Cyber Resilience and Norms Workshop

As part of the German Federal Foreign Office's conference "Shaping Cybersecurity" on September 27 in Potsdam, the Digital Society Institute organized a workshop on "Cyber Resilience and Norms for International Stability". The results of the workshop as well as our policy recommendations were summarized in a final report, which can be downloaded below.

The workshop on “Cyber Resilience and Norms for International Stability” aimed to discuss different normative elements in advancing cyber resilience at the global, regional, and national level. The first part of the workshop focused on the implementation of norms of responsible state behavior, confidence-building measures, and international law in cyberspace. The second part of the session addressed questions on how to achieve cyber resilience and cyber stability. The session provided useful insights on above-mentioned topics, drawing on the wide experience of speakers from the UN, OSCE, EU as well as national governments, and academia.



During the last decade, the international diplomatic community has been working intensively on increasing cyber stability at the global, regional, and national level. Under the aegis of the UN Disarmament Committee, the United Nations member states have developed a framework for responsible state behaviour that consists of the application of existing international law, norms of responsible state behavior, confidence, and capacity-building measures.

As a key element of this framework, the UN member states agreed that the existing international law offers sufficient guidance for state conduct in cyberspace, just as in any other domain of operations. The International Humanitarian Law and customary international law principles apply to states’ cyber activities, both during armed conflicts and in peacetime.

The voluntary non-binding norms of responsible state behavior agreed upon during the 2014-2015 UN Group of Governmental Experts (GGE) and elaborated further during the 2019-2021 GGE, offer important additional guidelines for states on resilience, cooperation, assistance and protection of their vital cyber assets.

The implementation of these norms contributes to cyber resilience and should be advanced globally. International law and cyber norms also provide a required reference framework for countries on how to respond to malicious cyber activities, as well as offer direction on related issues such as attribution of cyber operations, and assistance and cooperation options in case countries fall victim of cyber attacks.

At the UN level, there have been two distinct processes in the field of information and telecommunications in the context of international security: the Open Ended Working Group (OEWG) and the Governmental Group of Experts (GGE). The successive GGEs have developed norms of responsible state behavior in cyberspace, affirmed the applicability of international law, including International Humanitarian Law and human rights law in cyberspace, as well as stressed the key role of confidence and capacity-building measures. The OEWG in 2019-2021 has confirmed these elements as a basis for the framework of responsible state behavior in cyberspace.

The in-person event took place on September 27 on the premises of the Hasso-Plattner Institute in Potsdam.