Global Conference on Cyberspace 2015

Posted by Samantha Dickinson - guest blog on 24 April 2015

The journey to The Hague

The first Conference on Cyberspace was hosted by the UK government in 2011, and was originally planned as a one-off event. The London Conference brought governments together with business representatives with the aim of agreeing to some high-level principles on cyberspace behaviour that could to help address an array of Internet-related threats that were of increasing concern to governments. Agreement on such principles, however, like so many facets of Internet governance, proved impossible to reach in a single meeting, and has led to three subsequent meetings. Last week’s meeting in The Hague, the fourth in the series of meetings, was not the first to have multi-stakeholder participation in its discussions, but was the first to encourage all stakeholders at the meeting to participate in the drafting of the Chair’s Statement.

The aims of the GCCS2015

The organisers of the conference, the Dutch government, had proposed three key objectives for the meeting:

1. Support practical cooperation in cyberspace
2. Promote capacity building and knowledge exchange in cyberspace
3. Discuss norms for responsible behaviour in cyberspace 

There is a Chair’s Statement from the meeting, but in essence, participants broadly agreed on the following:

• Cybersecurity is an important issue
• Multi-stakeholder processes can help to ensure the best solutions are found
• Cyberspace is only as strong as its weakest link, so it is in everyone’s best interest to ensure all parts of the ecosystem are as strong as possible.
  
  

1. Cybersecurity is an important issue

Although this might seem like an overly obvious statement, interpretations of what makes a secure cyberspace are at the heart of many of the world’s current disagreements on Internet governance. Take, for instance, Edward Snowden’s revelations about widespread online surveillance. For the US government, online surveillance is fundamentally an issue of preserving the security of its country and citizens. For many in civil society and for a number of governments whose citizens’ communications were monitored, however, the widespread breach of personal privacy and perceived disregard for national sovereignty trump national security concerns. For governments, interruption or destruction of Internet critical infrastructure like root DNS servers is just as important a national security issue as interruption of critical physical infrastructure, such as dams or transport. However, the fact that most of the Internet’s infrastructure is operated by the private sector provides governments with a dilemma about how to best protect the cyber infrastructure that their citizens rely upon.

The conference used a format similar to Geoffrey Robertson’s Hypotheticals to explore this intersection of where governments and other stakeholders become involved in cybersecurity incidents (see “Scenario-based Policy Discussion” in the programme page). While it was not possible for conference participants to agree on concrete roles and timings for when different stakeholders should be involved in cybersecurity processes, there was general agreement that different stakeholders have different roles at different points in processes, and that it was far better to have established cooperative relationships during times of stability than to hope to develop processes on the fly during a security event.  

2. Multi-stakeholder processes can help to ensure the best solutions are found

The majority of governments who attended the conference were sympathetic to multi-stakeholder processes. Partially this is due to the self-selecting nature of the participants: governments who are friendly to multi-stakeholder processes will attend multi-stakeholder friendly meetings, while more multilateral-leaning governments will prefer to attend governments-only events. However, despite the fact that the majority of participants were supportive of multi-stakeholder processes, in a session devoted to Internet governance, there was also recognition that multilateral and government-led processes could also legitimate options. In particular, there was lively debate about whether governments were the sole guardians of cyberspace public policy, or whether other stakeholders had an equal or supporting role in the development of public policy.

3. Cyberspace is only as strong as its weakest link

Given the trans-border nature of Internet activities, it was widely recognized that no country could maintain a free, open and secure Internet simply by relying on its own laws and activities. Instead, it was agreed that all countries have to work together to ensure that those that currently have less capacity, and are therefore less able to respond to cyber threats, are able to develop the local expertise to participate as full partners in the global Internet. In particular, GCCS2015 launched the Global Forum on Cyber Expertise (GFCE) to be a loose, voluntary forum for capacity building. At launch, the GFCE had 42 founding partners, including governments, intergovernmental organizations and the businesses. The details of the GFCE are still to be finalized over the coming months.

GCCS2015 in the wider context of ongoing international Internet discussions and debates

The various initiatives to support capacity building announced at the meeting, the statements of support for multi-stakeholder processes by many government ministers, and the support for the continuation of the Internet Governance Forum in the Chair’s Statement form part of ongoing informal preparations for the United Nations General Assembly’s (UNGA) 10-year review of the World Summit on the Information Society that takes place in New York in December 2015. The formal preparatory process for the UNGA review begins in June and is intergovernmental in format. There will be opportunities for multi-stakeholder input, but it is not clear how much the intergovernmental negotiations will have to take on board that input. Therefore, meetings like the GCCS2015, which have produced multi-stakeholder-friendly outcomes while being attended by the highest levels of government, form an important part of groundwork in helping multi-stakeholder input is recognised and valued – not simply “noted” – during the UNGA process. 

In the context of supporting the input of multiple stakeholders, while there was a lot of positive and open discussion during the meeting, it is important to note that some parts of civil society criticized the event for its non-transparent selection of non-governmental participants (for example, see Another Example of “Multistakeholder Governance” in Action: The Global CyberSpace 15 “Unicorn”). More than anything, such criticisms demonstrate the complexity of implementing multi-stakeholder processes that enable every stakeholder group to feel equally valued and included. Although “democracy” has been suggested by some as a more appropriate value than “multi-stakeholder”, implementations of democracy can be just as flawed and difficult as multi-stakeholder processes. 

Australia at GCCS2015

1. The Hon. Julie Bishop MP, Minister for Foreign Affairs, attended the meeting and, during the Focus Session, “International peace and security in cyberspace,” stated that Australia believed there was currently no need for any new treaties on cyber-related issues and that it was important to apply existing offline law to the online world.
2. Australia was announced as one of the founding partners of the GFCE. As part of the GFCE, it will participate in the “Preventing and Combating Cybercrime in Southeast Asia” initiative with Japan and the USA.
3. Representatives from the Departments of the Prime Minister and the Cabinet, Foreign Affairs and Trade, and Communications also attended the meeting. Henry Fox, Director, Cyber and Space Policy, Department of Foreign Affairs and Trade, moderated the session, “Confidence Building Measures, Norms of Behaviour and Public-Private Cooperation for International Security in Cyberspace”.
4. The think tank, Australian Strategic Policy Institute attended and held a pre-event to present its recent report on Asia-Pacific perspectives on cyberspace, Asia-Pacific Cyber Insights.
5. auDA signed on to a statement by the technical Internet community  welcoming the spirit of openness and transparency in preparations for the conference and welcoming the Chair’s statement on the meeting’s discussions.
6. The Dutch government funded an Australian writer on Internet governance, Samantha Dickinson, to live tweet the conference.