ICT 4 Peace Foundation

Geneva Centre for Security Sector Governance

Acronym: DCAF

Address: Chemin Eugene-Rigot 2E, CH - 1211 Geneva 1

Website: https://dcaf.ch

DCAF, the Geneva Centre for Security Sector Governance, is dedicated to making states and people safer through more effective and accountable security and justice. Since 2000, DCAF has facilitated, driven, and shaped security sector reform (SSR) policy and programming worldwide.

Digital Activities

Cyberspace and cybersecurity have numerous implications for security provision, management, and oversight, which is why DCAF is engaged on these topics within its work. DCAF has implemented a cycle of policy projects to develop new norms and good practices in cyberspace. At the operational level, cybersecurity governance has become a prominent part of SSR programming.

Digital policy issues

Capacity development 

DCAF supported the drafting of the Global Counterterrorism Forum’s (GCTF) Zurich-London Recommendations on Preventing and Countering Violent Extremism (P/CVE) and Terrorism Online. Subsequently, it co-developed the Policy Toolkit, which transforms these recommendations into practical tools for states. DCAF applies the Policy Toolkit in its work in the Western Balkans, and several UN bodies – as well as the Organization for Security and Co-operation in Europe – are planning to incorporate it into their activities. DCAF has also developed a French language guide on good practices concerning cyberspace governance for the Ecole nationale à vocation régionale (ENVR) de la cybersécurité in Senegal, which is mainly targeted at cybersecurity practitioners in Francophone Africa.

DCAF contributes to effective and accountable cybersecurity in Europe and Central Asia by providing practical guidance and support for the governance of the cybersecurity sector; supporting the development of national and international legal and policy frameworks to promote good cybersecurity governance; and facilitating multistakeholder engagement in cybersecurity. This work is organised in several service lines: providing national cybersecurity assessments; developing policy advice; enhancing regional and transnational co-operation between cybersecurity authorities; building the capacity of Computer Emergency Response Teams (CERTs); promoting dialogue and co-ordination between state and non-state cybersecurity actors; and publishing policy research on good governance in cybersecurity. DCAF regularly works with partners, including the International Telecommunication Union (ITU), the Regional Cooperation Council, the OSCE, and DiploFoundation.

To increase the transparency and accountability of the security sector in the Middle East and North Africa, DCAF supports the automation of internal processes, information sharing, document management systems, and data visualisation and analysis in parliaments, ministries, public administrations, and oversight institutions. Furthermore, four online Sector Observatories (‘Marsads’) provide centralised information and analyses on the Tunisian, Libyan, Palestinian, and Egyptian security sectors and their actors, and three legal databases provide searchable online access to legislation governing the security sectors in Libya, Tunisia, and Palestine. Finally, DCAF has provided legal expertise to national oversight institutions in regard to possible privacy violations through and misuse of COVID-19 apps developed by national governments.

In 2016, DCAF developed a social media guide for ombuds institutions and the armed forces under their jurisdiction in order to support the use of social media as a safe and effective communication tool.

International Organization for Standardization

Acronym: ISO

Address: Chem. de Blandonnet 8, 1214 Vernier, Switzerland

Website: https://iso.org

Stakeholder group: International and regional organisations

The International Organization for Standardization (ISO) is a non-governmental international organisation composed of 165 national standard-setting bodies that are either part of governmental institutions or mandated by their respective governments. Each national standard-setting body therefore represents a member state.

After receiving a request from a consumer group or an industry association, ISO convenes an expert group tasked with the creation of a particular standard through a consensus process.

ISO develops international standards across a wide range of industries, including technology, food, and healthcare, in order to ensure that products and services are safe, reliable, of good quality, and ultimately, facilitate international trade. As such, it acts between the public and the private sector.

To date, ISO has published more than 22 000 standards.

Digital Activities

A large number of the international standards and related documents developed by ISO are related to information and communication technologies (ICTs), such as the Open Systems Interconnection (OSI) that was created in 1983 and established a universal reference model for communication protocols. The organisation is also active in the field of emerging technologies including blockchain, the Internet of Things (IoT), and artificial intelligence (AI).

The standards are developed by various technical committees dedicated to specific areas including information security, cybersecurity, privacy protection, AI, and intelligent transport systems.

Digital policy issues

Artificial intelligence 

The joint technical committee of ISO and the International Electrotechnical Commission (IEC) for AI is known as ISO/IEC JTC1/SC 42 Artificial intelligence and is responsible for the development of standards in this area. To date, it has published one standard specifically pertaining to AI with 18 others in development.

ISO/IEC TR 24028 provides an overview of trustworthiness in AI systems, detailing the associated threats and risks associated and addresses approaches on availability, resiliency, reliability, accuracy, safety, security, and privacy.

The standards under development include those that cover: concepts and terminology for AI (ISO/IEC 22989); bias in AI systems and AI-aided decision-making (ISO/IEC TR 24027); AI risk management (ISO/IEC 23894); a framework for AI systems using machine learning (ISO/IEC 23053); and the assessment of machine learning classification performance (ISO/IEC TS 4213).

Up-to-date information on the technical committee (e.g. scope, programme of work, contact details, etc.) can be found on the committee page.

Cloud computing 

ISO and IEC also have a joint committee for standards related to cloud computing which currently has 19 published standards and a further 7 in development.

Of those published, two standards of note include ISO/IEC 19086-1, which provides an overview, foundational concepts, and definitions for a cloud computing service level agreement framework, and ISO/IEC 17789, which specifies the cloud computing reference architecture.

Standards under development include those on health informatics (ISO/TR 21332.2); the audit of cloud services (ISO/IEC 22123-2.2); and data flow, categories, and use (ISO/IEC 19944-1).

Up-to-date information on the technical committee (e.g. scope, programme of work, contact details, etc.) can be found on the committee page.

Internet of things 

Recognising the ongoing developments in the field of IoT, ISO has a number of dedicated standards both published and in development, including those for intelligent transport systems (ISO 19079), future networks for IoT (ISO/IEC TR 29181-9), unique identification for IoT (ISO/IEC 29161), Internet of Media Things (ISO/IEC 23093-3), trustworthiness of IoT (ISO/IEC 30149), and industrial IoT systems (ISO/IEC 30162).

 IoT security is addressed in standards such as ISO/IEC 27001 and ISO/IEC 27002, which provide a common language for governance, risk, and compliance issues related to information security.

 In addition, there are seven standards under development, some of which provide a methodology for the trustworthiness of an IoT system or service (ISO/IEC 30147); a trustworthiness framework (ISO/IEC 30149); the requirements of an IoT data exchange platform for various IoT services (ISO/IEC 30161); and a real-time IoT framework (ISO/IEC 30165).

 Up-to-date information on the ISO and IEC joint technical committee for IoT (e.g. scope, programme of work, contact details, etc.) can be found on the committee page.

Telecommunications infrastructure 

ISO’s standardisation work in the field of telecommunications infrastructure covers areas such as planning and installation of networks (e.g. ISO/IEC 14763-2 and ISO/IEC TR 14763-2-1), corporate telecommunication networks (e.g. ISO/IEC 17343), local and metropolitan area networks (e.g. ISO/IEC/IEEE 8802-A), private integrated telecommunications networks (e.g. ISO/IEC TR 14475), and wireless networks. Next generation networks – packet-based public networks able to provide telecommunications services and make use of multiple quality of service enabled transport technology – are equally covered (e.g. ISO/IEC TR 26905).

ISO also has standards for the so-called future networks, which are intended to provide futuristic capabilities and services beyond the limitations of current networks, including the Internet.

Up-to-date information on the joint ISO and IEC technical committee that develops these standards (e.g. scope, programme of work, contact details, etc.) can be found on the committee page.

Blockchain 

ISO has published three standards on blockchain and distributed ledger technologies: ISO/TR 23455 gives an overview of smart contracts in blockchain and distributed ledger technologies; ISO/TR 23244 tackles privacy and personally identifiable information protection; and ISO 22739 covers fundamental blockchain terminology respectively.

ISO also has a further ten standards on blockchain in development. These include those related to: security risks, threats and vulnerabilities (ISO/TR 23245.2); security management of digital asset custodians (ISO/TR 23576); taxonomy and ontology (ISO/TS 23258); legally-binding smart contracts (ISO/TS 23259); and guidelines for governance (ISO/TS 23635).

Up-to-date information on the technical committee (e.g. scope, programme of work, contact details, etc.) can be found on the committee page.

Emerging technologies 

ISO develops standards in the area of emerging technologies. Perhaps the largest number of standards in this area are those related to robotics. ISO has more than 40 different standards either published or in development that cover issues such as: collaborative robots (e.g. ISO/TS 15066); safety requirements for industrial robots (e.g. ISO 10218-2); and personal care robots (e.g. ISO 13482).

Autonomous or so-called intelligent transport systems (ITS) standards are developed by ISO’s ITS Technical Committee and include those for forward vehicle collision warning systems (ISO 15623) and secure connections between trusted devices (ISO/TS 21185).

Standards are also being developed to address the use of virtual reality in learning, education, and training (e.g. ISO/IEC 23843) and the display device interface for augmented reality (ISO/IEC 23763).

Network security 

Information security and network security is also addressed by ISO and IEC standards. The ISO and IEC 27000 family of standards covers information security management systems and are used by organisations to secure information assets such as financial data, intellectual property, and employee information.

For example, ISO/IEC 27031 and ISO/IEC 27035 are specifically designed to help organisations respond, diffuse, and recover effectively from cyberattacks. ISO/IEC 27701 is an extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management, and details requirements and guidance for establishing, implementing, maintaining, and continually improving a Privacy Information Management System (PIMS).

Network security is also addressed by standards on technologies such as the IoT, smart community infrastructures, medical devices, localisation and tracking systems, and future networks.

Up-to-date information on the joint ISO and IEC technical committee (e.g. scope, programme of work, contact details, etc.) can be found on the committee page.

Encryption 

As more and more information (including sensitive personal data) is stored, transmitted, and processed online, the security, integrity, and confidentiality of such information becomes increasingly important. To this end, ISO has a number of standards for the encryption of data. For example, ISO/IEC 18033-1, currently under development, addresses the nature of encryption and describes certain general aspects of its use and properties. Other standards include ISO/IEC 19772 that covers authenticated encryption, ISO/IEC 18033-3 that specifies encryption systems (ciphers) for the purpose of data confidentiality, and ISO 19092 that allows for encryption of biometric data used for authentication of individuals in financial services for confidentiality or other reasons.

ISO also has standards that focus on identity-based ciphers, symmetric and asymmetric encryption, public key infrastructure, and many more related areas.

Data governance 

Big data is another area of ISO standardization, and around 80% of related standards are developed by the ISO/IEC AI committee. The terminology for big data-related standards is outlined in ISO/IEC 20546, while ISO/IEC 20547-3 covers big data reference architecture.

ISO/IEC TR 20547-2 provides examples of big data use cases with application domains and technical considerations and ISO/IEC TR 20547-5 details a roadmap of existing and future standards in this area. A further eight standards are in development and include those for big data security and privacy (ISO/IEC 27045), terminology used in big data within the scope of predictive analytics (ISO 3534-5), and data science life cycle (ISO/TR 23347).

Up-to-date information on the technical committee (e.g. scope, programme of work, contact details, etc.) can be found on the committee page.

Privacy and data protection 

Privacy and data protection in the context of ICTs is another area covered by ISO’s standardisation activities. One example is ISO/IEC 29101 which describes a privacy architecture framework.

Others include those for privacy-enhancing protocols and services for identification cards (ISO/IEC 19286); privacy protection requirements pertaining to learning, education, and training systems employing information technologies (ISO/IEC 29187-1); privacy aspects in the context of intelligent transport systems (ISO/TR 12859); and security and privacy requirements for health informatics (ISO/TS 14441).

Digital identities 

Digital signatures that validate digital identities help to ensure the integrity of data and authenticity of particulars in online transactions. This, therefore, contributes to the security of online applications and services. Standards to support this technology cover elements such as: anonymous digital signatures (e.g. ISO/IEC 20008-1 and ISO/IEC 20008-2); digital signatures for healthcare documents (e.g. ISO 17090-4 and ISO 17090-5); and blind digital signatures, which is where the content of the message to be signed is disguised, used in contexts where, for example, anonymity is required. Examples of such standards are ISO 18370-1 and ISO/IEC 18370-2.

Digital tools

ISO has developed an online browsing platform that provides up to date information on ISO standards, graphical symbols, publications, and terms and definitions.

Future of Meetings

Any reference to online or remote meetings?

Any reference to holding meetings outside HQ?

Any reference to deliberation or decision making online?

  • Yes, ISO governance groups are also meeting virtually.

University of Geneva

Acronym: UNIGE

Address: Rue De-Candolle 5, 1205 Genève, Switzerland

Website: https://unige.ch/

Stakeholder group: Academia & think tanks

The University of Geneva (UNIGE) offers more than 280 types of degrees and more than 250 continuing education programmes covering an extremely wide variety of fields across exact sciences, medicine, and humanities.

Digital activities

The university has incorporated digital technology into its strategy and appointed a vice-rector in charge of defining and piloting digital initiatives in the fields of education, research, and services to society. Its digital strategy focuses on three dimensions of digital technology: digital technology for teaching and research, digital solutions for open and connected science and digital expertise in the service fo society.

It also provides courses focusing on digital law, and it has been very active in research related to applied physics and quantum cryptography.

More information on the university’s digital strategy can be found at the dedicated page.

Digital policy issues

Capacity development 

 In an attempt to develop digital skills of its community, the University of Geneva has put in place a series of measures to meet the needs of its students, researchers, administrative staff, and other community members. To this end, the university offers a series of courses on digital technologies and related issues, participates in a number of projects, and provides training and workshops on particular digital skills and tools. It is also developing and deploying its Open Science roadmap.

Moreover, the university created a Digital Law Center (DLC) at the Faculty of Law over the course of implementing its digital strategy. The DLC provides courses focused on the Internet and law. It also organises its annual Digital Law Summer School, where participants can discuss digital law and policy issues such as cybersecurity, privacy, freedom of expression, and intellectual property with leading experts from academia and international organisations. Every year since 2016, the university has organised the Geneva Digital Law Research Colloquium (which is run by the DLC in co-operation with other leading academic centers, including the Berkman Klein Center for Internet and Society at Harvard University). This event is a scientific workshop that gives an opportunity to selected next generation digital law and policy researchers to present and discuss various digital policy issues such as freedom of expression online, copyright, and the Internet of Things with senior high level experts.

Leveraging its multidisciplinary culture, the university has recently created a transversal Data Science Competence Center aiming at federating competencies from all faculties and enabling cross-fertilisation between various disciplines to develop advanced research and services.

The university has also developed a Digital Innovation Incubation Programme that supports residency periods for its members at swissnex San Francisco to enhance the links with the Bay Area.

The university has created a portal for online and blended learning with a set of resources to help tutors prepare their courses and classes. Some of the resources are intended for self-training, while others provide users with training/coaching opportunities with University of Geneva e-learning and blended learning experts.

Digital tools

The university maintains an IT Service Catalogue where students can access all digital tools the university provides, such as the UNIGE Mobile App, UNIGE Portal, UNIGE’s data storage system, and many others.

The University of Geneva also offers a number of online courses.

 Future of Meetings

Any reference to online or remote meetings?

  • The university plans to extend its Zoom license, which was initially acquired for one semester, until the end of the 2020/2021 academic year. Some exams have taken place online.

Any reference to holding meetings outside HQ?

  • The university is using online platforms for e-conferences and plans to deploy them in order to provide alternatives to in-person meetings.

United Nations Institute for Disarmament Research

Acronym: UNIDIR

Address: Palais des Nations 1211 Geneva 10 Switzerland

Website: https://unidir.org

Stakeholder group: International and regional organisations

Founded in 1980, the United Nations Institute for Disarmament Research (UNIDIR) is an autonomous institute within the UN, conducting independent research on disarmament and related problems.

Digital Activities

UNIDIR is concerned with cybersecurity, such as threats and vulnerabilities related to information and communication technologies (ICTs), and the use of new technologies such as artificial intelligence (AI) applications in warfare. It supports the UN GGE and OEWG processes. It focuses on research and awareness raising on this topic with a broad range of stakeholders and maps the cybersecurity policy landscape.

Digital policy issues

Cybersecurity 

UNIDIR’s Security and Technology Programme (SecTec) builds knowledge and raises awareness on the security implications of new and emerging technologies. Cyber stability is one area of focus for UNIDIR. Key topics include electronic and cyberwarfare, the role of regional organisations in strengthening cybersecurity, and the exploitation of ICT threats and vulnerabilities. UNIDIR provides technical and expert advice to the chairpersons of the UN GGE and OEWG on norms, international law, confidence-building measures, capacity building, co-operation, and institutional dialogue. The annual cyber stability conference brings various stakeholders together to promote a secure and stable cyberspace and in particular the role of the UN GGE and OWEG. In addition, UNIDIR organises a series of workshops on the role of regional organisations in strengthening cybersecurity and cyber stability. The Cyber Policy Portal is an online confidence-building tool that maps the cybersecurity policy landscape, fostering transparency and reducing the risk of conflict in cyberspace.

Artificial intelligence 

‘AI and the weaponisation of increasingly autonomous technologies’ is one of the current research areas of UNIDIR, which aims to raise awareness and build capacities of various stakeholders, including member states, technical communities, academia, and the private sector. Research on AI covers a broad range of topics from human decision-making, autonomous vehicles, and swarm technologies.

Future of Meetings

Any reference to online or remote meetings?

Digital tools

Cyber Policy Portal

Internet Governance Forum

Acronym: IGF

Address: Villa Bocage Palais des Nations, CH-1211 Geneva 10 Switzerland

Website: https://intgovforum.org

Stakeholder group: International and regional organisations

The Internet Governance Forum (IGF) was established in Paragraph 72 of the Tunis Agenda of the World Summit on the Information Society (WSIS) as a forum for multistakeholder policy dialogue. The mandate of the Forum is to discuss public policy issues related to key elements of Internet governance, in order to foster the sustainability, robustness, security, stability, and development of the Internet. Even though the IGF is not a decision-making body, its great potential lies in open discussions among all stakeholders on challenges and best practices related to the use and evolution of the Internet.

Starting 2006, the IGF holds annual meetings: Athens (2006), Rio de Janeiro (2007), Hyderabad (2008), Sharm El Sheikh (2009), Vilnius (2010), Nairobi (2011), Baku (2012), Bali (2013), Istanbul (2014), João Pessoa (2015), Guadalajara (2016). The programme of the annual meeting and the general direction of the IGF work are deliberated by the Multistakeholder Advisory Group (MAG) to the UN Secretary General.

The IGF Secretariat, currently based at the United Nations Office at Geneva, conducts the preparations for the annual IGF meetings, coordinates the IGF intersessional activities (between two annual meetings), and assists the MAG in its work.

Geneva Centre for Security Policy

Acronym: GCSP

Address: Chemin Eugene-Rigot 2D, CH - 1211 Geneva 1, Switzerland

Website: https://gcsp.ch

Geneva Internet Platform

Acronym: GIP

Address: WMO Building, 7bis, Avenue de la Paix, CH-1202 Geneva, Switzerland

Website: https://giplatform.org

Stakeholder group: NGOs and associations

The Geneva Internet Plaform (GIP) is a Swiss initiative operated by DiploFoundation that strives to engage digital actors, foster digital governance, and monitor digital policies.

It aims to provide a neutral and inclusive space for digital policy debates, strengthen the participation of small and developing countries in Geneva-based digital policy processes, support activities of Geneva-based Internet governance (IG) and ICT institutions and initiatives, facilitate research for an evidence-based, multidisciplinary digital policy, bridge various policy silos, and provide tools and methods for in situ and online engagement that could be used by other policy spaces in International Geneva and worldwide. The GIP’s activities are implemented based on three pillars: a physical platform in Geneva, an online platform and observatory, and a dialogue lab.