The UN has recently created two separate working groups with the aim of developing rules for states and responsible behaviour in cyberspace.

We look at a recent CCDCOE communication which analyses some of the key implications of these developments.

Who is the CCDCOE?

The Cooperative Cyber Defence Centre of Excellence (CCDCOE) is a NATO-accredited cyber defence hub, supporting its member nations and NATO with cyber defence expertise.

The CCDCOE comprises a range of experts from over 20 nations, including researchers, analysts, government, academia and industry.

Why have two working groups been created?

Two separate and competing proposals have been presented by the United States and Russia, reflecting a divergence in how the countries believe cyberspace should be regulated.

Surprisingly, the United Nations General Assembly has approved both proposals, demonstrating a dual approach to the regulation of cyberspace.

How do the US and Russian proposals differ?

The resolution sponsored by Russia creates an open-ended working group (OEWG) of the General Assembly to study existing norms and identify new norms.

The OEWG, with wider participation, will consider “a framework for governmental control of information and communications technologies (ICTs) while ensuring the protection of human rights in the cyber context.”

The resolution sponsored by the United States creates a Group of Governmental Experts (GGE) to study how international law applies to state action in cyberspace and identify ways to promote compliance with existing cyber norms. Generally speaking, GGEs have a much smaller, more specialised membership than OEWGs.

The GGE will focus on “debated issues such as setting a legal framework for responses to cyber incidents with low thresholds of harm when ICT infrastructures are involved.”

Potential advantages of two separate working groups

The decision by the UN to accept both proposals indicates a view that these proposals could work in tandem to explore the most effective solutions.

A recent communication from the Council on Foreign Relations shows that while some countries said they would have preferred a single resolution, they did feel that “having a small group of experts and a much larger group of generalists could complement each other, and raise awareness of cyberspace challenges within the entire UN membership”.

Potential disadvantages

The CCDCOE posits that “two different tracks might endanger the norms negotiating process even further by splitting the UNGA in half and creating confusion over the scope of the two Resolutions”.