Geneva Dialogue on Responsible Behaviour in Cyberspace

Summary

The Geneva Dialogue on Responsible Behaviour in Cyberspace (GD) is an international process established in 2018 to map the roles and responsibilities of actors to contribute to greater security and stability in cyberspace.

Details

Aim

The Geneva Dialogue aims to clarify the roles and responsibilities of non-state actors in implementing cyber norms related to supply chain security and reducing ICT vulnerabilities. For this, the GD provides a trusted environment for regular conversation between industry, NGOs, technical and cybersecurity experts, and academia to play a constructive role in enhancing responsible and secure supply chains and reducing risks for users from vulnerabilities in digital products.

Context

The exploitation of vulnerabilities in digital products and a lack of transparency in today’s complex ICT supply chains are essential components of cyberattacks, which may cause security and safety risks for users and social and economic disruptions for societies. A lack of security in digital products also allows well-resourced threat actors and such attacks to damage global cyber-stability.

Several international processes developed cyber norms to reduce such vulnerabilities. The main challenge lies in implementation. Of particular relevance for the work of the Geneva Dialogue are the UN cyber norms, which have been agreed upon and endorsed by all UN member states. These include the norms 13(i) and 13(j) of the 2021 UN GGE report, which are related to the integrity of the supply chain and security of digital products and the responsible reporting of vulnerabilities and related information sharing. Those norms, as well as norms and principles developed in other regional and multistakeholder fora, invite close cooperation among states and non-state actors.

The environment in which this cooperation should happen is increasingly complex and uncertain: cyber risks are heavily influenced by geopolitics; national security concerns press emerging national legal and regulatory frameworks, and risk additionally fragmenting the global policy environment; traditional good cybersecurity practices, such as certifications, are not fit for the increasing diversity of relevant actors, convergence of technologies, and pace of threat landscape change.

It is necessary to clarify the needs, roles, and responsibilities of different stakeholders – especially non-state actors – in line with the existing norms and provide them with guidance on how to contribute to their implementation and thus to cyber-stability. Besides, there is a need to discuss how to approach actors who are uninterested, unaware, or unwilling to cooperate to enhance responsible behavior in cyberspace.

Outcomes

The Geneva Dialogue aims to:

• Facilitate an inclusive global dialogue on the roles and responsibilities of non-state actors in securing supply chains and reducing risks for users stemming from vulnerabilities in digital products;
• Assist non-state stakeholders in contributing to greater security and stability in cyberspace through the implementation of voluntary norms for responsible behavior by providing specific guidance in the form of the Geneva Manual;
• Strengthen the awareness of stakeholders as well as their capacities for mutual dialogue on and cooperation in securing cyberspace.

Outputs

During the first phases, the Geneva Dialogue focused on the role of industry in promoting responsible behaviour in cyberspace and, in particular, discussed good practices for the security of digital products and reducing vulnerabilities in them. As a result, the GD produced the output document: “Security of digital products and services: Reducing vulnerabilities and secure design: Good practices”, as well as discussion reports on regulatory trends, regulatory challenges, and standardization issues.

In 2023, the GD aims to collect best practices and discuss existing challenges for different actors through regular virtual consultations. The results shall be published in the Geneva Manual on the non-state actors’ contribution to cyber-stability by implementing voluntary norms for responsible behavior.

Activities

Activities include Discussions, Mapping good practices, Capacity building, Recommendations.

For more on details go to Geneva Dialogue blogs https://genevadialogue.ch/#blog