BPF Cybersecurity 2018 Contributions

All stakeholders are invited to submit written contributions addressing the below questions and issues to the 2018 IGF BPF on Cybersecurity.

The initial drafting of the output document will begin on September 1st. This should be considered a soft deadline as contributions will be welcome on a rolling basis, particularly from IGF National and Regional Initiatives (NRIs) and from other relevant entities or organisations who may be holding meetings relating to cybersecurity prior to the IGF annual meeting in November. Contributions received past 15 September are not guaranteed for inclusion in the BPF's output document.

Contributions will be listed on the IGF website, then be compiled and synthesized by the Secretariat, and further circulated on the BPF mailing list and to the community for comment and further work towards an output document for the BPF to be presented at the 13th IGF in Paris, France from 12-14 November.

All individuals and organizations are asked to kindly try to keep their contributions to no more than 2-3 pages, and are encouraged to include URLs/Links to relevant information/examples/best practices as applicable. When including specific examples or detailed proposals, those may be included as an Appendix to the document.

***  Call for Contributions  ***

The 2018 IGF Best Practices Forum on Cybersecurity is a multistakeholder group focusing on the development of culture, norms and values in cybersecurity.

Norms have become a very important mechanism for states and non-state actors to agree on responsible behaviour in cyberspace. There are numerous initiatives under way in this regard, but with limited exceptions, such as the Global Conference on Cyberspace (GCCS) and the Global Commission on the Stability of Cyberspace (GCSC), most of these norms discussions happen in inter-state forums, and they do not always provide an open and inclusive mechanism for non-state actors to participate and to contribute. The Best Practices Forum is taking a multi-stakeholder view on the development of norms, both within and between participants of each IGF stakeholder community.

We are issuing this Call for Contributions to gain perspectives from all interested stakeholders on existing norms development efforts, how those norms are being implemented and whether they are successful. We’re also trying to understand whether differences in design and implementation may result in a “digital security divide”: a group of “haves” and “have-nots” in terms of the protection the norms offer.

To provide additional background, the Best Practices Forum has developed and released a Background paper on these issues.


1. How do you define a culture of cybersecurity?

2. What are typical values and norms that are important to you or your constituents?

3. Within your field of work, do you see organizations stand up and promote specific cybersecurity norms? This can be either norms at an inter-state level, or norms that only apply within your community or sector.

4. Are there examples of norms that have worked particularly well? Do you have case studies of norms that you have seen be effective at improving security?

5. Do you have examples of norms that have failed (they have not seen widespread adherence), or have had adverse effects (living up to the norm led to other issues)? ​

6. What effective methods do you know of implementing cybersecurity norms? Are there specific examples you have seen, or have had experience with?

7. Within your community, do you see a Digital Security Divide in which a set of users have better cyber security than others? Is this a divide between people or countries? What is the main driver of the divide?



Contributions will be published on the BPF webpage and included in the BPF’s output document. Please inform us here, should there be any limitations on the publication of your contribution, and indicate what title, organisation or contact person could be used to identify your contribution.


Please attach contributions as Word Documents (or other applicable non-PDF text) in an e-mail and send them to [email protected] .


Subscribe to the BPF Cybersecurity mailing list: https://intgovforum.org/mailman/listinfo/bpf-cybersecurity_intgovforum.org

Relevant reading:


***   Received Contributions   ***  (update 16 Oct)