Cybersecurity: International Organizations’ Perspective

By Eugenia Lostri

The Center for International Law and Governance at the Fletcher School of Law and Diplomacy hosted a conference on cybersecurity and the law on September 14 and 15. Following is a review of one of the panels held during the conference.

The speakers for the panel on international organizations’ perspective represented both regional and global perceptions: Fabrizio Hochschild, who serves as Assistant Secretary-General for Strategic Coordination at the United Nations; Rasa Ostrauskaite, Director for Transnational Threats at the Organization for Security and Cooperation in Europe, and Ambassador Marina Kaljurand, former Estonian Minister of Foreign Affairs and Chair of the Global Commission on the Stability of Cyberspace.

Under moderator Ian Johnstone, Co-Director of the Center for International Law and Governance, Professor of International Law and Dean ad interim at The Fletcher School of Law and Diplomacy, the panelists provided their point of view on the multilateral initiatives undertaken by the United Nations, the Organization for Security and Cooperation in Europe, and the European Union regarding cooperation on cybersecurity.

In the first place, Fabrizio Hochschild spoke on the advances undertaken by the United Nations. Taking into consideration the difficulties that arise in a global multinational setting, he valued the progress that has been made so far. He mentioned in particular the establishment of the group of government experts (GGE), and their decision that the UN Charter is to be applied to state activity in cyberspace. Mr. Hochschild also recalled that, though slow, these advancements should be commended, given that it usually takes a terrible catastrophe for states to agree on international norms – drawing a parallel to how an agreement about the international communications system materialized after the sinking of the Titanic.

The second panelist, Rasa Ostrauskaite, provided the perspective of the Organization for Security and Cooperation in Europe. The OSC is a regional organization, but it also presents the challenge of being conformed by non-like-minded members. This situation, she argued, made discussions on this forum to be limited to superficial issues, such as language. She furthered explained how the OSC attempts to apply a framework to cybersecurity issues. This effort consists of three steps: (1) establishment of norms, (2) confidence building measures, which include encouraging countries to publish their cyber and military doctrines or setting a cyber diplomacy at the forum with cyber-ambassadors that facilitate communication during crisis, and (3) fostering the participation of scholars in the discussions at the OSC. Finally, Ms. Ostrauskaite posed the question of whether a regional organization has the capacity to address and decide a truly global issue such as cybersecurity.

Finally, Ambassador Marina Kaljurand gave her position from the outlook of a member state. Particularly, she referred to how the European Union and NATO are working hand in hand and setting specific obligations. Regarding the role of regional organizations and their agreements, she considered that after being agreed upon by a certain region, they can be opened to other like-minded countries, expanding their geographical scope. Considering the viewpoint of a member state, she made a point of the fact that states are not usually willing to sign on restrictive measures that will be applied to them, particularly in a new field. On the matter of attribution, she mentioned the current stance of the European Union, who is not willing to accuse without hard evidence against another state. She argued in favor of stronger support to state attribution. To conclude, she made a case for opening the discussion to non-state actors, given their relevance in the development of technology and therefore their interest in its regulation.

This panel, all in all, provided the opportunity to take a step back from the academic approaches to different issues relating to cybersecurity and understand the practical difficulties that multilateral negotiations pose. Though it may seem as if international negotiations have failed, or are ineffective, we must bear in mind that the “right now” mentality does not necessarily translate well where international organizations are concerned. Advances are being made, and states have recognized the need to regulate cyberspace in some manner, as shown by the regional and global initiatives undertaken.