BPF Cybersecurity

IGF2020 

Best Practice Forum Cybersecurity

exploring best practices in relation to international cybersecurity initiatives

 

BPF Cybersecurity output document

download the report 

  • Introduction and Summary
  • Part I - What Cybersecurity Policymaking Can Learn from Normative Principles in Global Governance
  • Part II - Exploring Best Practices in Relation to International Cybersecurity Agreements

 

BPF Cybersecurity session at IGF 2020

Tuesday, 17 November, 12:50 - 14:20 UTC

session link: https://www.intgovforum.org/content/igf-2020-bpf-cybersecurity

video recording at https://youtu.be/zxqh4Em7twg?t=100 

 

Contributions & Feedback reveived

BPF Coordinating team
  • Ben Wallis, MAG BPF Facilitator
  • Markus Kummer, BPF Co-facilitator
  • Maarten Van Horenbeeck, BPF Lead expert
  • John Hering, Lead Workstream 1
  • Mallory Knodel, Lead Workstream 2
  • Sheetal Kumar, Lead Workstream 3
  • Wim Degezelle, Consultant IGF Secretariat

contact [email protected]

Preparatory process

Abstracts

What Cybersecurity Policymaking Can Learn from Normative Principles in Global Governance  -  Draft Background document   (download .pdf)

The Internet Governance Forum’s thematic intersessional work on cybersecurity intends to guide submissions to the 2020 Best Practice Forum on Cybersecurity’s final, annual report. By taking the time to identify successful norms initiatives and their role in policy change, the BPF Cybersecurity grounds its analysis of a wide variety of Cyber Norms initiatives in the lessons learned throughout the stages from early development to implementation. The examples studied in this review were chosen for their effectiveness and are not necessarily related to or even tangential to technology or the internet. By looking to successful norms frameworks the BPF Cybersecurity, and the initiatives it has invested in, might better understand the strengths, flaws, and why some norms initiatives have ultimately succeeded. 

Exploring Best Practices in Relation to International Cybersecurity Agreements - draft Research paper   (download .pdf)

The IGF 2020 Best Practice Forum (BPF) on Cybersecurity’s workstream on exploring best practices in relation to international cybersecurity agreements is focused on updating and further advancing the analysis of the 2019 BPF report on the state of international cybersecurity agreements, with a more narrow focus on cyber norms agreements. Its work includes:

  • ●  Identifying new agreements and developments since last year to include in the analysis.
  • ●  Reviewing and refining the scope of agreements to be included in the report.
  • ●  Identifying a core group of agreements to include in the 2020 analysis.
  • ●  Identifying trends and commonalities between contents of cyber norms agreements.
  • ●  Releasing a call for contributions to gain further input on these selected agreements and their implementation.
  • ●  Updating last year’s research paper with new learnings about implementation regarding these core agreements.

Identifying additional international agreements and initiatives on cybersecurity, and performing a deeper analysis of a set of agreements  -  Call for contributions 

In 2020, the BPF Cybersecurity is building on its 2019 report by focusing on identifying additional international agreements and initiatives on cybersecurity, and performing a deeper analysis of a narrower set of agreements. In this deeper analysis, we’re looking specifically at whether the agreement includes any of the UN-GGE consensus norms; and whether any additional norms are specifically called out. The narrower set of agreements is focused on those that are specifically normative, rather than having directly enforceable commitments.  The Best Practice Forum on Cybersecurity is calling for input for its 2020 effort. Input will feed into the BPF discussions, the BPF workshop during the virtual IGF2020 and this year’s BPF output report.

BPF Activities 
Participate

Participation in the work of the BPF Cybersecurity is free and open to all interested. Participants are expected to respect the IGF Code of Conduct .

Subscribe to this BPF mailing list:
http://intgovforum.org/mailman/listinfo/bpf-cybersecurity_intgovforum.org

For general inquiries on the BPF Cybersecurity please contact [email protected] .

BPF Work plan

Workstream 1:  Identify new agreements and recent developments since last year

Work stream 1 focuses on identifying new agreements that appeared since last year. We intend to review only on those agreements that are strictly norms-focused (so to not look into instruments of hard law). Specifically interesting would be to identify any new norms related to healthcare cybersecurity, given COVID-19.

  • Reviewing new agreements and perform last year’s mapping exercise on both the new agreements and to capture any new developments in relation to agreements reviewed last year;
  • Identify a core set of agreements we want to retain for a more detailed review;
  • Develop a targeted Call for Contributions to gain further input on these selected agreements;
  • Initiate the Call for Contributions and process results;
  • Update last year’s research paper with new learnings about implementation regarding these core agreements.

WS1 update (22 July 2020) : link 

WS1 Research paper - Exploring Best Practices in Relation to International Cybersecurity Agreements (.pdf)

Workstream 2:  Understanding and documenting methods of norms assessment

This work stream focuses on understanding the role of assessment in norms setting and how assessment contributes to whether they are truly adhered to. In addition, we’ll take a look at other disciplines outside of cyber, and see how we can learn from normative principles as governance in other contexts.

Specifically interesting would be to identify any assessment related to healthcare cyber norms, given COVID-19: for instance, states calling out malicious cyber behavior affecting healthcare, indicating a norm may be present.

  • Identify forms of norms assessment which already exist in cyber, for instance by looking at publications and statements by states and non-state actors around adherence to a norm.
  • Identify methods of norms assessment in other disciplines;
  • Evaluate how these may apply to the principles we deal with in cyberspace.

WS2 Background paper  What Cybersecurity Policymaking Can Learn from Normative Principles in Global Governance (.pdf)

Workstream 3:  Outreach to widen participation in the BPF

We’ve identified for a few years now that we need wider participation, and given the growth of interest in the BPF, this is a good year to dedicate some effort to outreach and engagement - specifically focused on government and private sector, which have historically been underrepresented in our group.

  • Identify potential new participants in government, private sector and other stakeholder groups.
  • Have a special focus on identifying participants from the youth constituency;
  • Reach out to these potential participants and motivate them to contribute to the BPF.