Estonia’s Crucial Role in Tackling Growing Cyber Threats

22 June

Esther Naylor

Esther Naylor

Research Assistant, International Security Programme

Estonia’s presidency of the UN Security Council refreshes the debate on global cyber security just as the coronavirus pandemic exposes the consequences of failing to protect critical digital infrastructures.


Targeted cyberattacks are growing in frequency. Photo by Jaap Arriens/NurPhoto via Getty Images.

Targeted cyberattacks are growing in frequency. Photo by Jaap Arriens/NurPhoto via Getty Images.

Recent targeted cyberattacks exploiting the increased demand placed on the healthcare sector during the pandemic led to many calls of condemnation as well as a renewed focus on the connection between cyberspace and the UN’s role in maintaining peace and security.

Many world leaders and renowned experts have been urging governments to take action at the UN level to uphold the international laws being breached by these incidents. UN secretary general Antonio Guterres condemned those carried out on critical civilian infrastructure during his remarks at the Security Council in May following a wave of incidents such as cyberattacks on Czech hospitals and targeting of coronavirus medical research by hostile state actors.

At the same time, Estonia began its first ever presidency of the UN Security Council with a signature virtual event putting cyber security at the heart of its agenda and holding an event on cyber stability, conflict prevention, and capacity-building.

During this meeting member states recognised the COVID-19 crisis has created increased reliance on critical digital infrastructure, and some condemned those targeting hospitals with cyberattacks. However, one permanent security council member abstained from attending – Russia.

Russia-Estonia relations are generally often strained, but the infamous 2007 Tallinn cyberattacks – suspected to be Russian in origin – took down online services for banks, media outlets, even parts of the government, and triggered a radical change in how Estonia managed cyber security.

The lesson from Estonia for any country wishing to undergo digital transformation is simple – that threats to peace and security in the physical world can be translated to cyberspace. Through developing its cyber incident response, the government’s own cyber security capacity and its digital infrastructure, Estonia became a model and a leader on digitization and e-governance efforts.

And although those involved in developing the governance of cyberspace pay credence to a multi-stakeholder approach – involving actors from the private sector, technical community, civil society and academia – states remain the key players.

Countries agreed on a number of commitments in 2015 on norms of responsible state behaviour with the aim of maintaining stability in cyberspace. Yet these commitments were voluntary rather than legally binding and the challenge remains in the implementation of these commitments, the evolving nature of cyberspace, the threat landscape, and the widening capacity gap between those countries with developed cyber capacity and those with nascent digitization.

At the UN level, the debate on global cyber governance is currently split into two parallel processes, within which there are differing views on how cyberspace should be governed. The Open Ended Working Group includes all UN member states and hears consultations from civil society, academia and industry, while the 2019 Group of Governmental Experts contains a group of 25 member countries.

Both processes were due to deliver reports from their proceedings over the next two years to the UN General Assembly, and, although these will most probably be delayed due to COVID-19, Estonia’s decision to put cyber security on the UN Security Council agenda can at least preserve momentum gained from the processes.

But despite being the most powerful UN body, which is capable of issuing binding resolutions, and having permanent members drawn from the world’s most powerful countries – and prolific users of offensive cyberattacks – the Security Council is often criticized for inaction or being paralysed by ‘veto politics’.

Worryingly the council has been unable to even pass a resolution on the coronavirus pandemic and its threat to peace and security. Indeed, exactly what the council deems a threat has evolved over time as events trigger changes in international relations. But what is certain is the fallout from the pandemic will underscore the need for international cooperation on cyberspace to maintain peace and security.

Estonia’s election onto the council accompanied by its campaign commitment to promoting cybersecurity issues is a promising start, and its non-permanent membership does give a genuine opportunity for assertive action against cyberattacks. It has already helped set a precedent of bringing attribution of a cyberattack to the Security Council when, along with the UK and the US, it attributed an attack on Georgia to Russia.

This sets a strong example of how countries can hold each other to account for violations of international norms and reminds states that actions have consequences. State-sponsored cyberattacks are among the most threatening to peace and security, and often states are also the target of such attacks. Therefore, bringing cyber to the Security Council acknowledges the role states have in fulfilling their obligations to each other.

Estonia’s role on the Security Council is also important for small states undergoing digital transformation which may be rather beholden to more technologically dominant states. The pandemic has stretched critical digital infrastructure to its limits and increased the overall harm caused by attacks.

Small states are often heavily reliant on other countries complying with international law and norms to maintain peace and security, but Estonia has the opportunity to frame the cyber security debate beyond the usual geopolitical tensions on the UN Security Council and reflect the true reality – that every country, regardless of size or power, has a key part to play in protecting cyberspace.

Source: International Law and Governance

Pubblicato in Worldwide News | Commenti disabilitati su Estonia’s Crucial Role in Tackling Growing Cyber Threats

Piu’ Europei Magazine – n. 57

Pubblicato in Piu’ Europei Magazine | Commenti disabilitati su Piu’ Europei Magazine – n. 57

Can the UN Roadmap on Digital Cooperation Improve our Digital Future?

12 June

Marjorie Buchser

Marjorie Buchser

Executive Director, Digital Society Initiative

Ruma Mandal

Ruma Mandal

Director, International Law Programme

The new proposals are timely with the world at a critical inflection point for technology governance, as responses to the ongoing pandemic have fast-forwarded digitalization across all sectors.


Attendees photograph the Massive Curve of Nature display of 250 curved screens at the Consumer Electronics Show in Las Vegas, USA. Photo by ROBYN BECK/AFP via Getty Images.

Attendees photograph the Massive Curve of Nature display of 250 curved screens at the Consumer Electronics Show in Las Vegas, USA. Photo by ROBYN BECK/AFP via Getty Images.

Within the space of just a few months, the worldwide health crisis has accentuated gaps in connectivity and underscored the deep fragmentation of responses and approaches to technology deployment and adoption. And numerous processes and entities have already emerged raising concerns around this fragmentation, as well as effectiveness and inclusivity.

The Organization for Economic Co-operation and Development (OECD) and World Economic Forum (WEF) have both set up new units to facilitate governance efforts while, in response to intensifying public pressure, ‘big tech’ initiated a series of multi-stakeholder alliances such as the Partnership on AI, the Paris Call for Trust and Security in Cyberspace and the Global Internet Forum to Counter Terrorism.

But none of these carry the legitimacy that comes – even in difficult times for multilateralism – from the global umbrella of the United Nations (UN). However, despite significant contributions by UN actors on human rights online, the creation of the multi-stakeholder Internet Governance Forum, working groups on cyber security norms and other UN-driven initiatives, the UN itself has struggled to match the rapid advances in technology capabilities and adoption.

Perhaps this is inevitable, given the sheer scale and complexity of the challenge combined with institutional and capacity challenges the organization faces, as well as ongoing geopolitical tensions.

Welcome change of pace and ambition

But despite such challenges, the unveiling of its Roadmap for Digital Cooperation by the UN secretary-general shows a welcome change in pace and ambition, responding to recommendations by a High Level Panel on Digital Cooperation on the future of global technology governance.

The roadmap lays out a series of concrete steps and potential mechanisms for global digital cooperation, including the establishment of several new coalitions and alliances. And it also clearly identifies some of the critical gaps in the way global technology governance is developed, including a lack of common metrics and definitions.

As the document notes, there are currently no ‘baselines on the fundamental level of digital connectivity that individuals need to access the online space’. Referencing the SDGs, the roadmap promises to support efforts to track and monitor progress, including universal targets and metrics on digital connectivity, as well as a definition of “affordability” for internet pricing. It also calls for support towards the development of annual ‘national scorecards’ on digital inclusion.

The roadmap also sees the UN re-assert its normative power, because it recognizes the fundamental complexity of the digital landscape, and the consequent importance of creating a ‘common language’ for multiple stakeholders, including under-represented actors such as smaller and/or developing countries, civil society and non-for-profit organizations.

It advocates for a common affirmative model that promotes digital public goods such as open source software, open data and open standards, it seeks to align visions for digital security, and it firmly underscores the application of international human rights law in the digital space.

In persistently articulating the political, civic and economic benefits associated with a more open digital sphere, the roadmap highlights the perils of abusive technology-driven surveillance, internet shutdowns and online harassment, emphasizing the responsibilities of both governments and technology companies.

Its warning to digital platforms on privacy issues echoes both public concerns and the EU’s emerging stance that ‘the current financing model for social media platforms effectively encourages the collection of personal data for commercial purposes, so that content and advertising can be more effectively tailored to individuals’ consumption patterns. Changes to this model will need to be considered in order to reverse the trend’.

While the secretary-general aims to appoint a technology envoy and set up a number of new UN-led multi-stakeholder initiatives – including on both AI and digital inclusion – the ambition of the UN playing a centralizing and coherence-building role in global technology governance has to contend with the reality of profoundly differing approaches between democratic and authoritarian governments.

This is evident in the roadmap’s approach to global architecture for digital governance, in that it does not expand on the rather broad suggestions made by the High Level Panel. The panel offered three alternative models: a strengthened and enhanced ‘Internet Governance Forum Plus’, a distributed co-governance architecture that ‘decouples the design of digital norms from their implementation and enforcement’, and a digital commons architecture that would treat the digital world as a global commons issue requiring joint stewardship.

The roadmap seems to park this core question by simply noting that discussions among relevant stakeholders are still ongoing. However the secretary-general does commit to making the Internet Governance Forum more responsive and outcome-oriented, and the report indicates some appetite for piloting co-governance models at either national or regional level.

Most notably, the roadmap is vocal on one of the fundamental shortcomings of today’s global technology governance – the lack of inclusivity. Developing countries are largely absent from or not well-represented in international digital governance forums and, as highlighted in Chatham House’s ongoing Inclusive Governance Initiative conversations, the ability of civil society actors to engage in the venues open to them is severely hampered by cost, expertise and networks.

The fact that a number of the doadmap ‘champions’ and ‘key constituents’ are under-represented actors such as smaller and developing countries and NGOS, gives hope for a more inclusive and diverse approach in the future. But delivering on capacity-building will be key and so the roadmap’s emphasis on this is welcome.

In a world in flux, which is increasingly digitalized and fragmented, the Roadmap for Digital Cooperation is one of the most ambitious and far-reaching attempts so far to provide a universal affirmative vision of the digital realm – one that is open, safe and rooted in human agency and human rights. But realising that vision requires a delicate marrying of power and representation.

Source: International Law and Governance

Pubblicato in Worldwide News | Commenti disabilitati su Can the UN Roadmap on Digital Cooperation Improve our Digital Future?