair noted a call by several delegates for attention to be focused on behaviours and responsibilities rather than the technologies per se. The Chair noted the importance of looking more closely at the recent developments discussed and their implications for international peace and security. 4. Delegate discussions on international law-related issues centred on the assessment in the 2013 and 2015 reports that international law, and in particular the Charter of the United Nations, is applicable to State use of ICTs. Efforts should not be made to roll back these elements of the previous reports even if discussions on how they apply or are interpreted remain complex. The Chair recalled an important innovation in the resolution establishing the new GGE, which provides for an annex containing national contributions of participating governmental experts on the subject of how international law applies to the use of ICTs by States (op. 3, A/RES/73/266). As discussed during some of the regional consultations, sharing these views in an annex to the Group’s final report can promote common understandings on many complex issues, as well as foment greater trust and predictability. 5. On norms, CBMs and capacity building, the Chair took note of the interest expressed for the GGE to provide guidance on steps that can be taken at regional and national levels to implement them. There was also a suggestion for some form of system or mechanism connected with the recommended norms, rules and principles in the 2015 report. 6. On what lies ahead, the Chair stressed that while the discussions are complex and it will not always be possible to agree, it will nonetheless be important not to leave the UN without a process as was the case in 2017. In this regard, it is important to maintain the goal of achieving success in both groups, which are in essence intrinsically linked as they are both consensus processes.” in https://www.un.org/disarmament/wp-content/uploads/2019/12/gge-chair-summary-informal-consultative-meeting-5-6-dec-20191.pdf