Best Practice Forum Cybersecurity
exploring best practices in relation to international cybersecurity initiatives
BPF Cybersecurity output document
download the report
BPF Cybersecurity session at IGF 2020
Tuesday, 17 November, 12:50 - 14:20 UTC
video recording at https://youtu.be/zxqh4Em7twg?t=100
Contributions & Feedback reveived
BPF Coordinating team
- Ben Wallis, MAG BPF Facilitator
- Markus Kummer, BPF Co-facilitator
- Maarten Van Horenbeeck, BPF Lead expert
- John Hering, Lead Workstream 1
- Mallory Knodel, Lead Workstream 2
- Sheetal Kumar, Lead Workstream 3
- Wim Degezelle, Consultant IGF Secretariat
What Cybersecurity Policymaking Can Learn from Normative Principles in Global Governance - Draft Background document (download .pdf)
The Internet Governance Forum’s thematic intersessional work on cybersecurity intends to guide submissions to the 2020 Best Practice Forum on Cybersecurity’s final, annual report. By taking the time to identify successful norms initiatives and their role in policy change, the BPF Cybersecurity grounds its analysis of a wide variety of Cyber Norms initiatives in the lessons learned throughout the stages from early development to implementation. The examples studied in this review were chosen for their effectiveness and are not necessarily related to or even tangential to technology or the internet. By looking to successful norms frameworks the BPF Cybersecurity, and the initiatives it has invested in, might better understand the strengths, flaws, and why some norms initiatives have ultimately succeeded.
Exploring Best Practices in Relation to International Cybersecurity Agreements - draft Research paper (download .pdf)
The IGF 2020 Best Practice Forum (BPF) on Cybersecurity’s workstream on exploring best practices in relation to international cybersecurity agreements is focused on updating and further advancing the analysis of the 2019 BPF report on the state of international cybersecurity agreements, with a more narrow focus on cyber norms agreements. Its work includes:
- ● Identifying new agreements and developments since last year to include in the analysis.
- ● Reviewing and refining the scope of agreements to be included in the report.
- ● Identifying a core group of agreements to include in the 2020 analysis.
- ● Identifying trends and commonalities between contents of cyber norms agreements.
- ● Releasing a call for contributions to gain further input on these selected agreements and their implementation.
- ● Updating last year’s research paper with new learnings about implementation regarding these core agreements.
Identifying additional international agreements and initiatives on cybersecurity, and performing a deeper analysis of a set of agreements - Call for contributions
In 2020, the BPF Cybersecurity is building on its 2019 report by focusing on identifying additional international agreements and initiatives on cybersecurity, and performing a deeper analysis of a narrower set of agreements. In this deeper analysis, we’re looking specifically at whether the agreement includes any of the UN-GGE consensus norms; and whether any additional norms are specifically called out. The narrower set of agreements is focused on those that are specifically normative, rather than having directly enforceable commitments. The Best Practice Forum on Cybersecurity is calling for input for its 2020 effort. Input will feed into the BPF discussions, the BPF workshop during the virtual IGF2020 and this year’s BPF output report.
- Virtual Meeting III (Thursday 22 October) Recording (Access Passcode: u$1j.g!h )
- Launch BPF Call For Contributions (17 September - deadline 17 October)
- WS1 draft Research paper - Exploring Best Practices in Relation to International Cybersecurity Agreements (17 September)
- WS2 Background paper What Cybersecurity Policymaking Can Learn from Normative Principles in Global Governance (17 September)
- Virtual Meeting II (Thursday 10 September) - meeting report
- Workstream 1 of the BPF Cybersecurity published the proposed scope of its analysis of cybersecurity agreements and the list of agreements it intends to cover. (22 July 2020)
- The three BPF workstreams finalized their workplans and kicked-off in small teams. (June 2020)
- Virtual meeting I (Wednesday 19 February) - meeting report
- The outline proposal for the continuation of the BPF Cybersecurity in 2020 was developed following feedback on the BPF mailing list in December and approved by the Multistakeholder Advisory Group (MAG).
- Statement on the IGF and Cybersecurity to the Open-ended Working Group on developments in the field of information and telecommunications in the context of international security - Second substantive session (13 February) - Informal Paper submitted by the IGF Secretariat to the UN OEWG (February 2020).
Participation in the work of the BPF Cybersecurity is free and open to all interested. Participants are expected to respect the IGF Code of Conduct .
Subscribe to this BPF mailing list:
For general inquiries on the BPF Cybersecurity please contact email@example.com .
BPF Work plan
Workstream 1: Identify new agreements and recent developments since last year
Work stream 1 focuses on identifying new agreements that appeared since last year. We intend to review only on those agreements that are strictly norms-focused (so to not look into instruments of hard law). Specifically interesting would be to identify any new norms related to healthcare cybersecurity, given COVID-19.
- Reviewing new agreements and perform last year’s mapping exercise on both the new agreements and to capture any new developments in relation to agreements reviewed last year;
- Identify a core set of agreements we want to retain for a more detailed review;
- Develop a targeted Call for Contributions to gain further input on these selected agreements;
- Initiate the Call for Contributions and process results;
- Update last year’s research paper with new learnings about implementation regarding these core agreements.
WS1 update (22 July 2020) : link
WS1 Research paper - Exploring Best Practices in Relation to International Cybersecurity Agreements (.pdf)
Workstream 2: Understanding and documenting methods of norms assessment
This work stream focuses on understanding the role of assessment in norms setting and how assessment contributes to whether they are truly adhered to. In addition, we’ll take a look at other disciplines outside of cyber, and see how we can learn from normative principles as governance in other contexts.
Specifically interesting would be to identify any assessment related to healthcare cyber norms, given COVID-19: for instance, states calling out malicious cyber behavior affecting healthcare, indicating a norm may be present.
- Identify forms of norms assessment which already exist in cyber, for instance by looking at publications and statements by states and non-state actors around adherence to a norm.
- Identify methods of norms assessment in other disciplines;
- Evaluate how these may apply to the principles we deal with in cyberspace.
WS2 Background paper What Cybersecurity Policymaking Can Learn from Normative Principles in Global Governance (.pdf)
Workstream 3: Outreach to widen participation in the BPF
We’ve identified for a few years now that we need wider participation, and given the growth of interest in the BPF, this is a good year to dedicate some effort to outreach and engagement - specifically focused on government and private sector, which have historically been underrepresented in our group.
- Identify potential new participants in government, private sector and other stakeholder groups.
- Have a special focus on identifying participants from the youth constituency;
- Reach out to these potential participants and motivate them to contribute to the BPF.