The Hague Global Cyber Security Conference, the fourth in the series of the eponymously named London Process Conferences, is set to take place on the 16th and 17th of April 2015. The London Process has had a chequered history. Begun in 2011 as a mechanism to propagate the values and ideals of an open and global cyberspace, it was conceived as a state-sponsored summit that gave fair and adequate representation to all participants to discuss issues at the intersection of security, economic growth and human rights. Positioned as a forum midway between the two extremes of the multi-stakeholder centric Internet Governance Forum and state-dominated fora such as the International Telecommunications Union, and the Shanghai Cooperation Organisation, it has struggled to get traction. The last iteration of the conference was held in Seoul in 2013. Since there were no takers to host a conference the next year, the Dutch took on the mantle of hosting the Conference in 2015.
In the intervening two years, the Dutch government has expended a considerable amount of energy and resources on shaping an agenda and gathering support for a successful outcome. The areas of focus have remained the same from the first London Conference; that of strengthening international peace and security, spurring socio-economic growth, reducing crime and ensuring freedom and privacy online. The Summit has also taken many cues from the report of the UN Group of Governmental Experts report published in 2013, and incorporated many of the latter’s recommendations into its agenda. The stumbling blocks of low multi-stakeholder participation and low participation from the developing world have sought to be mitigated through support for a series of regional conferences to provide inputs to the larger summit.
While Asia is home to the largest number of internet users on the planet, there is comparatively little contribution from the region to the discussions on cybersecurity. A look at the region throws up many contradictions. Although there are many cyber-conflicts taking place in Asia, there is insufficient discussion within the region on the strategic dimensions of cybersecurity. Much of the discussion takes place in silos and focuses on technical issues, or cybercrime, or protecting critical infrastructure without an overall appreciation of the impact of cyberattacks on regional peace and security. No forum exists for cross sector discussion on cyber issues. Instead, it has fora such as ASEAN and APEC where cyber security is just one of many issues discussed. In a regional environment where there is a vast gap in capacities and capabilities of states institutions, technical organisations and the private sector, such fora with their emphasis on geo-political issues do not provide an optimum environment for discussion and follow-up actions on cybersecurity. Consequently, the Asia-Pacific is present at the table but does not make any meaningful contribution. This would not be of importance were it not for the fact that the template for discussions on cybersecurity includes regional organisations, with discussion taking place among multiple stake-holders at the national and regional levels within this template. While this is a well-established process in the developed world, such a model has not found traction in the developing world for a variety of reasons ranging from lack of capacity to inadequate institutional mechanisms.
For the developed world, the Hague Summit offers the opportunity for incremental progress on issues of interest to them such as the creation of norms through discussion on adapting international laws to cyberspace and reinforcing the open and global nature of cyberspace with particular regard to e-commerce. Whilst these are to the good, there is only glacial movement on issues such as international co-operation on cybercrime, issues relating to fixing vulnerabilities in hardware and software, and supply-chain vulnerabilities. Ultimately, it is the vulnerabilities that contribute to the strategic insecurities.
The London Process does suffer from a few deficiencies; the Conferences have been seen to be too state-centric, but with varying participation at the highest levels of government from different countries. Pre-set agendas and positions by various countries have limited the room for dialogue. The huge number of participants has evoked comparisons with the Internet Governance Forum (IGF), which is seen as a talk shop, albeit a much more vibrant one. Nonetheless, while the IGF presents a yearly snapshot for posterity of the major cybersecurity issues on the agenda, the previous iterations of the Global Cybersecurity Conferences have vanished without a trace at the end of the Conference, at least in cyberspace. There are no records of speeches or papers, or even of the conference websites of any of these summits, be it London, Budapest or Seoul. That is quite ironic, considering the topic of discussion is internet and cyberspace, which is the repository of a virtually unlimited amount of content. A major initiative that is expected to be announced at the Hague Summit is the establishment of a Global Forum of Cyber Expertise at Oxford, UK alongside the existing Global Cyber Security Capacity Centre announced and set up by the UK after the Budapest summit in 2012. It is as yet not clear how one will be distinct from the other.
The London Process has become an important forum to discuss cross-sector concerns. But to gain traction, it would have to progress from being a single country led initiative, which lives or dies by the resources devoted to it by the host country, to a more sustainable endeavour. Options that could be considered include global summits being sponsored by regional organisations by rotation.
Asia, too, has to improve its game if Asian voices are to be heard. An appropriate forum to discuss cyber security issues is still lacking where countries can go beyond discussing less controversial issues like cyber crime to more contentious issues that affect the stability and security of cyberspace. Further, one particular aberration is the complete exclusion of West Asia from the regional discussion in Asia, since the existing frameworks are centred on South-East Asia.
To succeed, the London Process has to continuously evolve and become more broad-based and inclusive. At the same time, regions that are currently under-represented in the global discussions on cybersecurity should not be content to sit by the sidelines, but make an active effort to contribute to the cause of an open, global, secure and safe cyberspace.
Views expressed are of the author and do not necessarily reflect the views of the IDSA or of the Government of India