Members of The Hague Institute’s Global Governance team participated in the 2014 India Conference on Cyber Security and Cyber Governance (CYFY) from 15-17 October in New Delhi in connection with two key projects: the Global Governance Reform Initiative (GGRI) and the Commission on Global Security, Justice, and Governance. GGRI experts Dr. Patryk Pawlak and Mr. Jonah Force Hill, as well as Hague Institute staff members Dr. Richard Ponzio and Dr. Joris Larik contributed to panels on “Rethinking the Global Cyber Market” and “Norms of Cyberspace.”
CYFY was convened by the Institute’s knowledge partner in New Delhi, The Observer Research Foundation (ORF), together with the Federation of Indian Chambers of Commerce and Industry (FICCI).
Billed as “India’s most dynamic platform to engage and discuss [global] cyber issues,” CYFY brought together an international group of cyber security and cyber governance experts from government, the private sector, civil society, international organizations and the technical community. While many of the issues addressed at CYFY have been the subject of debate in the international community for some time, the added value of this conference lay in its analysis of cyber governance and cyber security issues from the perspectives of emerging economies and a changing geopolitical power structure.
This inclusive, multistakeholder approach to addressing major global governance challenges is embraced by The Hague Institute’s Global Governance Reform Initiative, which focuses on salient, contemporary governance challenges, including cyber governance, with a view to distilling more general lessons for good global governance.
Paving the Way for the 2015 Global Conference on Cyberspace in The Hague
The challenge of international consensus-building in the area of cyber governance and cyber security was highlighted in the keynote address of the Netherlands’ Special Envoy to the 2015 Global Conference on Cyberspace (GCCS), Dr. Uri Rosenthal. Foreshadowing this major conference, which will take place in The Hague in April 2015, Dr. Rosenthal clarified that it will serve as an “international platform for debate and discussion” rather than a forum for negotiating an international agreement.
According to Dr. Rosenthal, the GCCS 2015 will produce a “negotiated chair statement” that aims to (1) support practical implementation of cyber security measures, such as Computer Emergency Response Team (CERT) cooperation; (2) support emerging consensus on norms for responsible state behavior in cyberspace; and (3) support capacity-building and exchange of knowledge. The Hague Institute aims to contribute to the GCCS 2015 and achieving these aims in a variety of ways, including by identifying the cyber security and governance issues on which international consensus might more easily be achieved, how such consensus can be built and which format emerging norms and principles will assume.
Norms for Responsible State Behavior in Cyberspace
The need for norms for responsible state behavior in cyberspace and the use of international law in this domain was a recurring theme throughout the conference as well as the topic of a dedicated panel featuring Dr. Joris Larik, Senior Researcher at the Hague Institute and Dr. Patryk Pawlak, Senior Analyst at the European Union Institute for Security Studies (EUISS) and expert from The Hague Institute’s Global Governance Reform Initiative.This panel was chaired by Dr. C. Raja Mohan, Distinguished Fellow and Head of Strategic Studies at the Observer Research Foundation.
Elaborating on this key theme during a pre-conference debate, Senior Fellow at the Center for Strategic and International Studies, Dr. James Lewis, underscored the need for international agreement on norms and principles for responsible state behavior in cyberspace. He acknowledged that “the dynamics of international negotiation have changed” and it is no longer possible to ignore the demands of the BRICS countries.
Although there are significant differences in the Internet governance approaches advocated by the Global North and the Global South, with further divergence within the BRICS grouping, it is possible to identify specific governance issues around which coalitions of like-minded states may be developed. For example, together with their Global North counterparts, India and Brazil have emerged as powerful champions of the right to the freedom of expression online – an issue around which it may be possible to forge a significant degree of international consensus.
The panel discussion on state norms highlighted the importance of recognizing the limits imposed by geopolitics when designing cyber governance approaches; adopting a piecemeal or sectoral approach to consensus-building (i.e. focusing on issues that are both narrow in scope and on which there is already some consensus); and pursuing opportunities for bilateral or regional cooperation on cyber governance issues. The panel emphasized that pragmatism must ultimately prevail and that enforceable rules will eventually emerge from sustained state practice.
Dr. Larik nevertheless cautioned against what he called “pactophobia”, i.e. overstating the difficulty of negotiating international agreements and underestimating the flexibility international treaties can offer to accommodate the political sensitivities of signatories, using the Budapest Convention on Cybercrime as an example. In a similar vein, Dr. Pawlak suggested that rather than focusing on the creation of “new” norms and principles, states should look to existing human rights, rule of law, and good governance frameworks as a basis for determining appropriate state behavior in cyberspace.
Digital India: IT + IT = IT
While much of the conference focused on security and governance issues that have arguably been prioritized by the Global North, the inaugural address by India’s Minister of Communications and IT, Ravi Shankar Prasad, dealt with the critical issue of enhancing Internet access with which many Global South countries are grappling. Minister Prasad elaborated on the Digital India project, which aims to ensure the availability of digital infrastructure and government services on demand (via mobile phone), as well as the digital empowerment of all Indians. Prime Minister Modi’s vision for this project and India’s future is captured succinctly in the formula IT + IT = IT (India’s Talent + Information Technology = India Tomorrow).
Digital India and projects like it are a critical step in addressing the challenge of connecting the 4.4. billion people across the world who are currently offline. The issue of enhancing connectivity commands less attention at present than hot-button topics such as data surveillance and localization, which indicates a failure on the part of the international policy community to fully appreciate the revolutionary impact of the Internet on economic growth and development as well as its ability to facilitate greater freedom, security and justice. The Hague Institute will explore the benefits of enhanced Internet access in the Global South and propose how to achieve greater connectivity in the context of its work for the Commission on Global Security, Justice, and Governance.
Commission on Global Security, Justice, and Governance
On 18 October 2014, following the conclusion of CYFY, The Hague Institute, together with the Stimson Center(Washington D.C.) and the Observer Research Foundation, convened a group of high-level experts on cyber security and cyber governance for an expert consultation in connection with the work of the Commission on Global Security, Justice, and Governance. The consultation was chaired by Dr. Jane Holl Lute, President and CEO of the Council on CyberSecurity and Former U.S. Deputy-Secretary for Homeland Security.
In her remarks, Dr. Holl Lute noted a general decline of trust in public sector institutions worldwide, which manifests itself in the cyber domain as well, raising the question of how to build trusted systems using components that cannot themselves be fully trusted. In tackling this challenge, she advanced the notion of “cyber hygiene”, according to which governments ought to go beyond the traditional “intelligence approach” to cyber governance and expand their role in law enforcement and rule of law matters, thereby creating threshold conditions of security, well-being and justice.
Notwithstanding the very real threat that cyber-attacks present, whether to the security of states or the personal finances of individuals, Dr. Holl Lute stressed that proper cyber hygiene practices could help mitigate 80 – 90% of all known threats.
Alongside Dr. Holl Lute, the Former Deputy National Security Advisor of India, Ambassador Latha Reddy, and Executive Director of the Center for Internet and Society – India, Mr. Sunil Abraham, addressed the expert group on the themes of “Cyber Governance and Cyber Security in the 21st Century” and “Internet Access, Freedom Online, and Development in the Global South” respectively. A summary of the key issues arising from this meeting will be available in December 2014 via the website of the Commission.
CYFY 2014 has played an important role in advancing the global discussion of who and what principles should govern cyberspace; how greater international security and stability can be achieved; and how to maximize the utility of the Internet as an engine of global economic growth. Of particular value was the elaboration of how divergent national and/or regional approaches to cyber security and cyber governance may be reconciled in an incremental fashion through consensus-building and the diffusion of norms for responsible state behaviour.
It is vital that the international cyber community seize the opportunity to hone the tools and approaches necessary for brokering international agreement on a range of critical cyber issues at future fora such as the Global Cyberspace Cooperation Summit (V) in Berlin (December 2014) and the fourth instalment of the London Process, the Global Conference on Cyberspace in The Hague (April 2015).